Provided by: cifs-utils_5.1-1ubuntu1_i386 bug

NAME

       setcifsacl - Userspace helper to alter an ACL in a security descriptor
       for Common Internet File System (CIFS)

SYNOPSIS

       setcifsacl [-v|-a|-D|-M|-S] "{one or more ACEs}" {file system object}

DESCRIPTION

       This tool is part of the cifs-utils suite.

       setcifsacl is a userspace helper program for the Linux CIFS client file
       system.  It is intended to alter an ACL of a security descriptor for a
       file system object.  It is best utilized when an option of cifsacl is
       specified when mounting a cifs share in conjunction with winbind
       facility of Samba suite.  Whether a security descriptor to be set is
       applied or not is determined by the CIFS/SMB server.

OPTIONS

       -v
           Print version number and exit.
       -a
           Add one or more ACEs to an ACL of a security descriptor.  An ACE is
           added even if the same ACE exists in the ACL.
       -D
           Delete one or more ACEs from an ACL of a security descriptor.
           Entire ACE has to match in an existing ACL for the listed ACEs to
           be deleted.
       -M
           Modify one or more ACEs from an ACL of a security descriptor.  SID
           and type are used to match for existing ACEs to be modified with
           the list of ACEs specified.
       -S
           Set an ACL of security descriptor with the list of ACEs Existing
           ACL is replaced entirely with the specified ACEs.

       Every ACE entry starts with "ACL:" One or more ACEs are specified
       within double quotes.  Multiple ACEs are separated by a comma.

       Following fields of an ACE can be modified with possible values:

       SID: Either a name or a raw SID value.

       type: ALLOWED (0x0), DENIED (0x1), OBJECT_ALLOWED (0x5), OBJECT_DENIED
       (0x6)

       flags: OBJECT_INHERIT_FLAG (OI or 0x1), CONTAINER_INHERIT_FLAG (CI or
       0x2), NO_PROPAGATE_INHERIT_FLAG (NI or 0x4), INHERIT_ONLY_FLAG (IO or
       0x8), INHERITED_ACE_FLAG (IA or 0x10) or a combination/OR of these
       values.

       mask: Either one of FULL, CHANGE, READ, a combination of R W X D P O,
       or a hex value

SEE ALSO

       mount.cifs(8), winbindd(8), getcifsacl(8)

EXAMPLES

       Add an ACE
       setcifsacl -a "ACL:CIFSTESTDOM\user2:DENIED/0x1/D" <file_name>
       setcifsacl -a "ACL:CIFSTESTDOM\user1:ALLOWED/OI|CI|NI/D" <file_name>

       Delete an ACE
       setcifsacl -D "ACL:S-1-1-0:0x1/OI/0x1201ff" <file_name>

       Modify an ACE
       setcifsacl -M "ACL:CIFSTESTDOM\user1:ALLOWED/0x1f/CHANGE" <file_name>

       Set an ACL
       setcifsacl -S "ACL:CIFSTESTDOM\Administrator:0x0/0x0/FULL,
       ACL:CIFSTESTDOM\user2:0x0/0x0/FULL," <file_name>

AUTHOR

       Shirish Pargaonkar wrote the setcifsacl program.

       The Linux CIFS Mailing list is the preferred place to ask questions
       regarding these programs.