Home
> Commands A-M
> Commands Ca-Cg
CACLS
Description
| Syntax
| Parameters
| Switches
| Related
| Notes
| Examples
| Errorlevels
| Availability
Display or modify Access Control Lists (ACLs) for files and
folders.
Access Control Lists apply only to files stored on an NTFS formatted
drive, each ACL determines which users (or groups of users) can read or
edit the file. When a new file is created it normally inherits ACL's
from the folder where it was created.
Syntax
CACLS
/?
CACLS
pathname
[/C]
[/D
user]
[[/E]
[/R
user [...]]]
[/G
user:permission [...]]]
[/P
user:permission [...]]]
[/T]
Display file(s) ACLs:
CACLS
pathname
Parameters
- pathname
(NT3.5)
- Wildcards can be used to specify multiple files.
Switches
- /?
(NTXP)
- Display help.
- /C
(NT3.5)
- Continue on access denied errors.
- /D user
(NT3.5)
- Deny specified user access. Will deny access to a user
even if they belong to a group that does have access.
- /E
(NT3.5)
- Edit ACL (leave existing rights unchanged).
Without the /E switch all existing rights on [pathname]
will be replaced, any attempt to use the /E switch to change a
[user:permission] that already exists
will raise an error. To be sure the CALCS command will work
without errors use /E /R to remove ACL
rights for the user concerned, then use /E to add the desired
rights.
- /G
user:permission
(NT3.5)
- Grant access rights, permision can be:
- C Change (write)
- F Full control
- N None NTXP
- R Read
- W Write NT2000
- /P
user:permission
(NT3.5)
- Replace access rights, permision can be:
- C Change (write)
- F Full control
- N None
- R Read
- W Write NT2000
- /R user
(NT3.5)
- Revoke specified user's access rights (only valid with
/E).
- /T
(NT3.5)
- Search the pathname including all subfolders. Will only
traverse subfolders below the current directory.
- user
(NT3.5)
- In all the options "user" can be an NT Username
or an NT Workgroup (either local or global)
- If a username or groupname includes spaces then
it must be surrounded with quotes e.g. "Authenticated Users"
- You can specify more than one user:permission in a single
command.
Related
ATTRIB - Display or change
file attributes
PERMS - Show permissions for a user
SHOWACL - Show file Access Control Lists (win 2000)
XCACLS - Display or modify Access
Control Lists (ACLs) for files and folders
Equivalent Linux BASH commands:
chmod - Change access permissions
chown - Change file owner and group
Notes
The CACLS command does not provide a /Y switch to automatically
answer 'Y' to the Y/N prompt. However, you can pipe the 'Y' character
into the CACLS command using ECHO, use:
ECHO Y| CACLS /g username:permission
note: Do not include a space between the 'Y' and the pipe
symbol.
To edit a file you must have the "Change" ACL (or be the file's
owner).
To use the CACLS command and change an ACL requires "FULL
Control"
File "Ownership" will always override all ACL's - you always have
Full Control over files that you create.
- OI This folder and files
- CI This folder and subfolders
- IO The ACE does not apply to the current file/directory
- No output message This folder only
- (IO)(CI) This folder, subfolders and files
- (OI)(CI)(IO) Subfolders and files only
- (CI)(IO) Subfolders only
- (OI)(IO) Files only
Examples
Adding new file permissions to a group of users:
CACLS myfile.txt /E /G "Power Users":F
If we now grant Read permissions to the same group they will
still have FULL control:
CACLS myfile.txt /E /G "Power Users":R
This command will replace the first ACL granted and allow
only Read access:
CACLS myfile.txt /E /P "Power Users":R
Errorlevels
none.
Availability
- External
-
- DOS
-
none
- Windows
-
none
- Windows NT
-
NT3.5
NT3.51
NT4
NT2000
NTXP
Last Updated: 2006/12/01
Direct corrections or suggestions to:
Rick Lively