# smbcacls

## spaz_yo

OK, maybe a silly question but I am having a hard time with the syntax of smbcacls, can anyone give me a hand, possibly some examples, the man page just isn't helping. thanks

----------

## curtis119

An example to set an acl (resets the acl entries) for <user> to have full access to <somefileorfolder> on <SERVER>:

```

smbcacls -U <user> -S ACL:<user>:ALLOWED/16/FULL //<SERVER>/<somefileorfolder>

```

----------

## spaz_yo

him, still having a hard time with this here is what I tried

smbcacls -U spaz -S ACL:itlocal:ALLOWED/16/FULL //mspaz/ shareme

spaz is the user

mspaz is the name of the pc on the domain

but I always receive the following error message, i must be messing up my syntax

failed session setup with NT_STATUS_LOGON_FAILURE

cli_full_connection failed! (NT_STATUS_LOGON_FAILURE)

any suggestions??

----------

## spaz_yo

ahhh just got this error message....

NT_TRANSACT_SET_SECURITY_DESC failed

ERROR: secdesc set failed: NT_STATUS_ACCESS_DENIED

???

----------

## spaz_yo

ah ha....ok I am totall starting to get this

smbcacls -U spaz -S ACL:itlocal:ALLOWED/16/FULL //mspaz/shareme test.txt

ok, so I use the password for "spaz" on the domain, and clear all ACLs and add full control for Domain user itlocal to file test.txt

cool, so that totally works, but how do I do the folder shareme instead of files specifically  within it?

----------

## curtis119

//mspaz/shareme

shareme is the actual share itself. You have to set up the permisions for that on the share level not on the directory/file level.

If the server (mspaz) is a windows server then you need to use the Microsoft Managment Console(MMC from the run box) and set the permissions of the share. If mspaz is a Samba box then you need to edit the share in /etc/samba/samba.conf. But you probably don't want to do this either way. Shares aren't meant to control file permissions like this. What you should do is create a directory in the share and then set the ACL for that directory. 

Hope this helps.

----------

## spaz_yo

so, if I create a share, on lets say the PDC (samba) computer, using the smb.conf, I will then want to set ACLS on the files and subdirectors within it correct? IF so I should use smbscacls to do this?

----------

## curtis119

 *spaz_yo wrote:*   

> so, if I create a share, on lets say the PDC (samba) computer, using the smb.conf, I will then want to set ACLS on the files and subdirectors within it correct? IF so I should use smbscacls to do this?

 

Yes exactly.

You can use smbcacls to set the ACL's on a file/folder on a samba share but you can also use the tools on a windows machine as well. To windows the samba server appears just like any other windows server. In windows you can just connect to the share with the run dialog or with network neighborhood and right click the file/folder and choose security and set the ACL. Just like you would if the file/folder was on a real windows server.

----------

