are Microsoft Windows
native command line
utilities capable of displaying and modifying the access control lists
(ACLs) on folders
. An access control list is a list of permissions for securable object, such as a file or folder, that controls who can access it.
utility is a command line editor of permissions in Windows 2000 and later. Microsoft has produced newer utilities such as
- fileacl and
- icacls (Windows Vista),
all of which offer improvements.
Others, such as the SetACL
team, have produced their own command-line and scriptable permissions editors.
The documentation of a third-party free open-source replacement for cacls
hosted on SourceForge
, known as SetACL
, suggests that cacls
was invented for Windows NT 4.0
and is not suitable for use in Windows 2000
or later . Specifically, it notes that ACL inheritance was added in Windows 2000, but that neither the cacls
utility nor the xcacls
utility later released by Microsoft was properly updated to support it. The SetACL documentation suggests that Microsoft should have removed the utility from Windows 2000 rather than leave it in, only to have unwitting users internally disrupt a volume's security descriptors (by incorrectly ordering ACEs) in a way that's difficult to detect or recover from.
This project's documentation explains that using the built-in cacls
to apply... Read More