Cacls

<tt>cacls</tt> and <tt>icacls</tt> are Microsoft Windows native command line utilities capable of displaying and modifying the access control lists (ACLs) on folders and files. An access control list is a list of permissions for securable object, such as a file or folder, that controls who can access it.

CACLS

The cacls utility is a command line editor of permissions in Windows 2000 and later. Microsoft has produced newer utilities such as

• xcacls.exe,
• xcacls.vbs,
• fileacl and
• icacls (Windows Vista),

all of which offer improvements.

SetACL-project

Others, such as the SetACL team, have produced their own command-line and scriptable permissions editors.

The documentation of a third-party free open-source replacement for cacls hosted on SourceForge, known as SetACL, suggests that cacls was invented for Windows NT 4.0 and is not suitable for use in Windows 2000 or later . Specifically, it notes that ACL inheritance was added in Windows 2000, but that neither the cacls utility nor the xcacls utility later released by Microsoft was properly updated to support it. The SetACL documentation suggests that Microsoft should have removed the utility from Windows 2000 rather than leave it in, only to have unwitting users internally disrupt a volume's security descriptors (by incorrectly ordering ACEs) in a way that's difficult to detect or recover from.

This project's documentation explains that using the built-in cacls to apply...
Read More