From patchwork Sat Aug 20 03:27:55 2011
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
X-Patchwork-Id: 1082272
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by demeter2.kernel.org (8.14.4/8.14.4) with ESMTP id p7K3LdTr023075
	for <patchwork-linux-cifs@patchwork.kernel.org>;
	Sat, 20 Aug 2011 03:22:20 GMT
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1754921Ab1HTDWT (ORCPT
	<rfc822;patchwork-linux-cifs@patchwork.kernel.org>);
	Fri, 19 Aug 2011 23:22:19 -0400
Received: from mail-gx0-f174.google.com ([209.85.161.174]:48244 "EHLO
	mail-gx0-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1753952Ab1HTDWT (ORCPT
	<rfc822; linux-cifs@vger.kernel.org>); Fri, 19 Aug 2011 23:22:19 -0400
Received: by gxk21 with SMTP id 21so2621616gxk.19
	for <linux-cifs@vger.kernel.org>;
	Fri, 19 Aug 2011 20:22:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=from:to:cc:subject:date:message-id:x-mailer;
	bh=siGQ6dY3R9W5DJ7qzTmaCiZ7OOR226HNelszW0mbRtg=;
	b=ZCyfTKrgvVu7KNxEwab1qDovmszP4/wn2rDQusuyY9uOuuRr9tvFv9Y38ClZKBVU44
	wO1ecRLqe14R+QD7pFu1/GKQEUQAR1HmNhsTmu3Vt5JTVqyRwzI60tRFWWmGMPCZjFlI
	Mq0fzu3pbLF99bqiGHnLJFckmRpDglPej3iqk=
Received: by 10.150.91.12 with SMTP id o12mr90049ybb.337.1313810538213;
	Fri, 19 Aug 2011 20:22:18 -0700 (PDT)
Received: from localhost ([32.97.110.58])
	by mx.google.com with ESMTPS id m3sm730103ybg.11.2011.08.19.20.22.16
	(version=TLSv1/SSLv3 cipher=OTHER);
	Fri, 19 Aug 2011 20:22:17 -0700 (PDT)
From: shirishpargaonkar@gmail.com
To: jlayton@samba.org
Cc: linux-cifs@vger.kernel.org,
	Shirish Pargaonkar <shirishpargaonkar@gmail.com>
Subject: [PATCH 5/5] cifs-utils: cifsacl utilities: Add man pages for
	getcifsacl and setcifsacl
Date: Fri, 19 Aug 2011 22:27:55 -0500
Message-Id: <1313810875-2363-1-git-send-email-shirishpargaonkar@gmail.com>
X-Mailer: git-send-email 1.6.0.2
Sender: linux-cifs-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-cifs.vger.kernel.org>
X-Mailing-List: linux-cifs@vger.kernel.org
X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by
	milter-greylist-4.2.6 (demeter2.kernel.org [140.211.167.43]);
	Sat, 20 Aug 2011 03:22:20 +0000 (UTC)

From: Shirish Pargaonkar <shirishpargaonkar@gmail.com>


Man pages for utilities getcifsacl and setcifsacl with a slight
modification to mount.cifs manpage.


Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
---
 getcifsacl.8.in |   54 +++++++++++++++++++++++++++++
 mount.cifs.8    |    2 +-
 setcifsacl.8.in |  103 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 158 insertions(+), 1 deletions(-)
 create mode 100644 getcifsacl.8.in
 create mode 100644 setcifsacl.8.in

diff --git a/getcifsacl.8.in b/getcifsacl.8.in
new file mode 100644
index 0000000..70e19cf
--- /dev/null
+++ b/getcifsacl.8.in
@@ -0,0 +1,54 @@
+'\" t
+.\"     Title: cifs.idmap
+.\"    Author: [see the "AUTHOR" section]
+.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
+.\"      Date: 08/19/2011
+.\"    Manual: System Administration tools
+.\"    Source: cifs-utils 4.0
+.\"  Language: English
+.\"
+.TH "GETCIFSACL" "8" "08/19/2011" "cifs-utils 4\&.0" "System Administration tools"
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+getcifsacl \- Userspace helper to display an ACL in a security descriptor for Common Internet File System (CIFS)
+.SH "SYNOPSIS"
+.HP \w'\ 'u
+getcifsacl [\-v|\-r] {file system object}
+.SH "DESCRIPTION"
+.PP
+This tool is part of the cifs-utils suite\&.
+.PP
+getcifsacl is a userspace helper program for the Linux CIFS client file system.  It is intended to display a security descriptor including ACL for a file system object.  It is best utilized when an option of cifsacl is specified when mounting a cifs share.
+.PP
+Fields of an ACE such as SID, type, flags, and mask are displayed separated by /.  Numeric values of type, flags, and mask are displayed in hexadecimal format.
+.SH "OPTIONS"
+.PP
+\-v
+.RS 4
+Print version number and exit\&.
+.RE
+\-r
+.RS 4
+Display a security descriptor in raw mode. Values such as type and flags are displayed in hexadecimal format, a SID is not mapped to a name.
+.RE
+.SH "SEE ALSO"
+.PP
+\fBmount.cifs\fR(8)
+\fBsetcifsacl\fR(8),
+.PP
+.SH "AUTHOR"
+.PP
+Shirish Pargaonkar wrote the getcifsacl program\&.
+.PP
+The
+Linux CIFS Mailing list
+is the preferred place to ask questions regarding these programs\&.
diff --git a/mount.cifs.8 b/mount.cifs.8
index 95933e5..64a8b64 100644
--- a/mount.cifs.8
+++ b/mount.cifs.8
@@ -532,7 +532,7 @@ winbind support configured via nsswitch.conf(5) and smb.conf(5)
 .RE
 Please refer to the respective manpages of cifs.idmap(8) and winbindd(8) for more information.
 
-Security descriptors for a file object can be retrieved and set directly using extended attribute named system.cifs_acl. The security descriptors presented via this interface are "raw" blobs of data and need a userspace utility to either parse and format or to assemble it.
+Security descriptors for a file object can be retrieved and set directly using extended attribute named system.cifs_acl. The security descriptors presented via this interface are "raw" blobs of data and need a userspace utility to either parse and format or to assemble it such as getcifsacl(8) and setcifsacl(8) respectively.
 
 Some of the things to consider while using this mount option:
 .sp
diff --git a/setcifsacl.8.in b/setcifsacl.8.in
new file mode 100644
index 0000000..0812250
--- /dev/null
+++ b/setcifsacl.8.in
@@ -0,0 +1,103 @@
+'\" t
+.\"     Title: cifs.idmap
+.\"    Author: [see the "AUTHOR" section]
+.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
+.\"      Date: 08/19/2011
+.\"    Manual: System Administration tools
+.\"    Source: cifs-utils 4.0
+.\"  Language: English
+.\"
+.TH "SETCIFSACL" "8" "08/19/2011" "cifs-utils 4\&.0" "System Administration tools"
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+setcifsacl \- Userspace helper to alter an ACL in a security descriptor for Common Internet File System (CIFS)
+.SH "SYNOPSIS"
+.HP \w'\ 'u
+setcifsacl [\-v|\-a|\-D|\-M|\-S] "{one or more ACEs}" {file system object}
+.SH "DESCRIPTION"
+.PP
+This tool is part of the cifs-utils suite\&.
+.PP
+setcifsacl is a userspace helper program for the Linux CIFS client file system.  It is intended to alter an ACL of a security descriptor for a file system object.  It is best utilized when an option of cifsacl is specified when mounting a cifs share.  Whether a security descriptor to be set is applied or not is determined by the CIFS/SMB server.
+.SH "OPTIONS"
+.PP
+\-v
+.RS 4
+Print version number and exit\&.
+.RE
+\-a
+.RS 4
+Add one or more ACEs to an ACL of a security descriptor.
+An ACE is added even if the same ACE exists in the ACL.
+.RE
+\-D
+.RS 4
+Delete one or more ACEs from an ACL of a security descriptor.
+Entire ACE has to match in an existing ACL for the listed ACEs to be deleted.
+.RE
+\-M
+.RS 4
+Modify one or more ACEs from an ACL of a security descriptor.
+SID and type are used to match for existing ACEs to be modified with the list of ACEs specified.
+.RE
+\-S
+.RS 4
+Set an ACL of security descriptor with the list of ACEs
+Existing ACL is replaced entirely with the specified ACEs.
+.RE
+.PP
+Every ACE entry starts with "ACL:"
+One or more ACEs are specified within double quotes.
+Multiple ACEs are separated by a comma.
+.PP
+Following fields of an ACE can be modified with possible values:
+.PP
+SID: Either a name or a raw SID value.
+.PP
+type: ALLOWED (0x1), DENIED (0x2), OBJECT_ALLOWED (0x5), OBJECT_DENIED (0x6)
+.PP
+flags: OBJECT_INHERIT_FLAG (OI or 0x1), CONTAINER_INHERIT_FLAG (CI or 0x2), NO_PROPAGATE_INHERIT_FLAG (NI or 0x4), INHERIT_ONLY_FLAG (IO or 0x8), INHERITED_ACE_FLAG (IA or 0x10) or a combination/OR of these values.
+.PP
+mask: Either one of FULL, CHANGE, READ, a combination of R W X D P O, or a hex value
+.SH "SEE ALSO"
+.PP
+\fBmount.cifs\fR(8)
+\fBgetcifsacl\fR(8),
+.PP
+.SH "EXAMPLES"
+.PP
+Add an ACE
+.br
+setcifsacl -a "ACL:CIFSTESTDOM\\user2:DENIED/0x1/D" <file_name>
+setcifsacl -a "ACL:CIFSTESTDOM\\user1:ALLOWED/OI|CI|NI/D" <file_name>
+.PP
+Delete an ACE
+.br
+setcifsacl -D "ACL:S-1-1-0:0x1/OI/0x1201ff" <file_name>
+.PP
+Modify an ACE
+.br
+setcifsacl -M "ACL:CIFSTESTDOM\\user1:ALLOWED/0x1f/CHANGE" <file_name>
+.PP
+Set an ACL
+.br
+setcifsacl -S "ACL:CIFSTESTDOM\\Administrator:0x0/0x0/FULL,
+.br
+ACL:CIFSTESTDOM\\user2:0x0/0x0/FULL," <file_name>
+.PP
+.SH "AUTHOR"
+.PP
+Shirish Pargaonkar wrote the setcifsacl program\&.
+.PP
+The
+Linux CIFS Mailing list
+is the preferred place to ask questions regarding these programs\&.