63
18
Is there any Windows equivalent of Linux's chmod to change the permissions of a file?
Equivalent of chmod to change file permissions in Windows
Answers
27
Greg mentions attrib - but attrib isn't anywhere close to chmod - attrib can set Read-only/Hidden attributes of a single file - it doesn't provide fine-grained controls like icacls does.
icacls sets/resets the access control lists, so you can grant/deny rights for individual SIDs & groups. It is fairly complicated though.
Here's an example I have saved in my github gist; it resets the ownership and access control list for all files in a folder and is particularly useful to fix those annoying "You need permissions from .. to perform this action" especially when moving files over from a previous install:
icacls * /reset /t /c /q
Reset replaces the existing one with the default list.
/t acts recursively on all files, folders & subfolders
/q doesn't display any success messages
/c continues with remaining files even in an error occurs.
You can also do things like backup the existing ACLs & apply them across all. Have a look at ss64 which explains the different options & switches very well.
Sathyajith Bhat
Posted 2010-02-08T09:34:14.797
Reputation: 58 436
Bryan
Posted 2010-02-08T09:34:14.797
Reputation: 1 563
1I believe icacls is only available on Vista/7. – Hello71 – 2010-08-15T16:01:05.753
I jus used it on Windows 10. It's also available there. – Kerwin Sneijders – 2019-12-10T15:13:52.600
10
There (sadly) can't be an exact equivalent, since Linux und DOS/Windows use attributes for different purposes, and (as Chathuranga said before) the security model is different:
- In Windows file systems, there are "hidden" (
H) and "system" (S) attributes which don't have an equivalent in Linux; there, files are hidden by prepending the name with a dot (.). - There is no equivalent to the Windows "archive" (
A) attribute, either. - There is no equivalent to the "executable" (
x) Linux attributes in the DOS/Windows file attributes. - There is an equivalent to the Windows "directory" (
D) attribute (but it can't be changed anyway). - In Linux file systems, every entry is owned by exactly one user and exactly one group, and read/write/execution can be allowed for each of them, and for others. ACLs (like used by Windows) are even more flexible, but more complicated as well, and the commandline syntax is a PITA (in my humble opinion, of course)
The DOS file attribute R (read-only) is the one which might be considered to have an equivalent: this attribute set is roughly like the w attribute for all being missing; but the permission to change this attribute is subject to ACLs.
It might be cool to have a chmod/chown equivalent on Windows, perhaps written in some scripting language, which in turn calls attrib and cacls (or successors), but I don't have one.
Tobias
Posted 2010-02-08T09:34:14.797
Reputation: 255
You're confusing file attributes and permissions. Linux has file attributes that can be changed via chattr. Linux has fine-grained access control for attributes (e.g. the [i]mmutable attribute can only be set by root or a CAP_LINUX_IMMUTABLE process), whereas access to set attributes in Windows is all or nothing. It is a common mistake in implementations of chmod for Windows to use this command to set the read-only file attribute. Unfortunately systems are only as informed as the programmers who develop them.
@eryksun: Interesting - I was not aware of that chattr command. But you didn't mean me, to "confuse file attributes and permissions", right? AFAICS, every word I wrote about DOS attributes is still correct. – Tobias – 2018-03-26T08:56:43.640
A file consists of a lot of (extended) attributes. In Unix the core set of attributes are stored in the inode, including the file mode (permissions). Other extended attributes (e.g. ACLs) may be stored externally. Windows has no equivalent to the Unix "mode" attribute. It also doesn't have a common inode record for filesystems. An NTFS MFT record is similar. From its POV, the standard Windows file attributes are a single attribute of the file record. These correspond to Linux file attributes set via chattr, except Windows has a directory attribute since there's no inode. – Eryk Sun – 2018-03-26T16:26:28.180
The question asks about an "[e]quivalent of chmod to change file permissions in Windows". There is no direct equivalent to chmod in Windows because there is nothing like the file "mode" attribute. The standard set of Windows file attributes have nothing to do with this. The read-only attribute is not a file permission. It basically says the file is written in stone, so all attempts to modify it must fail. The Linux "immutable" file attribute is similar. Windows only uses ACLs for permissions, so icacls.exe and the like are the only similar commands on the subject of permissions. – Eryk Sun – 2018-03-26T16:32:57.683
Good first post! – slm – 2012-12-28T19:47:18.553
7
icacls "C:\folder" /grant:r "Domain\Users":(OI)(CI)M /T /C
Works like a charm to change permissions on a folder for domain users. Additional information regarding cacls and icacls.
MDT Guy
Posted 2010-02-08T09:34:14.797
Reputation: 3 683
Getting "OI : The term 'OI' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again." – demonicdaron – 2020-02-19T12:25:45.073
Nice first post! Never heard of icacls. – slm – 2012-12-28T19:52:09.587
5
The attrib command is the closest match for very basic things (read-only, archive flags). Then there is The ACL (access control list) command cacls. Last but not least, since Windows is actually Posix compliant, the unix-like flags do exist. If you install the Cygwin tool set, you will get a chmod. (A little off-topic, since you are looking for an equivalent of a unix command, downloading and installing Cgygwin might be something interesting for you.)
user27570
Posted 2010-02-08T09:34:14.797
Reputation: 91
3
I use Windows command takeown.exe to change file permissions to my current logged in user id: http://technet.microsoft.com/en-us/library/cc753024.aspx
Roman Kharkovski
Posted 2010-02-08T09:34:14.797
Reputation: 31
2
There is nothing called chmod in windows because the security model of Windows is different than Linux. You can use attrib command to change the properties of the objects. (But they are more towards global properties.)
Chathuranga Chandrasekara
Posted 2010-02-08T09:34:14.797
Reputation: 629
2
For me, the workaround is to install Cygwin, and add its bin folder to system path. Then, if you run "chmod" in command line, it will work. Although I have not verified its correctness.
WHOIF
Posted 2010-02-08T09:34:14.797
Reputation: 21
The problem is, I can't do this, for every file there is the message: "Access is denied". Is there no way around this? On a school system that blocks this, but not cmd? – theonlygusti – 2015-01-09T09:50:08.807
You need admin privileges; the "normal"
cmdwhich you get by hitting [Win]+[R] lacks these. For such special needs I have an "Admin shell" shortcut, with "Execute as administrator" (or similar; I'm on a German Windows system) checked (and with a dark red background colour). – Tobias – 2015-03-18T19:40:48.447I actually face the problem with Permission denied error. Why the hell I can do something if I am an administrator and console I run runs as administrator too. What is that? – Čamo – 2018-02-13T19:06:42.443