4

Trying to clean up permissions on this IIS6 w/ PHP CGI server, it seems that several files/folders have write permissions for Everyone. (You can probably guess what is happening, repeatedly.)

So, basically, I'm looking for the equivalent of find $directory -perm 777 -exec ls -ld {} \;

I can do that first part, listing files that mention Everyone with icacls, but can't seem to display the actual ACL:

icacls \directory /findSID *S-1-1-0 /t

Looking at the subinacl documentation and various google results, it seems that I can use /subdirectories and /display to achieve this, but it returns immediately with no results and no errors:

C:\>subinacl /subdirectories \directory\*.* /findsid=Everyone /display
+subdirectories \directory\*.*
/findsid=Everyone
/display

Elapsed Time: 00 00:00:00
Done:        0, Modified        0, Failed        0, Syntax errors        0
Josh Y.
  • 280
  • 1
  • 2
  • 7

2 Answers2

6

Orbitron's suggestion is great, but if you want to use a purely PowerShell way without having to install pstools, have a look at the select-string cmdlet. You may have to pipe the object pipeline to a file first and then consume it with select-string or you can wedge out-string into the pipeline.

Get-ChildItem -Recurse | Get-Acl | out-string -stream | select-string -pattern "everyone"

Wesley
  • 32,320
  • 9
  • 80
  • 116
  • Looks good to me. – MDMarra Dec 23 '11 at 21:08
  • 2
    On my system when run in the root of C:\ drive at some point the command crashes with the following output -- `Get-Acl : Attempted to perform an unauthorized operation. At line:1 char:26 + Get-ChildItem -Recurse | Get-Acl | out-string -stream | select-string -pattern " ... + ~~~~~~~ + CategoryInfo : NotSpecified: (:) [Get-Acl], UnauthorizedAccessException + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.GetAclCommand` -- Sorry for bad formatting I don't know how to make it better in a comment. – golem Aug 07 '15 at 16:44
4

This worked for me with powershell and pstools:

Get-ChildItem C:\temp\ -Recurse | Get-Acl | grep "Everyone"

You may need to refine it more for your needs, but powershell is the way to go here.

orbitron
  • 391
  • 1
  • 2
  • 6