Welcome to Linux Knowledge Base and Tutorial
"The place where you learn linux"
No Starch Press

 Create an AccountHome | Submit News | Your Account  

Tutorial Menu
Linux Tutorial Home
Table of Contents

· Introduction to Operating Systems
· Linux Basics
· Working with the System
· Shells and Utilities
· Editing Files
· Basic Administration
· The Operating System
· The X Windowing System
· The Computer Itself
· Networking
· System Monitoring
· Solving Problems
· Security
· Installing and Upgrading
· Linux and Windows

Man Pages
Linux Topics
Test Your Knowledge

Site Menu
Site Map
Copyright Info
Terms of Use
Privacy Info
Masthead / Impressum
Your Account

Private Messages

News Archive
Submit News
User Articles
Web Links


The Web

Who's Online
There are currently, 80 guest(s) and 0 member(s) that are online.

You are an Anonymous user. You can register for free by clicking here




       smbcacls //server/share filename [ -U  username  ]   [  -A
       acls ]  [ -M acls ]  [ -D acls ]  [ -S acls ]  [ -C name ]
       [ -G name ]  [ -n ]  [ -h ]


       This tool is part of the  Samba suite.

       The smbcacls program manipulates NT Access  Control  Lists
       (ACLs) on SMB file shares.


       The  following  options are available to the smbcacls pro­
       gram.  The format of ACLs is described in the section  ACL

       -A acls
              Add  the  ACLs  specified to the ACL list. Existing
              access control entries are unchanged.

       -M acls
              Modify the mask value (permissions)  for  the  ACLs
              specified  on  the  command  line. An error will be
              printed for each ACL specified that was not already
              present in the ACL list

       -D acls
              Delete  any ACLs specified on the command line.  An
              error will be printed for each ACL  specified  that
              was not already present in the ACL list.

       -S acls
              This  command  sets  the ACLs on the file with only
              the ones specified on the command line.  All  other
              ACLs  are  erased. Note that the ACL specified must
              contain at least a revision, type, owner and  group
              for the call to succeed.

       -U username
              Specifies  a username used to connect to the speci­
              fied service. The  username  may  be  of  the  form
              "username"  in  which  case the user is prompted to
              enter in a password and the workgroup specified  in
              the  smb.conf  file is used, or "username%password"
              or "DOMAIN\username%password" and the password  and
              workgroup names are used as provided.

       -C name
              The  owner of a file or directory can be changed to
              the name given using the -C option.  The  name  can
              be  a  sid in the form S-1-x-y-z or a name resolved
              format. The default is to convert SIDs to names and
              ACE types and masks to a readable string format.

       -h     Print usage information on the smbcacls program.


       The  format of an ACL is one or more ACL entries separated
       by either commas or newlines. An ACL entry is one  of  the

       REVISION:<revision number>
       OWNER:<sid or name>
       GROUP:<sid or name>
       ACL:<sid or name>:<type>/<flags>/<mask>

       The  revision of the ACL specifies the internal Windows NT
       ACL revision for the security descriptor.  If  not  speci­
       fied it defaults to 1. Using values other than 1 may cause
       strange behaviour.

       The owner and group specify the owner and group  sids  for
       the  object.  If a SID in the format CWS-1-x-y-z is speci­
       fied  this  is  used,  otherwise  the  name  specified  is
       resolved  using  the server on which the file or directory

       ACLs specify permissions granted  to  the  SID.  This  SID
       again  can be specified in CWS-1-x-y-z format or as a name
       in which case it is resolved against the server  on  which
       the  file  or  directory resides. The type, flags and mask
       values determine the type of access granted to the SID.

       The type can be either 0 or 1 corresponding to ALLOWED  or
       DENIED  access  to the SID. The flags values are generally
       zero for file ACLs and either 9 or 2 for  directory  ACLs.
       Some common flags are:

       · #define SEC_ACE_FLAG_OBJECT_INHERIT 0x1



       · #define SEC_ACE_FLAG_INHERIT_ONLY 0x8

       At  present flags can only be specified as decimal or hex­
       adecimal values.

       · D - Delete the object

       · P - Change permissions

       · O - Take ownership

       The following combined permissions can be specified:

       · READ - Equivalent to 'RX' permissions

       · CHANGE - Equivalent to 'RXWD' permissions

       · FULL - Equivalent to 'RWXDPO' permissions


       The smbcacls program sets the exit status depending on the
       success  or  otherwise  of  the operations performed.  The
       exit status may be one of the following values.

       If the operation succeeded, smbcacls returns and exit sta­
       tus  of  0.  If smbcacls couldn't connect to the specified
       server, or there was an error getting or setting the ACLs,
       an  exit  status  of  1 is returned. If there was an error
       parsing any command line arguments, an exit status of 2 is


       This  man  page  is  correct  for version 2.2 of the Samba


       The original Samba software  and  related  utilities  were
       created  by Andrew Tridgell. Samba is now developed by the
       Samba Team as an Open Source project similar  to  the  way
       the Linux kernel is developed.

       smbcacls was written by Andrew Tridgell and Tim Potter.

       The conversion to DocBook for Samba 2.2 was done by Gerald

                         19 November 2002             SMBCACLS(1)
Help us cut cost by not downloading the whole site!
Use of automated download sofware ("harvesters") such as wget, httrack, etc. causes the site to quickly exceed its bandwidth limitation and therefore is expressedly prohibited. For more details on this, take a look here



Security Code
Security Code
Type Security Code

Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.

Help if you can!

Amazon Wish List

Did You Know?
The Linux Tutorial welcomes your suggestions and ideas.


Tell a Friend About Us

Bookmark and Share

Web site powered by PHP-Nuke

Is this information useful? At the very least you can help by spreading the word to your favorite newsgroups, mailing lists and forums.
All logos and trademarks in this site are property of their respective owner. The comments are property of their posters. Articles are the property of their respective owners. Unless otherwise stated in the body of the article, article content (C) 1994-2013 by James Mohr. All rights reserved. The stylized page/paper, as well as the terms "The Linux Tutorial", "The Linux Server Tutorial", "The Linux Knowledge Base and Tutorial" and "The place where you learn Linux" are service marks of James Mohr. All rights reserved.
The Linux Knowledge Base and Tutorial may contain links to sites on the Internet, which are owned and operated by third parties. The Linux Tutorial is not responsible for the content of any such third-party site. By viewing/utilizing this web site, you have agreed to our disclaimer, terms of use and privacy policy. Use of automated download software ("harvesters") such as wget, httrack, etc. causes the site to quickly exceed its bandwidth limitation and are therefore expressly prohibited. For more details on this, take a look here

PHP-Nuke Copyright © 2004 by Francisco Burzi. This is free software, and you may redistribute it under the GPL. PHP-Nuke comes with absolutely no warranty, for details, see the license.
Page Generation: 0.11 Seconds