Windows equivalent to CHMOD Command

👤 Diwas Poudel    🕒 12 Mar 2023    📁 TECH

CHMOD (CHange MODe) is a popular command in Unix and Unix-like operating systems that allows you to change the access mode of a file via file permissions, attributes, and ownership.

Chmod Syntax in Linux looks like this:

chmod [reference][operator][mode] file...

When Linux user tries to use Windows, they may require CHMOD at some point, and they may be looking for a Windows equivalent to Linux CHMOD. If you are also in this situation, Ourtechroom will assist you in locating Chmod in Windows.

💡 It should be noted that there is no specific CHMOD command in Windows, but there are alternative keywords such as ATTRIB and ICACLS. Also, because Linux(or Unix) and Windows are built on different security models, their permission-related attributes and commands differ.

Lets discuss Attrib and icacls command.

ICACLS Command 

The icacls command, similar to Chmod, gives you the ability to set granular permissions in files and folders. 
They give users the ability to view and modify an access control list (ACL) (Access Control List) for files and folders.
An access control list, or ACL, is a list that can be used by users or groups to grant permissions to an object in an NTFS file system.

Its general syntax looks like this:

icacls syntax
fig. icacls syntax

Now let's look at how to change access permission to file and folder using ICACLS Command.

1 First create Folder DemoFolder and File demofile.txt.

mkdir DemoFolder 

echo > demofile.txt

2 Now let's create read-only permission for these folders and files.

icacls.exe DemoFolder /reset
icacls DemoFolder /inheritance:r
icacls DemoFolder  /grant "everyone":R

It is always better to reset the permission before assigning.

fig. Creating read-only icacls

Here, we are granting read-only permission to every user.

Also read: How to open web URL using Powershell and Command line?

And when you try to delete the folder you will get the Folder Access Denied error as shown below.

readonly permission to folder using icacls
fig. read-only permission to a folder using icacls

Also for files, you can do as follows:

icacls.exe DemoFile.txt /reset
icacls DemoFile.txt /inheritance:r
icacls DemoFile.txt  /grant "everyone":R


/reset will reset previously set permission.

/inheritance:r indicates removing all inherited ACEs.

/grant- adds a new ACE to the ACL that gives the special identity Everyone read-only access.

If you want recursively to every subfolder and subfiles then you can add "/t" as shown below:

icacls DemoFolder /grant "everyone":R /t 

If you get an error and you want to ignore then you add "/c" as shown below:

icacls DemoFolder /grant "everyone":r /t /c

Here, DemoFolder is already an existing folder and if there is a subfolder inside that folder then it works but if you want to apply this permission to every subfolder and file created in the future then you have to do the following things:

icacls DemoFolder  /grant:r Everyone:(OI)(CI)W /t
/grant with r will replace any previously granted explicit permissions. When :r is not specified in /grant, the permissions are added to any previously granted explicit permissions.

Grant Readonly access to currently logged-in users.

$path = "DemoFile.txt";
icacls.exe $path /GRANT:R "$($env:USERNAME):(R)"

This will only allow currently logged-in users to read only the file DemoFile.txt

Grant FullControl access to Users Groups

$path = "DemoFile.txt";
icacls $path /grant Users:F

The command icacls $path /grant Users:F grants the "Users" group full control over the file "DemoFile.txt".

Also read: How do I navigate to a desktop in Windows CMD?

Grant Modify Permission to Users Group

$path = "DemoFile.txt";
icacls $path /grant Users:M

The command icacls $path /grant Users:M grants the "Users" group modify permission over the file "DemoFile.txt".

Set various permission

If you want to set various permission then you can do like this:

icacls DemoFolder /grant:r Everyone:RW

Here, in this way, we can set multiple permission for the folder or file for any user. In my case, I have used Everyone user and set Read Write permission to the folder DemoFolder.

Remove all access from Everyone User

Remove all access for everyone to the DemoFolder file.

icacls DemoFolder /inheritance:d /t /c
icacls DemoFolder /remove:g Everyone /t /c

First Command:  The command icacls DemoFolder /inheritance:d /t /c removes inherited permissions from the folder "DemoFolder" and apply the changes to all subfolders and files within it while continuing the operation even if errors occur.

Second Command: The command icacls DemoFolder /remove:g Everyone /t /c removes the "Everyone" group's access to the "DemoFolder" directory and all its subdirectories and files, while continuing the operation even if errors occur.

What is the command to grant a user full control over a file or folder in Windows?

If you want to give a user complete control over a file or folder in Windows, you can do so with the following command:

for a file, type

icacls C:pathtofile /grant username:(F)

and for a folder, type

icacls C:pathtofolder /grant username:(F)

GUI equivalent to iCACLS Command

We can use GUI with the following command.

1 Right-click on the Folder/File you want to set Permissions like CHMOD 
2 Goto Security Tab 
3 Click on the Edit button
4 Then in the next screen Select Group and user name you want and then under Permissions for Everyone, check on the first column check box if you want to provide access with the key described on the row and if you want to deny access then check on the second column checkbox.

In my case, I have removed all the permission from the user Administrators (DIWAS\Administrators)

Using ICACLS liker permission using GUI
fig. Using ICACLS liker permission using GUI

ATTRIB Command 

ATTRIB provides the basic functionality of CHMOD Attribute. This command's primary function is to remove and set file attributes (read-only, hidden, system, and archive), and as a result, it enables users to display, set, or remove the read-only, hidden, and archive file attributes that have been assigned to a file or folder. attrib.exe is solely responsible for modifying file attributes; it does not affect file permissions in any way.

Also read: How to list all environment variables?

Let's look at some of the examples:

Change Readonly attribute to File or Folder

The command attrib +r filename.txt sets the "Read-only" attribute on the file "filename.txt".

 attrib +r filename.txt

Provide Hidden attribute to File or Folder

attrib +h filename.txt

Clear all attributes to File or Folder

 attrib -s -h -r filename.txt

Minus sign is used to clear all the attributes like read-only, hidden, and archive file attribute to the file and folder.

Note that attrib has the following attributes:

+s Use it if you want to set a file or folder as a system file
-s Use it if you want to remove a file or folder as a system file 
+h Use it if you want to make a file or folder invisible.
-h Use it if you want to make a hidden file or folder visible
+r Use it if you want to make a file or folder as read-only
-r Use it if you want to remove the read-only property from the file or folder.


In this way, we have successfully used the windows command equivalent to CHMOD.


How to use CHMOD 400 in Windows Command?

You can use the help of icacls command. You can try the below command line by line.

icacls.exe DemoFile.txt /reset

icacls.exe DemoFile.txt /grant:r "$($env:username):(r)"

icacls.exe DemoFile.txt /inheritance:r

Here I have applied CHMOD 400 for the DemoFile.txt file. If you want then you can change it to any file.

Note that if your file is in another path than your current command path then you have to provide the complete path of the folder/files instead of just the name. Example: you have to type like this: icacls.exe D:\Demofile.txt /reset where Demofile.txt is located in D drive.

How to use CHMOD 400 in Windows GUI Version?

For the windows Operating system you can do as below:

1 Right-click on the file you want to apply CHMOD 400

2 Click on Properties

3 Goto  Security Tab

4 Click on the Advanced button

5 Click on disable inheritance button

6 Click on the 'Convert inherited permissions into explicit permission on this object' link.

On the same screen:

1 Double Click  on "Allow | Everyone | Full Control" Row

2 Click on the 'Select a principal' Link.

3 Then type your username

4 Click on the Check Names button.

5 Select your username

6 Click on the Ok button on every opened window.

How to provide Grant Modify Permission to IIS User for C:\DemoFolder?

The command is as follows:

icacls "C:\DemoFolder" /grant IIS_IUSRS:M 
How to provide Grand Full Control to the User group for "C:\DemoFolder" ?

The command is as follows:

icacls "C:\DemoFolder" /grant Users:F
What is Cygwin?

Cygwin is a vast collection of GNU and Open Source Tools that provide many features similar to Linux distributions on Windows. It also includes a chmod command utility that is found on Linux distributions.

If you only want CHMOD Unix tools in windows then you can use CHMOD-WIN tools.