Display or modify Access Control Lists (ACLs) for files and folders.
Access Control Lists apply only to files stored on an NTFS formatted drive, each ACL determines which users (or groups of users) can read or edit the file. When a new file is created it normally inherits ACL's from the folder where it was created.
syntax CACLS pathname [options]
options can be any combination of:
/T Search the pathname including all subfolders. /E Edit ACL (leave existing rights unchanged)
/C Continue on access denied errors.
Grant access rights, permision can be:
R Read C Change (write) F Full control
Revoke specified user's access rights (only valid with /E).
Replace access rights, permission can be:
N None R Read C Change (write) F Full control
/D user Deny specified user access.
In all the options above "user" can be an NT Username or an NT Workgroup (either local or global) If a username or groupname includes spaces then it must be surrounded with quotes e.g. "Authenticated Users" If no options are specified CACLS will display the ACLs for the file(s)
Other features to try
Wildcards can be used to specify multiple files.
You can specify more than one user:permission in a single command.
The /D option will deny access to a user even if they belong to a group that does have access.
Adding new file permissions to a group of users
CACLS myfile.txt /E /G "Power Users":F
If we now grant Read permissions to the same group they will still have FULL control
CACLS myfile.txt /E /G "Power Users":R
This command will replace the first ACL granted and allow only Read access:
CACLS myfile.txt /E /P "Power Users":R
"Whether a pretty woman grants or withholds her favours, she always likes to be asked for them" - Ovid (Ars Amatoria)
ATTRIB - Display or change file attributes
PERMS - Show permissions for a user
FIXACLS - Restore default privs (Resource Kit supplement 2)
SHOWACL - Show file Access Control Lists (Windows 2000)
XCACLS - Display or modify Access Control Lists (ACLs) for files and folders
NT Permissions explained
Change Registry Permissions from the command line
Equivalent Linux BASH commands:
chmod - Change access permissions
chown - Change file owner and group