smbcacls
Manage Windows ACLs on SMB file shares
TLDR
Display ACLs for a file on SMB share
SYNOPSIS
smbcacls //server/share filename [OPTIONS]
DESCRIPTION
smbcacls manipulates Windows NT Access Control Lists (ACLs) on SMB/CIFS file shares. It allows viewing, modifying, and managing file permissions on remote Windows or Samba shares from the Linux command line.
An ACL consists of Access Control Entries (ACEs) that define permissions for specific users or groups. The tool supports standard Windows permission operations including ownership changes and inheritance management.
PARAMETERS
-a, --add acl
Add ACE entries without modifying existing ones-M, --modify acl
Modify permission masks for specified ACEs-D, --delete acl
Delete specified ACE entries-S, --set acl
Replace entire ACL with new entries-C, --chown name
Change file/directory owner-G, --chgrp name
Change group ownership-I, --inherit allow|remove|copy
Enable, remove, or copy inherited permissions--recurse
Apply operations recursively to directories--numeric
Display ACLs in numeric format--sddl
Use SDDL format for input/output--save file
Save DACLs to file for later restoration--restore file
Restore DACLs from saved file-U, --user username
SMB username (format: user%password or domain\\user%password)-W, --workgroup domain
Set SMB workgroup/domain-d, --debuglevel level
Debug verbosity (0-10)
CAVEATS
Requires appropriate permissions on the share to modify ACLs. ACL format follows Windows SDDL (Security Descriptor Definition Language) conventions. Some operations require administrative privileges on the target share. Kerberos authentication may be needed for domain environments.
HISTORY
smbcacls is part of the Samba suite, originally developed by Andrew Tridgell starting in 1992. Samba provides Windows interoperability for Unix/Linux systems. The smbcacls utility enables Unix administrators to manage Windows-style permissions without requiring a Windows workstation.
SEE ALSO
smbclient(1), mount.cifs(8), getfacl(1), setfacl(1)