Changeset 988 for vendor/current/docs/manpages/smbcacls.1

Timestamp:

Nov 24, 2016, 1:14:11 PM (9 years ago)

Author:

Silvan Scherrer

Message:

Samba Server: update vendor to version 4.4.3

File:

• vendor/current/docs/manpages/smbcacls.1 (modified) (9 diffs)

vendor/current/docs/manpages/smbcacls.1

@@ -2 +2 @@
 .\"     Title: smbcacls
 .\"    Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\"      Date: 09/18/2013
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\"      Date: 05/02/2016
 .\"    Manual: User Commands
-.\"    Source: Samba 3.6
+.\"    Source: Samba 4.4
 .\"  Language: English
 .\"
-.TH "SMBCACLS" "1" "09/18/2013" "Samba 3\&.6" "User Commands"
+.TH "SMBCACLS" "1" "05/02/2016" "Samba 4\&.4" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
@@ -32 +32 @@
 .SH "SYNOPSIS"
 .HP \w'\ 'u
-smbcacls {//server/share} {/filename} [\-D|\-\-delete\ acls] [\-M|\-\-modify\ acls] [\-a|\-\-add\ acls] [\-S|\-\-set\ acls] [\-C|\-\-chown\ name] [\-G|\-\-chgrp\ name] [\-I\ allow|romove|copy] [\-\-numeric] [\-t] [\-U\ username] [\-h] [\-d]
+smbcacls {//server/share} {/filename} [\-D|\-\-delete\ acl] [\-M|\-\-modify\ acl] [\-a|\-\-add\ acl] [\-S|\-\-set\ acl] [\-C|\-\-chown\ name] [\-G|\-\-chgrp\ name] [\-I\ allow|remove|copy] [\-\-numeric] [\-t] [\-U\ username] [\-d] [\-e] [\-m|\-\-max\-protocol\ LEVEL] [\-\-query\-security\-info\ FLAGS] [\-\-set\-security\-info\ FLAGS] [\-\-sddl] [\-\-domain\-sid\ SID]
 .SH "DESCRIPTION"
 .PP
@@ -41 +41 @@
 The
 smbcacls
-program manipulates NT Access Control Lists (ACLs) on SMB file shares\&.
+program manipulates NT Access Control Lists (ACLs) on SMB file shares\&. An ACL is comprised zero or more Access Control Entries (ACEs), which define access restrictions for a specific user or group\&.
 .SH "OPTIONS"
 .PP
@@ -48 +48 @@
 program\&. The format of ACLs is described in the section ACL FORMAT
 .PP
-\-a|\-\-add acls
-.RS 4
-Add the ACLs specified to the ACL list\&. Existing access control entries are unchanged\&.
-.RE
-.PP
-\-M|\-\-modify acls
-.RS 4
-Modify the mask value (permissions) for the ACLs specified on the command line\&. An error will be printed for each ACL specified that was not already present in the ACL list
-.RE
-.PP
-\-D|\-\-delete acls
-.RS 4
-Delete any ACLs specified on the command line\&. An error will be printed for each ACL specified that was not already present in the ACL list\&.
-.RE
-.PP
-\-S|\-\-set acls
-.RS 4
-This command sets the ACLs on the file with only the ones specified on the command line\&. All other ACLs are erased\&. Note that the ACL specified must contain at least a revision, type, owner and group for the call to succeed\&.
+\-a|\-\-add acl
+.RS 4
+Add the entries specified to the ACL\&. Existing access control entries are unchanged\&.
+.RE
+.PP
+\-M|\-\-modify acl
+.RS 4
+Modify the mask value (permissions) for the ACEs specified on the command line\&. An error will be printed for each ACE specified that was not already present in the object\*(Aqs ACL\&.
+.RE
+.PP
+\-D|\-\-delete acl
+.RS 4
+Delete any ACEs specified on the command line\&. An error will be printed for each ACE specified that was not already present in the object\*(Aqs ACL\&.
+.RE
+.PP
+\-S|\-\-set acl
+.RS 4
+This command sets the ACL on the object with only what is specified on the command line\&. Any existing ACL is erased\&. Note that the ACL specified must contain at least a revision, type, owner and group for the call to succeed\&.
 .RE
 .PP
@@ -98 +98 @@
 .RE
 .PP
+\-m|\-\-max\-protocol PROTOCOL_NAME
+.RS 4
+This allows the user to select the highest SMB protocol level that smbcacls will use to connect to the server\&. By default this is set to NT1, which is the highest available SMB1 protocol\&. To connect using SMB2 or SMB3 protocol, use the strings SMB2 or SMB3 respectively\&. Note that to connect to a Windows 2012 server with encrypted transport selecting a max\-protocol of SMB3 is required\&.
+.RE
+.PP
 \-t|\-\-test\-args
 .RS 4
@@ -103 +108 @@
 .RE
 .PP
-\-h|\-\-help
-.RS 4
-Print a summary of command line options\&.
-.RE
-.PP
-\-d|\-\-debuglevel=level
-.RS 4
-\fIlevel\fR
-is an integer from 0 to 10\&. The default value if this parameter is not specified is 0\&.
-.sp
-The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day\-to\-day running \- it generates a small amount of information about operations carried out\&.
-.sp
-Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
-.sp
-Note that specifying this parameter here will override the
-\m[blue]\fBlog level\fR\m[]
-parameter in the
-smb\&.conf
-file\&.
-.RE
-.PP
-\-V|\-\-version
-.RS 4
-Prints the program version number\&.
-.RE
-.PP
-\-s|\-\-configfile <configuration file>
-.RS 4
-The file specified contains the configuration details required by the server\&. The information in this file includes server\-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See
-smb\&.conf
-for more information\&. The default configuration file name is determined at compile time\&.
-.RE
-.PP
-\-l|\-\-log\-basename=logdirectory
-.RS 4
-Base directory name for log/debug files\&. The extension
-\fB"\&.progname"\fR
-will be appended (e\&.g\&. log\&.smbclient, log\&.smbd, etc\&.\&.\&.)\&. The log file is never removed by the client\&.
-.RE
-.PP
-\-N|\-\-no\-pass
-.RS 4
-If specified, this parameter suppresses the normal password prompt from the client to the user\&. This is useful when accessing a service that does not require a password\&.
-.sp
-Unless a password is specified on the command line or this parameter is specified, the client will request a password\&.
-.sp
-If a password is specified on the command line and this option is also defined the password on the command line will be silently ingnored and no password will be used\&.
-.RE
-.PP
-\-k|\-\-kerberos
-.RS 4
-Try to authenticate with kerberos\&. Only useful in an Active Directory environment\&.
-.RE
-.PP
-\-C|\-\-use\-ccache
-.RS 4
-Try to use the credentials cached by winbind\&.
-.RE
-.PP
-\-A|\-\-authentication\-file=filename
-.RS 4
-This option allows you to specify a file from which to read the username and password used in the connection\&. The format of the file is
-.sp
-.if n \{\
-.RS 4
-.\}
-.nf
-username = <value>
-password = <value>
-domain   = <value>
-.fi
-.if n \{\
-.RE
-.\}
-.sp
-Make certain that the permissions on the file restrict access from unwanted users\&.
-.RE
-.PP
-\-U|\-\-user=username[%password]
-.RS 4
-Sets the SMB username or username and password\&.
-.sp
-If %password is not specified, the user will be prompted\&. The client will first check the
-\fBUSER\fR
-environment variable, then the
-\fBLOGNAME\fR
-variable and if either exists, the string is uppercased\&. If these environmental variables are not found, the username
-\fBGUEST\fR
-is used\&.
-.sp
-A third option is to use a credentials file which contains the plaintext of the username and password\&. This option is mainly provided for scripts where the admin does not wish to pass the credentials on the command line or via environment variables\&. If this method is used, make certain that the permissions on the file restrict access from unwanted users\&. See the
-\fI\-A\fR
-for more details\&.
-.sp
-Be cautious about including passwords in scripts\&. Also, on many systems the command line of a running process may be seen via the
-ps
-command\&. To be safe always allow
-rpcclient
-to prompt for a password and type it in directly\&.
+\-\-query\-security\-info FLAGS
+.RS 4
+The security\-info flags for queries\&.
+.RE
+.PP
+\-\-set\-security\-info FLAGS
+.RS 4
+The security\-info flags for queries\&.
+.RE
+.PP
+\-\-sddl
+.RS 4
+Output and input acls in sddl format\&.
+.RE
+.PP
+\-\-domain\-sid SID
+.RS 4
+SID used for sddl processing\&.
 .RE
 .SH "ACL FORMAT"
 .PP
-The format of an ACL is one or more ACL entries separated by either commas or newlines\&. An ACL entry is one of the following:
+The format of an ACL is one or more entries separated by either commas or newlines\&. An ACL entry is one of the following:
 .PP
 .if n \{\
@@ -225 +149 @@
 The owner and group specify the owner and group sids for the object\&. If a SID in the format S\-1\-x\-y\-z is specified this is used, otherwise the name specified is resolved using the server on which the file or directory resides\&.
 .PP
-ACLs specify permissions granted to the SID\&. This SID again can be specified in S\-1\-x\-y\-z format or as a name in which case it is resolved against the server on which the file or directory resides\&. The type, flags and mask values determine the type of access granted to the SID\&.
-.PP
-The type can be either ALLOWED or DENIED to allow/deny access to the SID\&. The flags values are generally zero for file ACLs and either 9 or 2 for directory ACLs\&. Some common flags are:
+ACEs are specified with an "ACL:" prefix, and define permissions granted to an SID\&. The SID again can be specified in S\-1\-x\-y\-z format or as a name in which case it is resolved against the server on which the file or directory resides\&. The type, flags and mask values determine the type of access granted to the SID\&.
+.PP
+The type can be either ALLOWED or DENIED to allow/deny access to the SID\&. The flags values are generally zero for file ACEs and either 9 or 2 for directory ACEs\&. Some common flags are:
 .sp
 .RS 4
@@ -275 +199 @@
 .RE
 .PP
-At present flags can only be specified as decimal or hexadecimal values\&.
+At present, flags can only be specified as decimal or hexadecimal values\&.
 .PP
 The mask is a value which expresses the access right granted to the SID\&. It can be given as a decimal or hexadecimal value, or by using one of the following text strings which map to the NT file permissions of the same name\&.
@@ -401 +325 @@
 .SH "VERSION"
 .PP
-This man page is correct for version 3 of the Samba suite\&.
+This man page is correct for version 4 of the Samba suite\&.
 .SH "AUTHOR"
 .PP