Userspace helper to alter an ACL in a security descriptor for Common Internet File System (CIFS) rst2man-indent-level 0 rstReportMargin \ $1 \ n[an-margin] level \ n[rst2man-indent-level] level margin: \ n[rst2man-indent \ n[rst2man-indent-level]] - \ n[rst2man-indent0] \ n[rst2man-indent1] \ n[rst2man-indent2] INDENT RS \ $1 nr rst2man-indent \ n[rst2man-indent-level] \ n[an-margin] nr rst2man-indent-level +1 RE rst2man-indent-level -1
This tool is part of the cifs -utils suite. setcifsacl is a userspace helper program for the Linux CIFS client file system. It is intended to alter an ACL of a security descriptor for a file system object. Whether a security descriptor to be set is applied or not is determined by the CIFS/SMB server. This program uses a plugin to handle the mapping of user and group names to SIDs. /etc/cifs-utils/idmap -plugin should be a symlink that points to the correct plugin to use.
-h 0.0 3.5 Print usage message and exit. -v 0.0 3.5 Print version number and exit. -a 0.0 3.5 Add one or more ACEs to an ACL of a security descriptor. An ACE is added even if the same ACE exists in the ACL. -D 0.0 3.5 Delete one or more ACEs from an ACL of a security descriptor. Entire ACE has to match in an existing ACL for the listed ACEs to be deleted. -M 0.0 3.5 Modify one or more ACEs from an ACL of a security descriptor. SID and type are used to match for existing ACEs to be modified with the list of ACEs specified. -S 0.0 3.5 Set an ACL of security descriptor with the list of ACEs Existing ACL is replaced entirely with the specified ACEs. Every ACE entry starts with "ACL:" One or more ACEs are specified within double quotes. Multiple ACEs are separated by a comma. Following fields of an ACE can be modified with possible values: SID -Either a name or a raw SID value. type -ALLOWED (0x0), DENIED (0x1), OBJECT_ALLOWED (0x5), OBJECT_DENIED (0x6) flags -OBJECT_INHERIT_FLAG (OI or 0x1), CONTAINER_INHERIT_FLAG (CI or 0x2), NO_PROPAGATE_INHERIT_FLAG (NI or 0x4), INHERIT_ONLY_FLAG (IO or 0x8), INHERITED_ACE_FLAG (IA or 0x10) or a combination/OR of these values. mask -Either one of FULL, CHANGE, READ, a combination of R W X D P O, or a hex value