cacls

Previous page
Table of content
Next page

cacls

Displays or modifies access control lists (ACLs) of files and directories on NTFS volumes .

Syntax 

 cacls   filename   [/t] [/e] [/c] [/g   username   :   perm   ] [/r   username   [...] ]  [/p   username   :   perm   [...] ] [/d   username   [...] ]

Options

filename [filename...]

Displays ACLs of specified file(s)

/t

Recursively applies changes to ACLs of specified files, starting from the current directory and extending to all subdirectories

/e

Merges changes into an ACL instead of overwriting it

/c

Ignores errors during the process of modifying an ACL

/g username:perm

Grants username one of the following permissions:

N

None

R

Read

C

Change (Write)

F

Full Control

/r username

Revokes all permissions for username

/p username:perm

Replaces one of the following permissions for username :

N

None

R

Read

C

Change (Write)

F

Full Control

/d username

Explicitly denies access to username

Examples

Display the ACL for the directory C:\WINDOWS : 

  cacls C:\WINDOWS  C:\WINDOWS NT AUTHORITY\Authenticated Users:R          NT AUTHORITY\Authenticated Users:              (OI)(CI)(IO)(special access:)                   GENERIC_READ                   GENERIC_EXECUTE          BUILTIN\Server Operators:C          BUILTIN\Server Operators:(OI)(CI)(IO)C          BUILTIN\Administrators:F          BUILTIN\Administrators:(OI)(CI)(IO)F          NT AUTHORITY\SYSTEM:F          NT AUTHORITY\SYSTEM:(OI)(CI)(IO)F          BUILTIN\Administrators:F          CREATOR OWNER:(OI)(CI)(IO)F

Table 5-1 explains the various symbols used in the output of cacls .

Table 5-1. Symbols used in cacls command

Symbol

Description

C

Container (directory)

O

Object (file)

I

Inherit (taking on the permissions of the parent directory)

OI

Object inherit (any files created in this directory inherit this ACL)

CI

Container inherit (any subdirectories created in this directory inherit this ACL)

IO

Inherit only (ACL doesn't apply to the directory, only to subdirectories)

Notes

  • cacls can't be used to create special permissions, only standard permissions. In this sense it is less granular than the GUI.

  • You can specify more than one file or user in a command.

  • cacls can't be used to set permissions on the root of an NTFS volume that is mounted to a folder on a different NTFS volume.

  • To use cacls in a batch file, you need to provide a way to automatically answer prompts it may generate. Since calcs doesn't have a /y switch to do this, use the Echo command to pipe y as input in response to an "Are You Sure?" message that cacls might generate. To do this, use: 

     Echo y  cacls filename /g username:perm

  • A practical use for cacls is to add the Administrators group automatically to the ACL for users' home directories. See Knowledge Base article Q180464 on Microsoft TechNet for several scripts for doing this.

See Also

Permissions


Previous page
Table of content
Next page
Windows Server 2003 in a Nutshell
Windows Server 2003 in a Nutshell
ISBN: 0596004044
EAN: 2147483647
Year: 2003
Pages: 415
Authors: Mitch Tulloch
BUY ON AMAZON
Java I/O
Metrics and Models in Software Quality Engineering (2nd Edition)
Identifying and Managing Project Risk: Essential Tools for Failure-Proofing Your Project
Documenting Software Architectures: Views and Beyond
Building Web Applications with UML (2nd Edition)
Cisco IOS Cookbook (Cookbooks (OReilly))
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy