This command-line tool enumerates access rights for files, folders, and trees. It allows masking to enumerate only specific ACLs.
ShowACLs works on NTFS partitions only.
The most useful feature of ShowACLs is the ability to show permissions for a particular user. The method that ShowACLs uses to perform this is by enumerating the local and global groups that the particular user belongs to and matching the users security identifier (SID) and the SIDs of the groups the users belongs to, to the SIDs in each ACE entry.
NTFS uses Access Control Lists (ACLs) to set permissions for users and groups on objects. ACLs are made up of Access Control Entries (ACEs). Each ACE entry has information that controls the permissions for a specific user or group. There are currently four ACE type defined; Access Allowed, Access Denied, System Alarm and System Audit. Each ACE entry has a common ACE header and unique data structure. The SID associated with each ACE entry is contained in the data following the ACE header.
One of the problems with a command-line tool like ShowACLs is the amount of information that is contained in the ACL. The first version of ShowACLs attempted to display all the data in the access mask, which was very confusing. The latest version has adopted the "standard" permissions, Full, Change and Read-Only where appropriate. If a mask does not match these predefined values, the a raw dump of the mask is performed.
ShowAcls Topics
Files Required