Difference between revisions of "Windows/SetACL"
Jump to navigation
Jump to search
(→Howto) |
|||
| Line 5: | Line 5: | ||
== Howto == |
== Howto == |
||
=== Owner change === |
|||
==== Recursively change owner on directories and files ==== |
|||
SetACL -on "<span class="input"><Path></span>" |
|||
-ot file |
|||
<span class="highlight">-actn setowner -ownr "n:<span class="input">domain\user</span>" |
|||
-rec cont_obj</span> |
|||
=== Inheritance of directories === |
=== Inheritance of directories === |
||
=== Take away inheritance, don't copy permission === |
==== Take away inheritance, don't copy permission ==== |
||
SetACL -on "<span class="input"><Path></span>" |
SetACL -on "<span class="input"><Path></span>" |
||
-ot file |
-ot file |
||
| Line 15: | Line 21: | ||
-actn rstchldrn -rst "dacl" |
-actn rstchldrn -rst "dacl" |
||
=== Take away inheritance, copy permission === |
==== Take away inheritance, copy permission ==== |
||
SetACL -on "<span class="input"><Path></span>" |
SetACL -on "<span class="input"><Path></span>" |
||
-ot file |
-ot file |
||
<span class="highlight">-actn setprot -op "dacl:<span class="input">p_c</span>;sacl:nc"</span> |
<span class="highlight">-actn setprot -op "dacl:<span class="input">p_c</span>;sacl:nc"</span> |
||
=== Inherit from parent === |
==== Inherit from parent ==== |
||
SetACL -on "<span class="input"><Path></span>" |
SetACL -on "<span class="input"><Path></span>" |
||
-ot file |
-ot file |
||
<span class="highlight">-actn setprot -op "dacl:<span class="input">np</span>;sacl:nc"</span> |
<span class="highlight">-actn setprot -op "dacl:<span class="input">np</span>;sacl:nc"</span> |
||
== References == |
== References == |
||
* [http://helgeklein.com/setacl/documentation/command-line-version-setacl-exe/ SetACL documentation] |
* [http://helgeklein.com/setacl/documentation/command-line-version-setacl-exe/ SetACL documentation] |
||
Revision as of 21:50, 17 June 2012
SetACL is a very powerful commandline tool that can help automate some of the more tedious permission setting tasks on Windows.
Windows ACLs are quite a bit more sophisticated than the Unix implementations I have come across so far. So SetACL is not for the faint of heart. Since I don't use it on a regular basis I forget most of the stuff until the next time. This document should help list some of the pain.
Howto
Owner change
Recursively change owner on directories and files
SetACL -on "<Path>" -ot file -actn setowner -ownr "n:domain\user" -rec cont_obj
Inheritance of directories
Take away inheritance, don't copy permission
SetACL -on "<Path>" -ot file -actn setprot -op "dacl:p_nc;sacl:nc"
Ensure there are non-inherited users already present or add a line like the one below
-actn ace -ace "n:domain\user;p:full"
With an addtional line we can reset the permission of all the sub-directories and files and only inherit from the path specified in -on
-actn rstchldrn -rst "dacl"
Take away inheritance, copy permission
SetACL -on "<Path>" -ot file -actn setprot -op "dacl:p_c;sacl:nc"
Inherit from parent
SetACL -on "<Path>" -ot file -actn setprot -op "dacl:np;sacl:nc"