Provided by: cifs-utils_6.9-1ubuntu0.2_amd64 bug

NAME

       setcifsacl - Userspace helper to alter an ACL in a security descriptor for Common Internet
       File System (CIFS)

SYNOPSIS

          setcifsacl [-v|-a|-D|-M|-S] "{one or more ACEs}" {file system object}

DESCRIPTION

       This tool is part of the cifs-utils suite.

       setcifsacl is a userspace helper program for the Linux CIFS  client  file  system.  It  is
       intended  to  alter  an  ACL  of a security descriptor for a file system object. Whether a
       security descriptor to be set is applied or not is determined by the CIFS/SMB server.

       This program uses a plugin to handle  the  mapping  of  user  and  group  names  to  SIDs.
       /etc/cifs-utils/idmap-plugin should be a symlink that points to the correct plugin to use.

OPTIONS

       -h     Print usage message and exit.

       -v     Print version number and exit.

       -a     Add  one  or more ACEs to an ACL of a security descriptor.  An ACE is added even if
              the same ACE exists in the ACL.

       -D     Delete one or more ACEs from an ACL of a security descriptor.  Entire  ACE  has  to
              match in an existing ACL for the listed ACEs to be deleted.

       -M     Modify  one  or  more  ACEs from an ACL of a security descriptor.  SID and type are
              used to match for existing ACEs to be modified with the list of ACEs specified.

       -S     Set an ACL of security descriptor with the list of ACEs Existing  ACL  is  replaced
              entirely with the specified ACEs.

              Every  ACE  entry  starts  with "ACL:" One or more ACEs are specified within double
              quotes.  Multiple ACEs are separated by a comma.

              Following fields of an ACE can be modified with possible values:

              • SID - Either a name or a raw SID value.

              • type - ALLOWED (0x0), DENIED (0x1), OBJECT_ALLOWED (0x5), OBJECT_DENIED (0x6)

              • flags - OBJECT_INHERIT_FLAG (OI or  0x1),  CONTAINER_INHERIT_FLAG  (CI  or  0x2),
                NO_PROPAGATE_INHERIT_FLAG   (NI   or   0x4),   INHERIT_ONLY_FLAG   (IO  or  0x8),
                INHERITED_ACE_FLAG (IA or 0x10) or a combination/OR of these values.

              • mask  - Either one of FULL, CHANGE, READ, a combination of R W X D P O, or a  hex
                value.

EXAMPLES

   Add an ACE
          setcifsacl    -a    "ACL:CIFSTESTDOMuser2:DENIED/0x1/D"   <file_name>   setcifsacl   -a
          "ACL:CIFSTESTDOMuser1:ALLOWED/OI|CI|NI/D" <file_name>

   Delete an ACE
          setcifsacl -D "ACL:S-1-1-0:0x1/OI/0x1201ff" <file_name>

   Modify an ACE
          setcifsacl -M "ACL:CIFSTESTDOMuser1:ALLOWED/0x1f/CHANGE" <file_name>

   Set an ACL
          setcifsacl                                                                           -S
          "ACL:CIFSTESTDOMAdministrator:0x0/0x0/FULL,ACL:CIFSTESTDOMuser2:0x0/0x0/FULL"
          <file_name>

NOTES

       Kernel support for getcifsacl/setcifsacl utilities was initially introduced in the  2.6.37
       kernel.

SEE ALSO

       mount.cifs(8), getcifsacl(1)

AUTHOR

       Shirish Pargaonkar wrote the setcifsacl program.

       The  Linux  CIFS  Mailing  list  is  the  preferred place to ask questions regarding these
       programs.

                                                                                    SETCIFSACL(1)