FilePermissions: Difference between revisions

From Piszczynski
VisualWikitext
piszczynski>Aleks
No edit summary
m (2 revisions imported)
 
(No difference)

Latest revision as of 22:32, 15 November 2023

File Permissions iCACLS Copy Export Modify

File permissions can be managed in CMD with the iCACLS tool.

Get file/folder permissions:

  • icacls <path>

Grant Modify Permission:

  • icacls <path> /grant <user>:M

Details of permissions: 

iCACLS inheritance settings:

(OI)  —  object inherit;
(CI)  —  container inherit;
(IO)  —  inherit only;
(NP)  —  don’t propagate inherit;
(I)  — permission inherited from the parent container.

List of basic access permissions:

D  —  delete access;
F  —  full access;
N  —  no access;
M  —  modify access;
RX  —  read and execute access;
R  —  read-only access;
W  —  write-only access.

Save and copy permissions to file to apply to other files:

  • icacls <path> /save <pathtosavepermissions> /t

Restore or copy saved permissions from file:

  • icals <path> /restore <pathtosavedpermissions>


File Permissions Powershell Get-Acl Set-Acl

Permissions can be managed with Powershell get-acl cmdlet

  • Get-Acl <path>

Copy permissions from one file to another:

  • $acl = Get-Acl -path <pathtocopypermisssionsfrom>
    • $acl | Set-Acl -path <pathtocopypermissionsto>

If you need to add permissions but dont have permissions to copy from you can create an object containing the permissions:

  • New-Object Security.AccessControl.FileSystemAccessRule('IdentityReference\String','FileSystemRights','InheritanceFlags, PropagationFlags','AccessControlType')

Details on the options:

  • IdentityReference\String — user or group name (use the following principal format: domain\user)
  • FileSystemRights — permission (for example, Read , Write , etc.)
  • InheritanceFlags and PropagationFlags – these flags determine permission inheritance settings from the parent folder (more details about ACL propagation are described in the Microsoft documentation https://docs.microsoft.com/en-us/previous-versions/ms229747(v=vs.110)?redirectedfrom=MSDN)
  • AccessControlType — allow or deny access to an object (Allow/Deny)

Example: 

# get current NTFS permissions

$current_acl = Get-ACL -Path "C:\Docs"

# create an object with new NTFS permissions

$new_acl = New-Object System.Security.AccessControl.FileSystemAccessRule('domiain\user', 'Read', 'ContainerInherit, ObjectInherit', 'None', 'Allow')

# add new permissions to the current ACL

$current_acl.AddAccessRule($new_acl)

# Apply an ACL to a folder

Set-ACL -Path "C:\Docs" -ACLObject $current_acl
Retrieved from ‘http://piszczynski.com/index.php?title=FilePermissions&oldid=379
Last modified
This page was last modified on 15 November 2023, at 22:32.