لطفا منتظر باشید ...
Publisher| cacls |
modifies access control lists (ACLs)
of files and directories on NTFS volumes.
Syntax
cacls filename [/t] [/e] [/c] [/g username:perm] [/r username [...] ]
[/p username:perm [...] ] [/d username [...] ]
Options
- filename [filename...]
Displays ACLs of specified file(s)- /t
Recursively applies changes to ACLs of specified files, starting from
the current directory and extending to all subdirectories- /e
Merges changes into an ACL instead of overwriting it- /c
Ignores errors during the process of modifying an ACL- /g username:perm
Grants username one of the following
permissions:- N
None- R
Read- C
Change (Write)- F
Full Control
- /r username
Revokes all permissions for username- /p username:perm
Replaces one of the following permissions for
username:- N
None- R
Read- C
Change (Write)- F
Full Control
- /d username
Explicitly denies access to username
Examples
Display the ACL for the directory C:\WINDOWS :
cacls C:\WINDOWS
C:\WINDOWS NT AUTHORITY\Authenticated Users:R
NT AUTHORITY\Authenticated Users:
(OI)(CI)(IO)(special access:)
GENERIC_READ
GENERIC_EXECUTE
BUILTIN\Server Operators:C
BUILTIN\Server Operators:(OI)(CI)(IO)C
BUILTIN\Administrators:F
BUILTIN\Administrators:(OI)(CI)(IO)F
NT AUTHORITY\SYSTEM:F
NT AUTHORITY\SYSTEM:(OI)(CI)(IO)F
BUILTIN\Administrators:F
CREATOR OWNER:(OI)(CI)(IO)F
Table 5-1 explains the various symbols used in the output of
cacls.
Symbol | Description |
|---|---|
C | Container (directory) |
O | Object (file) |
I | Inherit (taking on the permissions of the parent directory) |
OI | Object inherit (any files created in this directory inherit this ACL) |
CI | Container inherit (any subdirectories created in this directory inherit this ACL) |
IO | Inherit only (ACL doesn't apply to the directory, only to subdirectories) |
Notes
- cacls can't be used to create
special permissions, only standard permissions. In this sense it is
less granular than the GUI. - You can specify more than one file or user in a command.
- cacls can't be used to set
permissions on the root of an NTFS volume that is mounted to a folder
on a different NTFS volume. - To use cacls in a batch file, you need to provide
a way to automatically answer prompts it may generate. Since
calcs doesn't have a
/y switch to do this, use the
Echo command to pipe y as input
in response to an "Are You Sure?"
message that cacls might generate. To do this,
use:Echo y | cacls filename /g username:perm
- A practical use for cacls is to add the
Administrators group automatically to the ACL for
users' home directories. See Knowledge Base article
Q180464 on Microsoft TechNet for several scripts for doing this.
See Also
Permissions
