In computing, cacls and its replacement, icacls, are Microsoft Windows native command line utilities capable of displaying and modifying the security descriptors on folders and files. An access control list is a list of permissions for securable object, such as a file or folder, that controls who can access it.
Video Cacls
cacls
The cacls.exe utility is a deprecated command line editor of directory and file security descriptors in Windows NT 3.5 and later operating systems of the Windows NT family. Microsoft has produced the following newer utilities, some also subsequently deprecated, that offer enhancements to support changes introduced with version 3.0 of the NTFS filesystem:
- xcacls.exe is supported by Windows 2000 and later and adds new features like setting Execute, Delete and Take Ownership permissions
- xcacls.vbs
- fileacl.exe
- icacls.exe (included in Windows Server 2003 SP2 and later)
- SubInAcl.exe - Resource Kit utility to set and replace permissions on various type of objects including files, services and registry keys
- Windows PowerShell (Get-Acl and Set-Acl cmdlets)
Maps Cacls
icacls
Stands for Integrity Control Access Control List. Windows Server 2003 Service Pack 2 and later include icacls, an in-box command-line utility that can display, modify, backup and restore ACLs for files and folders, as well as to set integrity levels and ownership in Vista and later versions. It is not a complete replacement for cacls, however. For example, it does not support Security Descriptor Definition Language (SDDL) syntax directly via command line parameters (only via the /restore option).
Problems
All known versions of icacls have a serious bug: on objects with protected ACLs, icacls
- ignores this protection,
- resets/destroys the protection and
- applies/propagates the inheritable permissions from the parent to the object and its children.
See also
- SetACL
- chmod
References
Further reading
Source of article : Wikipedia
0 Comments