Provided by: cifs-utils_6.9-1ubuntu0.2_amd64 bug


       setcifsacl - Userspace helper to alter an ACL in a security descriptor for Common Internet
       File System (CIFS)


          setcifsacl [-v|-a|-D|-M|-S] "{one or more ACEs}" {file system object}


       This tool is part of the cifs-utils suite.

       setcifsacl is a userspace helper program for the Linux CIFS  client  file  system.  It  is
       intended  to  alter  an  ACL  of a security descriptor for a file system object. Whether a
       security descriptor to be set is applied or not is determined by the CIFS/SMB server.

       This program uses a plugin to handle  the  mapping  of  user  and  group  names  to  SIDs.
       /etc/cifs-utils/idmap-plugin should be a symlink that points to the correct plugin to use.


       -h     Print usage message and exit.

       -v     Print version number and exit.

       -a     Add  one  or more ACEs to an ACL of a security descriptor.  An ACE is added even if
              the same ACE exists in the ACL.

       -D     Delete one or more ACEs from an ACL of a security descriptor.  Entire  ACE  has  to
              match in an existing ACL for the listed ACEs to be deleted.

       -M     Modify  one  or  more  ACEs from an ACL of a security descriptor.  SID and type are
              used to match for existing ACEs to be modified with the list of ACEs specified.

       -S     Set an ACL of security descriptor with the list of ACEs Existing  ACL  is  replaced
              entirely with the specified ACEs.

              Every  ACE  entry  starts  with "ACL:" One or more ACEs are specified within double
              quotes.  Multiple ACEs are separated by a comma.

              Following fields of an ACE can be modified with possible values:

              • SID - Either a name or a raw SID value.

              • type - ALLOWED (0x0), DENIED (0x1), OBJECT_ALLOWED (0x5), OBJECT_DENIED (0x6)

              • flags - OBJECT_INHERIT_FLAG (OI or  0x1),  CONTAINER_INHERIT_FLAG  (CI  or  0x2),
                NO_PROPAGATE_INHERIT_FLAG   (NI   or   0x4),   INHERIT_ONLY_FLAG   (IO  or  0x8),
                INHERITED_ACE_FLAG (IA or 0x10) or a combination/OR of these values.

              • mask  - Either one of FULL, CHANGE, READ, a combination of R W X D P O, or a  hex


   Add an ACE
          setcifsacl    -a    "ACL:CIFSTESTDOMuser2:DENIED/0x1/D"   <file_name>   setcifsacl   -a
          "ACL:CIFSTESTDOMuser1:ALLOWED/OI|CI|NI/D" <file_name>

   Delete an ACE
          setcifsacl -D "ACL:S-1-1-0:0x1/OI/0x1201ff" <file_name>

   Modify an ACE
          setcifsacl -M "ACL:CIFSTESTDOMuser1:ALLOWED/0x1f/CHANGE" <file_name>

   Set an ACL
          setcifsacl                                                                           -S


       Kernel support for getcifsacl/setcifsacl utilities was initially introduced in the  2.6.37


       mount.cifs(8), getcifsacl(1)


       Shirish Pargaonkar wrote the setcifsacl program.

       The  Linux  CIFS  Mailing  list  is  the  preferred place to ask questions regarding these