ShowACLs is a 32bit command line utility that displays the NTFS permissions of files and directories. The most useful feature of ShowACLs is the ability to show permissions for a particular user. The method that ShowACLs users to perform this is by enumerating the local and global groups that the particular user belongs to and matching the users Security Identifier (SID) and the SID’s of the groups the users belongs to, to the SID’s in each ACE entry.
NTFS uses Access Control Lists (ACLs) to set permissions for users and groups on objects. ACLs are made up of Access Control Entries (ACE’s). Each ACE entry has information that controls the permissions for a specific user or group. There are currently four ACE type defined; Access Allowed, Access Denied, System Alarm and System Audit. Each ACE entry has a common ACE header and unique data structure. The SID associated with each ACE entry is contained in the data following the ACE header.
One of the problems with a command line tool like ShowACLs is the amount of information that is contained in the ACL. The first version of ShowACLs attempted to display all the data in the access mask, which was very confusing. The latest version has adopted the “standard” permissions, Full, Change and Read-Only where appropriate. If a mask does not match these predefined values, the a raw dump of the mask is performed. The following table shows the actual permissions for each of the predefined values, and the alpha keys for permissions that do not match one of these predefined values. See winnt.h in the include directory of the SDK or Visual C++ for more details on these definitions.
FullFILE_ALL_ACCESS
ChangeDELETE | SYNCHRONIZE | FILE_READ_DATA | FILE_WRITE_DATA | FILE_APPEND_DATA | FILE_READ_EA | FILE_WRITE_EA | FILE_EXECUTE | FILE_READ_ATTRIBUTES | FILE_WRITE_ATTRIBUTES | READ_CONTROL
Read-OnlyFILE_READ_DATA | SYNCHRONIZE | FILE_READ_EA | FILE_EXECUTE | READ_CONTROL | FILE_READ_ATTRIBUTES
RGENERIC_READ
WGENERIC_WRITE
XGENERIC_EXECUTE )
DDELETE
AGENERIC_ALL
dFILE_READ_DATA (directory)
lFILE_READ_DATA (file)
sSYNCHRONIZE
rFILE_READ_DATA
wFILE_WRITE_DATA
aFILE_APPEND_DATA
rEFILE_READ_EA
wEFILE_WRITE_EA
fxFILE_EXECUTE
Usage:
Showacls /s /u:domain\user filespec