Equivalent of chmod to change file permissions in Windows

Question

Is there any Windows equivalent of Linux's chmod to change the permissions of a file?

score 44 · Answer 1 · edited Jun 27 '23 at 18:46

Greg mentions attrib - but attrib isn't anywhere close to chmod - attrib can set Read-only/Hidden attributes of a single file - it doesn't provide fine-grained controls like icacls does.

icacls sets/resets the access control lists, so you can grant/deny rights for individual SIDs & groups. It is fairly complicated though.

Here's an example I have saved in my github gist; it resets the ownership and access control list for all files in a folder and is particularly useful to fix those annoying "You need permissions from .. to perform this action" especially when moving files over from a previous install:

icacls * /reset /t /c /q

Here, we have that

/reset replaces the existing one with the default list.
/t acts recursively on all files, folders & subfolders
/q doesn't display any success messages
/c continues with remaining files even in an error occurs.

You can also do things like backup the existing ACLs & apply them across all. Have a look at ss64 which explains the different options & switches very well.

Tobias · Answer 2 · 2012-12-28T18:14:22.503

There (sadly) can't be an exact equivalent, since Linux und DOS/Windows use attributes for different purposes, and (as Chathuranga said before) the security model is different:

In Windows file systems, there are "hidden" (H) and "system" (S) attributes which don't have an equivalent in Linux; there, files are hidden by prepending the name with a dot (.).
There is no equivalent to the Windows "archive" (A) attribute, either.
There is no equivalent to the "executable" (x) Linux attributes in the DOS/Windows file attributes.
There is an equivalent to the Windows "directory" (D) attribute (but it can't be changed anyway).
In Linux file systems, every entry is owned by exactly one user and exactly one group, and read/write/execution can be allowed for each of them, and for others. ACLs (like used by Windows) are even more flexible, but more complicated as well, and the commandline syntax is a PITA (in my humble opinion, of course)

The DOS file attribute R (read-only) is the one which might be considered to have an equivalent: this attribute set is roughly like the w attribute for all being missing; but the permission to change this attribute is subject to ACLs.

It might be cool to have a chmod/chown equivalent on Windows, perhaps written in some scripting language, which in turn calls attrib and cacls (or successors), but I don't have one.

score 15 · Answer 3 · answered Feb 08 '10 at 10:41

15

Either cacls, xcacls, or my personal favourite icacls will probably do what you need.

answered Feb 08 '10 at 10:41

score 8 · Answer 4 · edited Dec 28 '12 at 19:57

8

icacls "C:\folder" /grant:r "Domain\Users":(OI)(CI)M /T /C

Works like a charm to change permissions on a folder for domain users. Additional information regarding cacls and icacls.

edited Dec 28 '12 at 19:57

slm

10,859

answered Dec 28 '12 at 18:26

MDT Guy

3,727

score 6 · Answer 5 · edited Aug 18 '11 at 20:28

The attrib command is the closest match for very basic things (read-only, archive flags). Then there is The ACL (access control list) command cacls. Last but not least, since Windows is actually Posix compliant, the unix-like flags do exist. If you install the Cygwin tool set, you will get a chmod. (A little off-topic, since you are looking for an equivalent of a unix command, downloading and installing Cgygwin might be something interesting for you.)

score 5 · Answer 6 · answered Dec 22 '17 at 03:29

5

For me, the workaround is to install Cygwin, and add its bin folder to system path. Then, if you run "chmod" in command line, it will work. Although I have not verified its correctness.

answered Dec 22 '17 at 03:29

WHOIF

51

score 5 · Answer 7 · answered Jul 29 '14 at 14:22

5

I use Windows command takeown.exe to change file permissions to my current logged in user id: http://technet.microsoft.com/en-us/library/cc753024.aspx

answered Jul 29 '14 at 14:22

Roman Kharkovski

51
1
3

score 2 · Answer 8 · edited Feb 08 '10 at 10:33

2

There is nothing called chmod in windows because the security model of Windows is different than Linux. You can use attrib command to change the properties of the objects. (But they are more towards global properties.)

edited Feb 08 '10 at 10:33

Jeff Atwood

24,402

answered Feb 08 '10 at 09:37

Chathuranga Chandrasekara

649

score 0 · Answer 9 · answered Oct 20 '24 at 15:48

There is icacls /? command in Ms. Windows

try to run this command icacls rsa-key.ppk and it will returns

rsa-key.ppk BUILTIN\Administrators:(I)(F)
    NT AUTHORITY\SYSTEM:(I)(F)
    NT AUTHORITY\Authenticated Users:(I)(M)
    BUILTIN\Users:(I)(RX)

The code means

(I) - permission inherited from parent container
(F) - full access
(M) - modify access
(RX) - read and execute access

You can use command

icacls file /grant user:(M) or icacls file /remove user

Equivalent of chmod to change file permissions in Windows

9 Answers9

Linked

Related