Display or modify Access Control Lists (ACLs) for files and folders. Unlike CACLS, xcacls can apply 'Special Access' rights.
XCACLS filename [/C] [/D user] [/E] [/G user:permision;FolderSpec] [/P user:permision;FolderSpec] [/R user] [/T] [/Y]
Display the ACLs for the file(s):
CACLS - Display or modify Access Control Lists (ACLs) for files and folders.
PERMS - Show permissions for a user.
SHOWACL - Show file Access Control Lists (NT2000).
SUBINACL - Change an ACL's user/domain (use when the file owner has moved to a new domain).
ATTRIB - Display or change file attributes.
Equivalent Linux BASH commands:
chmod - Change access permissions.
chown - Change file owner and group.
FolderSpec is a permission applied to a folder.
Folder permissions are inherited by new files added to the folder. If FolderSpec is not specified then permission will apply to both files and folders.
FolderSpec: T@ where @ is one of the rights above, when this is specified new files will not inherit folder permissions. At least one folder access right must follow T Entries between ';' and T will be ignored.
Wildcards can be used to specify more that one file in a command. You can specify more than one user in a command. You can combine access rights.
Allow guests the right to read and execute in myFolder:
XCACLS myFolder /E /G guests:rx
Allow guests the Full Control permission in myFolder and all subfolders:
XCACLS myFolder /T /E /G guests:f
This will grant guests only read access to all files in and below myFolder, new folders created will be Read Access only, new files will not inherit any rights:
XCACLS myFolder /T /P guests:R;Tr
This will grant guests only execute access to all files in and below myFolder:
XCACLS myFolder /T /P guests:x