# Get ACL permissions from a text file enforced by a batch file in Windows XP



## des000 (May 30, 2008)

I've come into contact with Mandriva Linux. I know of a concept called standard permissions, that it provides. It's pretty convienient. I don't exactly know how it really works under the hood or anything, and I don't need to know exactly how it works right now either, even though it's probably available.

What I want to do, in effect, is create a feature pretty close to equivelant of this feature, only for Windows XP. I want to set standard permissions using a batch file. Whenever this batch file is run as administrator it can enforce the permissions. What are these permissions it enforces? Well, what I want is for these permissions to be gotten from a text file. The syntax in no way resembles the syntax of the Linux file I'm describing.

Basically the syntax is this:

PATH <TAB> MODE <TAB> USER1,USER2,... <TAB> PERM
PATH <TAB> MODE <TAB> USER1,USER2,... <TAB> PERM
...

The path is the path to a file or folder in exact syntax. The mode is one of the switches that can be given for XCACLS in the Windows Resource Kit thingy. This can be replace, edit, etc. The users are the user or group to add/replace/remove/etc, and there is a comma allowed so more than one user or group is allowed to be specified. The permissions are the permissions that you can specify in the utillity.

So the first thing the script needs to do, is call some program that safely detects whether or not the filesystem is NTFS or not. If the system is NOT NTFS, then it does nothing. If it's NTFS, then it continues to set the permissions. First of all, I can find no such program, but I know one must exist somewhere for free!

Next, it sets the permissions on the root of the drives mentioned to Everyone get's full control. That way there's no errors when setting the stuff. Finally, it gets the entire file's contents line by line executing the XCACLS command to set it giving it the proper parameters it needs.

So the second problem is how to parse the text file. If, however, there's a free program that already does all this for Windows XP, I'd be willing to try it instead though. But I can find no such program.

Now as long as the syntax is still reasonable and provides at least that information, I'd be willing to try an easier syntax to parse instead.


----------



## Squashman (Apr 4, 2003)

That is a tough one. Something I would be willing to look into but there is alot great Batch file people here who will give you a better response. I would probably lead you down the wrong path.

But if you want to know if the file system is NTFS, you can use fsutil and parse that data for the word NTFS

```
C:\>fsutil fsinfo volumeinfo c:
Volume Name : 7_10P
Volume Serial Number : 0x549e2beb
Max Component Length : 255
File System Name : NTFS
Supports Case-sensitive filenames
Preserves Case of filenames
Supports Unicode in filenames
Preserves & Enforces ACL's
Supports file-based Compression
Supports Disk Quotas
Supports Sparse files
Supports Reparse Points
Supports Object Identifiers
Supports Encrypted File System
Supports Named Streams
```


```
C:\>fsutil fsinfo volumeinfo c: | find "NTFS"
File System Name : NTFS
```


----------



## des000 (May 30, 2008)

Well, thanks. I worked on it as much as I could, studying more too, since it was where I ended up being led to believe as the best path for now. I haven't got a complete solution yet, but I'm getting a lot further. Here's my current version of my code I managed to create, which was tough to do, and hasn't gotten the complete set of bugs out of it yet though. Here's my code:

=======================================================
Setup Utillity:

```
@ECHO OFF

SETLOCAL
SET VERSION=1.0.3

IF "%1" == "" GOTO install1
IF "%1" == "noask" GOTO noask
IF "%1" == "install" GOTO install2
IF "%1" == "reinstall" GOTO install2

:install1
ECHO Do you want to install the standard permissions?
CALL reply
IF ERRORLEVEL 1 GOTO END
:noask
GOTO version_check
:version_check
ECHO Checking to see if there's a newer version...
IF NOT EXIST C:\SETTINGS\standard_permissions.ver GOTO install2
ECHO %VERSION% > C:\SETTINGS\version.check
FC C:\SETTINGS\standard_permissions.ver C:\SETTINGS\version.check > NUL
IF %ERRORLEVEL% == 0 GOTO END
GOTO install2

:install2
ECHO.
ECHO.
ECHO Installing standard permissions...
COPY programs\*.* C:\BATCH > NUL
ECHO Installing standard configuration...
IF NOT EXIST C:\SETTINGS MKDIR C:\SETTINGS
COPY config\*.* C:\SETTINGS > NUL

ECHO %VERSION% > C:\SETTINGS\standard_permissions.ver
GOTO END

:END
IF EXIST C:\SETTINGS\version.check DEL C:\SETTINGS\version.check
ENDLOCAL
SLEEP 5
```
cperm.bat

```
@ECHO OFF

SETLOCAL
SET RET=0

IF "%1" == "" GOTO usage_error
CALL fstype %systemdrive% > NUL
IF NOT %ERRORLEVEL% == 2 GOTO no_need
IF NOT EXIST %1 GOTO no_file

for /f "tokens=1,2,3,4,5,6,7,8 delims= " %%a in (%1) do (
 CALL :forbody1 %%a %%b %%c %%d %%e %%f %%g %%h
)
GOTO done

:forbody1
 CALL :setperms %1 %2 %3 %4 %5 %6 %7 %8
 IF ERRORLEVEL 1 GOTO perms_error
 GOTO perms_success

 :perms_error
  ECHO Error; Could not apply rule:
  ECHO     %1 %2 %3 %4 %5 %6 %7 %8
  SET RET=1
  EXIT /B 1

 :perms_success
  SET RET=0
  EXIT /B 0

:setperms
 SET PERMPATH=%1
 SET PERMSUBDIRFLAG=%2
 SET PERMOWNER=%3
 SET PERMEDITFLAG=%4
 SET PERMMODIFYFLAG=%5
 SET PERMACLUSER=%6
 SET PERMPERM=%7
 SET PERMSPEC=%8

 IF NOT EXIST %PERMPATH% GOTO setperms_noexist
 IF "%PERMSUBDIRFLAG%" == "0" GOTO nosubdirs
 IF "%PERMSUBDIRFLAG%" == "1" GOTO subdirs
 ECHO Must specify a dirmode...
 GOTO setperms_error
  
 :nosubdirs
  IF "%PERMEDITFLAG%" == "0" GOTO no_subdirs_noedit
  IF "%PERMEDITFLAG%" == "1" GOTO no_subdirs_edit
  ECHO Must specify an edit mode...
  GOTO setperms_error

  :no_subdirs_noedit
   chown -q %PERMOWNER% %PERMPATH%
   IF NOT "%PERMSPEC%" == "0" GOTO no_subdirs_noedit_permspec
   xcacls %PERMPATH% /%PERMMODIFYFLAG% %PERMACLUSER%:%PERMPERM% /y > NUL
   GOTO setperms_done

   :no_subdirs_noedit_permspec
    xcacls %PERMPATH% /%PERMMODIFYFLAG% %PERMACLUSER%:%PERMPERM%;%PERMSPEC% /y > NUL
    GOTO setperms_done

  :no_subdirs_edit
   chown -q %PERMOWNER% %PERMPATH%
   IF NOT "%PERMSPEC%" == "0" GOTO no_subdirs_edit_permspec
   xcacls %PERMPATH% /e /%PERMMODIFYFLAG% %PERMACLUSER%:%PERMPERM% /y > NUL
   GOTO setperms_done

  :no_subdirs_edit_permspec
   xcacls %PERMPATH% /e /%PERMMODIFYFLAG% %PERMACLUSER%:%PERMPERM%;%PERMSPEC% /y > NUL
   GOTO setperms_done
 
 :subdirs
  IF "%PERMEDITFLAG%" == "0" GOTO subdirs_noedit
  IF "%PERMEDITFLAG%" == "1" GOTO subdirs_edit
  ECHO Must specify an edit mode...
  GOTO setperms_error

  :subdirs_noedit
   chown -q -r %PERMOWNER% %PERMPATH%
   IF NOT "%PERMSPEC%" == "0" GOTO subdirs_noedit_permspec
   xcacls %PERMPATH% /t /%PERMMODIFYFLAG% %PERMACLUSER%:%PERMPERM% /y > NUL
   GOTO setperms_done

   :subdirs_noedit_permspec
    xcacls %PERMPATH% /t /%PERMMODIFYFLAG% %PERMACLUSER%:%PERMPERM%;%PERMSPEC% /y > NUL
    GOTO setperms_done

  :subdirs_edit
   chown -q -r %PERMOWNER% %PERMPATH%
   IF NOT "%PERMSPEC%" == "0" GOTO subdirs_edit_permspec
   xcacls %PERMPATH% /t /e /%PERMMODIFYFLAG% %PERMACLUSER%:%PERMPERM% /y > NUL
   GOTO setperms_done

   :subdirs_edit_permspec
    xcacls %PERMPATH% /t /e /%PERMMODIFYFLAG% %PERMACLUSER%:%PERMPERM%;%PERMSPEC% /y > NUL
    GOTO setperms_done

 :setperms_noexist
  ECHO Error; No path: %PERMPATH%
  GOTO setperms_error

 :setperms_done
  EXIT /B 0

 :setperms_error
  EXIT /B 1
:no_need
EXIT /B 0

:no_file
ECHO No such permission file: %1
EXIT /B -2

:usage_error
ECHO Usage: %0 permfile
SET RET=-2
GOTO done

:done
EXIT /B %RET%
ENDLOCAL
```
csperm.bat

```
@ECHO OFF

REM === Set permissions from the standard files ===
REM Standard permissions
CALL cperm C:\SETTINGS\sperm.prm
REM Custom permissions
CALL cperm C:\SETTINGS\cperm.prm
```
prm_help.bat

```
@ECHO OFF

IF "%1" == "" GOTO usage
IF "%1" == "files" GOTO files
IF "%1" == "syntax_overview" GOTO syntax_overview
IF "%1" == "syntax" GOTO syntax
IF "%1" == "permmodifyflag" GOTO permmodifyflag
IF "%1" == "permperm" GOTO permperm
IF "%1" == "permspec" GOTO permspec
GOTO usage

:files
ECHO There are 2 files that must be configured. The first is C:\SETTINGS\sperm.prm.
ECHO The second is C:\SETTINGS\cperm.prm. The first contains the standard
ECHO permissions, and the second contains the custom permissions that may be set up 
ECHO and altered by the user.
GOTO done

:syntax_overview
ECHO This file has a very basic syntax. It's roughly equivelant to the exact command
ECHO line that XCACLS takes. What it mainly doesn't include, is the program name.
ECHO See "%0 syntax" for an overview of the full syntax.
GOTO done

:syntax
ECHO Syntax:
ECHO         PERMPATH PERMSUBDIRFLAG PERMOWNER PERMEDITFLAG PERMMODIFYFLAG
ECHO         PERMACLUSER PERMPERM PERMSPEC
ECHO.
ECHO.
ECHO Values:
ECHO         PERMPATH       = The path to the file or directory on which the ACL
ECHO                          should be applied.
ECHO.
ECHO         PERMSUBDIRFLAG = Whether or not to apply the same setting to all
ECHO                          subdirectories too. It can be 1 or 0. This 
ECHO                          should always be 0 if PERMPATH is not a 
ECHO                          directory.
ECHO.
ECHO         PERMOWNER      = Which user or group should own the file or directory?
ECHO.
ECHO         PERMEDITFLAG   = This should be 0 to replace the ACL, or 1 to edit the 
ECHO                          ACL.
ECHO.
ECHO         PERMMODIFYFLAG = This should be set to the mode to use for setting the
ECHO                          ACL. See "%0 permmodifyflag" for more help on 
ECHO                          the mode
ECHO.
ECHO         PERMACLUSER    = Which user should be worked on in the ACL?
ECHO.
ECHO         PERMPERM       = These are the permissions you may set for each member
ECHO                          of the ACL. Set "%0 permperm" for more help on 
ECHO                          the permissions you may give users.
ECHO.
ECHO         PERMSPEC       = These are the inherited permissions you may give users
ECHO                          See "%0 permspec" for a description of the
ECHO                          permissions you may specify for inheritance.
GOTO done

:permmodifyflag
ECHO G - Grant user or group the specified rights.
ECHO R - Revoke the user or group's specified rights.
ECHO P - Replace user or group's specified rights.
ECHO D - Deny user or group the specified rights.
GOTO done

:permperm
ECHO R - Read
ECHO C - Change (Write)
ECHO F - Full Control
ECHO P - Change Permissions (special access)
ECHO O - Take Ownership (special access)
ECHO X - Execute (special access)
ECHO E - Read (special access)
ECHO W - Write (special access)
ECHO D - Delete (special access)
GOTO done

:permspec
CALL :permperm
ECHO T - Not Specified. Allows you to set permissions for folders without them
ECHO     being inherited by files.
GOTO done

:usage
ECHO Usage: %0                 - Displays this message.
ECHO.
ECHO        %0 files           - Gives help on the standard permission files.
ECHO.
ECHO        %0 syntax_overview - Gives an overview on the syntax of the files.
ECHO.
ECHO        %0 syntax          - Gives a detailed explanation on the syntax of
ECHO                                   the files.
ECHO.
ECHO        %0 permmodifyflag  - Gives help on the modes you may use to set 
ECHO                                   ACLs.
ECHO.
ECHO        %0 permperm        - Gives help on the permissions you may set for
ECHO                                   a user or group.
ECHO.
ECHO        %0 permspec        - Gives help on the permissions you may set for
ECHO                                   inheritance for a folder.
GOTO done

:done
```
(cperm.prm and sperm.prm are now empty)

fstype.bat

```
@ECHO OFF

SETLOCAL
SET RET=0
IF "%1" == "" GOTO error

fsutil fsinfo volumeinfo %1\ | find "File System Name" > C:\BATCH\fstype.tmp
for /f "tokens=2 delims=:" %%a in (C:\BATCH\fstype.tmp) do (
 for /f "tokens=1 delims= " %%b in ('echo %%a') do ECHO %%b > C:\SETTINGS\fstype.conf
)
GOTO fstype

:error
ECHO Which drive would you like to check?
ENDLOCAL
EXIT /B -1
:fstype
DEL C:\BATCH\fstype.tmp
ENDLOCAL

ECHO FAT32 > C:\SETTINGS\fstype.check
FC C:\SETTINGS\fstype.conf C:\SETTINGS\fstype.check > NUL
IF %ERRORLEVEL% == 0 GOTO fat32
ECHO NTFS > C:\SETTINGS\fstype.check
FC C:\SETTINGS\fstype.conf C:\SETTINGS\fstype.check > NUL
IF %ERRORLEVEL% == 0 GOTO ntfs
EXIT /B -2

:fat32
DEL C:\SETTINGS\fstype.check
DEL C:\SETTINGS\fstype.conf
ECHO The filesystem type is: FAT32
EXIT /B 1

:ntfs
DEL C:\SETTINGS\fstype.check
DEL C:\SETTINGS\fstype.conf
ECHO The filesystem type is: NTFS
EXIT /B 2
```
=======================================================

As I said there are still bugs in it. One bug I'll probably fix soon deals with access denied errors. It appears that I cannot fully make this user independent, unlike what could be done in Linux. I had to decide to "assume" it's always run as a certain user, which is tough for now. I'm also told that fsutil won't run under normal user accounts, which means it requires Administrator access. It'd be a lot less work if there was some easy free way to switch users like you can in Linux, but I've not found one yet. So for now it must "assume" that it's always run by a certain user. That means, my startup scripts and stuff must be run by that user.

The other know "bug", is that it may be likely to fail if I don't first change the owner to a user who can change the permissions, and then set the owner later. I'll investigate that soon.

The thing that really baffles me still at this point though, is permissions. I need some references on the GUI for Windows XP Proffessional permissions, saying in even more non-technical terms than usual to remind me what the other boxes do. About equal to that though, I'd need to find out how they're supposed to map to XCACLS, especially where inheritance is required. How to I use the option to make the inheritance apply only to folders, or say there's no inheritance, for example. When I learn this, I'll add it to the documentation so that I don't have to look it up any longer. It's right there, all spelled out, in one place, instead of all over my notes and spread throughout Internet sites and books I read.

Now there's still 2 other known bugs. Unless I'm not understanding fsutil right, how are you supposed to make it more reliable? Sometimes it may look like it fails. For example, the Administrator rule. I'm finding it'd actually be easier if there was some reliable program that could read directly the partition table for me. I'm reffering to read only access. I don't want write access. It should have capabillities similar to Linux fdisk, and definately be command line. If it can return the filesystm ID in a number, all the better, but if it can't, I'd have to parse it. Possibly it runs as any user, or has a group it requires that users have to be put into, seperate from sudoers or something like that, as that's already used. Then if it needed Administrator access, it'd simply need to become an administrator temporarily, just like the Sudo program.

And there's a very simple, yet complicated thing that'd also be useful. Right now, I'm not checking automatically whether it's a directory or file, because I don't know how with a batch file. It's complicated because I can't seem to find a program to do the job for me, save getting cygwin or something with the TCSH shell. Now it's simple because, before I had disk problems several times and lost tones of code, and lost my downloaded and configured copies of C and C++, etc, compilers for Windows XP, I could write a program to do so in about 2 seconds (well, maybe 2 minutes, but it seems like 2 seconds if that's all it does). But since I lost so much code, I'd have to download the compilers again, configure them, then work without my libraries that I built, so I've only got the basic interface, even though it is there that it has that function, and then compile it, etc. That's why I'm working so hard on BATCH files instead for now. I'm trying not to build back the libraries I need to, not yet, but instead to build a better network and image of my computer, so that I don't lose the code I built and can write it knowing that I will hardly ever lose it again, hopefully.

The plus side of losing it though, is that I'm building wonderful, practical batch files though.

If it ever becomes available, chmod for Windows XP would always be nice too. chmod syntax is so much better. I know exacly how in theory it could be written, but not in practice, or I'd actually write it. But since there's no know freeware chmod, I'm simply using XCACLS. If XCACLS doesn't allow you to set inheritance good enough, then I'd have to use maybe SetACL instead. I don't know how to use it though, at all. My virus scanner has flagged it before though, is it a trojan horse, or is it really OK? It looks neat, but if it's really dangerous, I'll have to go without using it after all.

All in all, I'm a lot closer, but not there yet.


----------



## Squashman (Apr 4, 2003)

> It'd be a lot less work if there was some easy free way to switch users like you can in Linux, but I've not found one yet.


That is what runas is for.


----------



## Squashman (Apr 4, 2003)

I use GNU ports of many Unix Utilities.
http://unxutils.sourceforge.net/

It has chmod, but I have never tested it.


```
C:\>chmod --help
Usage: chmod [OPTION]... MODE[,MODE]... FILE...
  or:  chmod [OPTION]... OCTAL_MODE FILE...

  -c, --changes           like verbose but report only when a change is made
  -f, --silent, --quiet   suppress most error messages
  -v, --verbose           output a diagnostic for every file processed
  -R, --recursive         change files and directories recursively
      --help              display this help and exit
      --version           output version information and exit

Each MODE is one or more of the letters ugoa, one of the symbols +-= and
one or more of the letters rwxXstugo.

Report bugs to [email protected]
```


----------



## des000 (May 30, 2008)

Your right. That's what runas is for. But I haven't successfully been able to code a way to do this without making the user enter a password manually. If I want to do things automatically, then this is not acceptable.

I found unixutils and liked the idea, I know. That worked out well, but lots of utillities are simply dummy utillities right now it seems. I just re-installed it and looked it up. chmod is a dummy right now. I uninstalled it again, because there's just too many utillities that are dummies. Otherwise, I love it so far. That reminded me though of the fact that that must've been what prompted the remembering the idea of how it "could" work.


----------



## Squashman (Apr 4, 2003)

There are encrypted RUNAS programs that allow you to setup a program to run without having to enter in the administrative credentials.


----------



## Squashman (Apr 4, 2003)

des000 said:


> Your right. That's what runas is for. But I haven't successfully been able to code a way to do this without making the user enter a password manually. If I want to do things automatically, then this is not acceptable.
> 
> I found unixutils and liked the idea, I know. That worked out well, but lots of utillities are simply dummy utillities right now it seems. I just re-installed it and looked it up. chmod is a dummy right now. I uninstalled it again, because there's just too many utillities that are dummies. Otherwise, I love it so far. That reminded me though of the fact that that must've been what prompted the remembering the idea of how it "could" work.


What do you mean by Dummy Utilities? Why do you bother uninstalling it. Just unzip the folder on your hard drive and set your path variable to look at that directory to execute those utilities. I use many of them on a daily basis. grep, gawk, sed, cat, split, cut, head, tail, paste, join, pwd, wc, tr, unix2dos.

There are just some things you can't do with DOS batch files and many of these utilities come in handy.


----------



## des000 (May 30, 2008)

I don't mean by Dummy Utillities, I mean when I read the help file, they say that they are dummy utillities, which I assume means that they don't yet do anything. Some do something, but too much don't seem to do anything yet. By installing it, I meant just that. I unzipped the utillity in the right folder, but before I even put it in my PATH, I tested the utillities. By uninstalling, I meant that if it was in my PATH, I'd delete it, and then I'd delete the folder.

What about the encrypted runas? Can you point me to where it is, what it's name is, and how to use it in case it isn't easy to figure out?


----------



## des000 (May 30, 2008)

Looks like I solved the inheritance issue. According to http://www.xs4all.nl/~fstaal01/swxcacls-us.html, I can't set inheritance with XCACLS, or CACLS, but I can with a few utillities, this one seeming to be the best of all. I'm going to try it out now.


----------



## des000 (May 30, 2008)

Here's some documentation I wrote about the Windows XP permission GUI. Could someone verify that what I wrote is all true and explains correctly how to use the GUI? If so, I can move on to mapping how to do the same functions with the command line.


----------



## des000 (May 30, 2008)

Oh! These are Word 2003 documents inside a zip file. If anybody would rather have it in a different format instead, let me know and I'll convert it if possible and re-upload it.


----------



## des000 (May 30, 2008)

Well, this is the first link about it on the Internet I've found myself so far: http://articles.techrepublic.com.com/5100-10878_11-1056018.html. I'm glad I was finally able to come up with the right words to find it on a search engine. I'll first have a look to see if this agrees with my documentation. Hopefully one or the other is correct if not.


----------



## des000 (May 30, 2008)

Some of it didn't agree, but I think it's fixed now. Just in case it's not, please post if it's incorrect. Here's the latest files on it.


----------



## des000 (May 30, 2008)

By the way, these include the few other references I've found, but note that it is few references.


----------



## des000 (May 30, 2008)

OK. So, based off of my documentation, I've come up with this:

=========================================================
setup.bat - Used to install the permissions

```
@ECHO OFF

SETLOCAL
SET VERSION=1.0.79

IF "%1" == "" GOTO install1
IF "%1" == "noask" GOTO noask
IF "%1" == "install" GOTO install2
IF "%1" == "reinstall" GOTO install2

:install1
ECHO Do you want to install the standard permissions?
CALL reply
IF ERRORLEVEL 1 GOTO END
:noask
GOTO version_check
:version_check
ECHO Checking to see if there's a newer version...
IF NOT EXIST C:\SETTINGS\standard_permissions.ver GOTO install2
ECHO %VERSION% > C:\SETTINGS\version.check
FC C:\SETTINGS\standard_permissions.ver C:\SETTINGS\version.check > NUL
IF %ERRORLEVEL% == 0 GOTO END
GOTO install2

:install2
ECHO.
ECHO.
ECHO Installing standard permissions...
COPY programs\*.* C:\BATCH > NUL
ECHO Installing standard configuration...
IF NOT EXIST C:\SETTINGS MKDIR C:\SETTINGS
COPY config\*.* C:\SETTINGS > NUL

ECHO %VERSION% > C:\SETTINGS\standard_permissions.ver
GOTO END

:END
IF EXIST C:\SETTINGS\version.check DEL C:\SETTINGS\version.check
ENDLOCAL
SLEEP 5
```
prm_help.bat - Used to display the syntax of the permission files and tell how the GUI maps to the command line.

```
@ECHO OFF

IF "%1" == "" GOTO usage
IF "%1" == "files" GOTO files
IF "%1" == "syntax_overview" GOTO syntax_overview
IF "%1" == "syntax" GOTO syntax
IF "%1" == "permmodifyflag" GOTO permmodifyflag
IF "%1" == "permacluser" GOTO permacluser
IF "%1" == "permperm" GOTO permperm
IF "%1" == "permspec" GOTO permspec
IF "%1" == "perminhflag" GOTO perminhflag
IF "%1" == "perminh" GOTO perminh
IF "%1" == "specgui" GOTO specgui
GOTO usage

:files
ECHO There are 2 files that must be configured. The first is C:\SETTINGS\sperm.prm.
ECHO The second is C:\SETTINGS\cperm.prm. The first contains the standard
ECHO permissions, and the second contains the custom permissions that may be set up 
ECHO and altered by the user.
GOTO done

:syntax_overview
ECHO This file has a very basic syntax. It's roughly equivelant to the exact command
ECHO line that SWXCACLS takes. What it mainly doesn't include, is the program name.
ECHO See "%0 syntax" for an overview of the full syntax.
GOTO done

:syntax
ECHO Syntax:
ECHO         PERMPATH PERMSUBDIRFLAG PERMOWNER PERMEDITFLAG PERMMODIFYFLAG
ECHO         PERMACLUSER PERMPERM PERMSPEC PERMINHFLAG PERMINH
ECHO.
ECHO.
ECHO Values:
ECHO         PERMPATH       = The path to the file or directory on which the ACL
ECHO                          should be applied. This can also be a comment
ECHO                          specified by '#', in which case everything else
ECHO                          will be ignored.
ECHO.
ECHO         PERMSUBDIRFLAG = Whether or not to apply the same setting to all
ECHO                          subdirectories too. It can be 1 or 0. This 
ECHO                          should always be 0 if PERMPATH is not a 
ECHO                          directory.
ECHO.
ECHO         PERMOWNER      = Which user or group should own the file or directory?
ECHO.
ECHO         PERMEDITFLAG   = This should be 0 to replace the ACL, or 1 to edit the 
ECHO                          ACL.
ECHO.
ECHO         PERMMODIFYFLAG = This should be set to the mode to use for setting the
ECHO                          ACL. See "%0 permmodifyflag" for more help on 
ECHO                          the mode
ECHO.
ECHO         PERMACLUSER    = See "%0 permacluser" for help on this.
ECHO.
ECHO         PERMPERM       = These are the permissions you may set for each member
ECHO                          of the ACL. See "%0 permperm" for more help on 
ECHO                          the permissions you may give users.
ECHO.
ECHO         PERMSPEC       = These are the specific permissions you may give users.
ECHO                          See "%0 permspec" for a description of the
ECHO                          permissions you may specify for specific permissions.
ECHO.
ECHO         PERMINHFLAG    = This is whether or not to apply inheritance to this 
ECHO                          object. Specify 0 for no change, or see 
ECHO                          "%0 perminhflag" for valid values.
ECHO.
ECHO         PERMINH        = This is the values you may use for inheritance if
ECHO                          this is a folder/drive. It should be 0 if it's not a 
ECHO                          folder/drive. Otherwise see "%0 perminh".
GOTO done

:permmodifyflag
ECHO G - Grant user or group the specified rights.
ECHO D - Deny user or group the specified rights.
ECHO R - Revoke the user or group's specified rights.
GOTO done

:permacluser
ECHO This is either the user name to be worked on, or an SID. If it's an SID, then
ECHO it must be preceded with SID#.
GOTO done

:permperm
ECHO F - Full control
ECHO M - Modify
ECHO X - Read and execute
ECHO L - List folder contents
ECHO R - Read
ECHO W - Write
GOTO done

:permspec
CALL :permperm
ECHO.
ECHO E - Syncrhonize
ECHO D - Take ownership
ECHO C - Change permissions
ECHO B - Read permissions
ECHO A - Delete
ECHO 9 - Write attributes
ECHO 8 - Read attributes
ECHO 7 - Delete subfolders and files
ECHO 6 - Traverse folder/Execute file
ECHO 5 - Write extended attributes
ECHO 4 - Read extended attributes
ECHO 3 - Create folders/Append data
ECHO 2 - Create files/Write data
ECHO 1 - List folder/Read data
GOTO done

:perminhflag
ECHO ENABLE - Turn the inheritance flag on.
ECHO COPY   - This will turn the inheritance flag off and will copy the inheritance 
ECHO          ACLs to this object.
ECHO REMOVE - This will turn the inheritance flag off and will not copy the 
ECHO          inheritance ACLs to this object.
GOTO done

:perminh
ECHO A - This folder only
ECHO B - This folder, subfolders and files (Default)
ECHO C - This folder and subfolders
ECHO D - This folder and files
ECHO E - Subfolders and files only
ECHO F - Subfolders only
ECHO G - Files only
GOTO done

:specgui
ECHO 6 - Traverse folder/Execute file
ECHO 1 - List folder/Read data
ECHO 8 - Read attributes
ECHO 4 - Read extended attributes
ECHO 2 - Create files/Write data
ECHO 3 - Create folders/Append data
ECHO 9 - Write attributes
ECHO 5 - Write extended attributes
ECHO 7 - Delete subfolders and files
ECHO A - Delete
ECHO B - Read permissions
ECHO C - Change permissions
ECHO D - Take ownership
GOTO done

:usage
ECHO Usage: %0                 - Displays this message.
ECHO.
ECHO        %0 files           - Gives help on the standard permission files.
ECHO.
ECHO        %0 syntax_overview - Gives an overview on the syntax of the files.
ECHO.
ECHO        %0 syntax          - Gives a detailed explanation on the syntax of
ECHO                                   the files.
ECHO.
ECHO        %0 permmodifyflag  - Gives help on the modes you may use to set 
ECHO                                   ACLs.
ECHO.
ECHO        %0 permacluser     - Gives help on specifying an ACL user.
ECHO.
ECHO        %0 permperm        - Gives help on the permissions you may set for
ECHO                                   a user or group.
ECHO.
ECHO        %0 permspec        - Gives help on the permissions you may set for
ECHO                                   specific permissions.
ECHO.
ECHO        %0 perminhflag     - Gives help on the inheritance flag options.
ECHO.
ECHO        %0 perminh         - Gives help on the inheritance options.
ECHO.
ECHO        %0 specgui         - Gives help on only the special permissions 
ECHO                                   supported in the GUI.
GOTO done

:done
```
cperm.bat - Used to parse a permission file and carry out the commands.

```
@ECHO OFF

SETLOCAL
IF "%1" == "" GOTO usage_error
IF "%2" == "" GOTO usage_error

REM You must specify the username you want this to run as here. Then you're able to have enough access to set the permissions. Note that you might lose the abillity to modify
REM permissions after the switch. It should be restored next time you run the program, however...
SET USER=(null)
SET DEBUG=n

IF "%1" == "debug" SET USER=root & SET DEBUG=y
IF "%1" == "startup" SET USER=SYSTEM
IF "%1" == "logon" SET USER=%USERNAME%

REM This is the log file to save changes to.
SET LOGFILE=C:\swxcacls.log

SET RET=0

IF "%USER%" == "(null)" GOTO bad_user
CALL fstype %systemdrive% > NUL
IF NOT %ERRORLEVEL% == 2 GOTO no_need
IF NOT EXIST %2 GOTO no_file

for /f "tokens=1,2,3,4,5,6,7,8,9,10 delims= " %%a in (%2) do (
 CALL :forbody1 %%a %%b %%c %%d %%e %%f %%g %%h %%i %%j
 SLEEP 1
)
GOTO done

:forbody1
 SET ARG1=%1
 SET ARG2=%2
 SET ARG3=%3
 SET ARG4=%4
 SET ARG5=%5
 SET ARG6=%6
 SET ARG7=%7
 SET ARG8=%8
 SET ARG9=%9
 SHIFT
 SET ARG10=%9 
 CALL :setperms %ARG1% %ARG2% %ARG3% %ARG4% %ARG5% %ARG6% %ARG7% %ARG8% %ARG9% %ARG10%
 IF ERRORLEVEL 1 GOTO perms_error
 GOTO perms_success

 :perms_error
  ECHO Error; Could not apply rule:
  ECHO     %ARG1% %ARG2% %ARG3% %ARG4% %ARG5% %ARG6% %ARG7% %ARG8% %ARG9% %ARG10%
  SET RET=1
  EXIT /B 1

 :perms_success
  SET RET=0
  EXIT /B 0

:setperms
 SET PERMPATH=%1
 SET PERMSUBDIRFLAG=%2
 SET PERMOWNER=%3
 SET PERMEDITFLAG=%4
 SET PERMMODIFYFLAG=%5
 SET PERMACLUSER=%6
 SET PERMPERM=%7
 SET PERMSPEC=%8
 SET PERMINHFLAG=%9
 SHIFT
 SET PERMINH=%9

 IF "%PERMPATH%" == "#" GOTO setperms_comment
 IF NOT EXIST %PERMPATH% GOTO setperms_noexist
 gdputil -isdir %PERMPATH%
 IF NOT ERRORLEVEL 0 GOTO setperms_nodir
 GOTO setperms_dir
 
 :setperms_nodir
  IF NOT "%PERMSUBDIRFLAG%" == "0" GOTO setperms_nodir_subdirflag_error
  IF NOT "%PERMINH%" == "0" GOTO setperms_inh_error
  IF "%PERMEDITFLAG%" == "0" GOTO setperms_nodir_noedit
  IF "%PERMEDITFLAG%" == "1" GOTO setperms_nodir_edit
  ECHO Must specify edit flag...
  GOTO setperms_error

  :setperms_nodir_noedit
   IF "%PERMINHFLAG%" == "0" GOTO setperms_nodir_noedit_noinhflag
   GOTO setperms_nodir_noedit_inhflag
   
   :setperms_nodir_noedit_noinhflag
    CHOWN -q %USER% %PERMPATH%
    IF "%PERMSPEC%" == "0" SWXCACLS %PERMPATH% /%PERMMODIFYFLAG% %PERMACLUSER%:%PERMPERM% /Q /L %LOGFILE% ELSE (
     SWXCACLS %PERMPATH% /%PERMMODIFYFLAG% %PERMACLUSER%:%PERMPERM%;%PERMSPEC% /Q /L %LOGFILE%
    )
    CHOWN -q %PERMOWNER% %PERMPATH%
    IF "%DEBUG%" == "y" ECHO Nodir, Noedit, Noinhflag...
    IF "%DEBUG%" == "y" ECHO %PERMPATH% %PERMSUBDIRFLAG% %PERMOWNER% %PERMEDITFLAG% %PERMMODIFYFLAG% %PERMACLUSER% %PERMPERM% %PERMSPEC% %PERMINHFLAG% %PERMINH%
    GOTO setperms_done
   
   :setperms_nodir_noedit_inhflag    
    CHOWN -q %USER% %PERMPATH%
    IF "%PERMSPEC%" == "0" SWXCACLS %PERMPATH% /%PERMMODIFYFLAG% %PERMACLUSER%:%PERMPERM% /I %PERMINHFLAG% /Q /L %LOGFILE% ELSE (
     SWXCACLS %PERMPATH% /%PERMMODIFYFLAG% %PERMACLUSER%:%PERMPERM%;%PERMSPEC% /I %PERMINHFLAG% /Q /L %LOGFILE%
    )
    CHOWN -q %PERMOWNER% %PERMPATH%
    IF "%DEBUG%" == "y" ECHO Nodir, Noedit, Inhflag...
    IF "%DEBUG%" == "y" ECHO %PERMPATH% %PERMSUBDIRFLAG% %PERMOWNER% %PERMEDITFLAG% %PERMMODIFYFLAG% %PERMACLUSER% %PERMPERM% %PERMSPEC% %PERMINHFLAG% %PERMINH%
    GOTO setperms_done

  :setperms_nodir_edit
   IF "%PERMINHFLAG%" == "0" GOTO setperms_nodir_edit_noinhflag
   GOTO setperms_nodir_edit_inhflag
   
   :setperms_nodir_edit_noinhflag  
    CHOWN -q %USER% %PERMPATH%
    IF "%PERMSPEC%" == "0" SWXCACLS /E %PERMPATH% /%PERMMODIFYFLAG% %PERMACLUSER%:%PERMPERM% /Q /L %LOGFILE% ELSE (
     SWXCACLS /E %PERMPATH% /%PERMMODIFYFLAG% %PERMACLUSER%:%PERMPERM%;%PERMSPEC% /Q /L %LOGFILE%
    )
    CHOWN -q %PERMOWNER% %PERMPATH%
    IF "%DEBUG%" == "y" ECHO Nodir, Edit, Noinhflag...
    IF "%DEBUG%" == "y" ECHO %PERMPATH% %PERMSUBDIRFLAG% %PERMOWNER% %PERMEDITFLAG% %PERMMODIFYFLAG% %PERMACLUSER% %PERMPERM% %PERMSPEC% %PERMINHFLAG% %PERMINH%
    GOTO setperms_done
   
   :setperms_nodir_edit_inhflag    
    CHOWN -q %USER% %PERMPATH%
    IF "%PERMSPEC%" == "0" SWXCACLS /E %PERMPATH% /%PERMMODIFYFLAG% %PERMACLUSER%:%PERMPERM% /I %PERMINHFLAG% /Q /L %LOGFILE% ELSE (
     SWXCACLS /E %PERMPATH% /%PERMMODIFYFLAG% %PERMACLUSER%:%PERMPERM%;%PERMSPEC% /I %PERMINHFLAG% /Q /L %LOGFILE%
    )
    CHOWN -q %PERMOWNER% %PERMPATH%
    IF "%DEBUG%" == "y" ECHO Nodir, Edit, Inhflag...
    IF "%DEBUG%" == "y" ECHO %PERMPATH% %PERMSUBDIRFLAG% %PERMOWNER% %PERMEDITFLAG% %PERMMODIFYFLAG% %PERMACLUSER% %PERMPERM% %PERMSPEC% %PERMINHFLAG% %PERMINH%
    GOTO setperms_done

  :setperms_nodir_subdirflag_error
   ECHO Subdir flag must be 0.
   GOTO setperms_error
  :setperms_inh_error
   ECHO Inheritance must be 0 for a file.
   GOTO setperms_error

 :setperms_dir
  IF "%PERMSUBDIRFLAG%" == "0" GOTO setperms_dir_nosubdirs
  IF "%PERMSUBDIRFLAG%" == "1" GOTO setperms_dir_subdirs
  ECHO Must specify subdir flag...
  GOTO setperms_error

  :setperms_dir_nosubdirs
   IF "%PERMEDITFLAG%" == "0" GOTO setperms_dir_nosubdirs_noedit
   IF "%PERMEDITFLAG%" == "1" GOTO setperms_dir_nosubdirs_edit
   ECHO Must specify edit flag...
   GOTO setperms_error

   :setperms_dir_nosubdirs_noedit
    IF "%PERMINHFLAG%" == "0" GOTO setperms_dir_nosubdirs_noedit_noinhflag
    GOTO setperms_dir_nosubdirs_noedit_inhflag
   
    :setperms_dir_nosubdirs_noedit_noinhflag
     IF "%PERMINH%" == "0" GOTO setperms_dir_nosubdirs_noedit_noinhflag_noinh
     GOTO setperms_dir_nosubdirs_noedit_noinhflag_inh

     :setperms_dir_nosubdirs_noedit_noinhflag_noinh
      CHOWN -q %USER% %PERMPATH%
      IF "%PERMSPEC%" == "0" SWXCACLS %PERMPATH% /%PERMMODIFYFLAG% %PERMACLUSER%:%PERMPERM% /Q /L %LOGFILE% ELSE (
       SWXCACLS %PERMPATH% /%PERMMODIFYFLAG% %PERMACLUSER%:%PERMPERM%;%PERMSPEC% /Q /L %LOGFILE%
      )
      CHOWN -q %PERMOWNER% %PERMPATH%
      IF "%DEBUG%" == "y" ECHO Dir, Nosubdirs, Noedit, Noinhflag, Noinh...
      IF "%DEBUG%" == "y" ECHO %PERMPATH% %PERMSUBDIRFLAG% %PERMOWNER% %PERMEDITFLAG% %PERMMODIFYFLAG% %PERMACLUSER% %PERMPERM% %PERMSPEC% %PERMINHFLAG% %PERMINH%
      GOTO setperms_done

     :setperms_dir_nosubdirs_noedit_noinhflag_inh
      CHOWN -q %USER% %PERMPATH%
      IF "%PERMSPEC%" == "0" SWXCACLS %PERMPATH% /%PERMMODIFYFLAG% %PERMACLUSER%:%PERMPERM%/%PERMINH% /Q /L %LOGFILE% ELSE (
       SWXCACLS %PERMPATH% /%PERMMODIFYFLAG% %PERMACLUSER%:%PERMPERM%;%PERMSPEC%/%PERMINH% /Q /L %LOGFILE%
      )
      CHOWN -q %PERMOWNER% %PERMPATH%
      IF "%DEBUG%" == "y" ECHO Dir, Nosubdirs, Noedit, Noinhflag, Inh...
      IF "%DEBUG%" == "y" ECHO %PERMPATH% %PERMSUBDIRFLAG% %PERMOWNER% %PERMEDITFLAG% %PERMMODIFYFLAG% %PERMACLUSER% %PERMPERM% %PERMSPEC% %PERMINHFLAG% %PERMINH%
      GOTO setperms_done
   
    :setperms_dir_nosubdirs_noedit_inhflag
     IF "%PERMINH%" == "0" GOTO setperms_dir_nosubdirs_noedit_inhflag_noinh
     GOTO setperms_dir_nosubdirs_noedit_inhflag_inh

     :setperms_dir_nosubdirs_noedit_inhflag_noinh
      CHOWN -q %USER% %PERMPATH%
      IF "%PERMSPEC%" == "0" SWXCACLS %PERMPATH% /%PERMMODIFYFLAG% %PERMACLUSER%:%PERMPERM% /I %PERMINHFLAG% /Q /L %LOGFILE% ELSE (
       SWXCACLS %PERMPATH% /%PERMMODIFYFLAG% %PERMACLUSER%:%PERMPERM%;%PERMSPEC% /I %PERMINHFLAG% /Q /L %LOGFILE%
      )
      CHOWN -q %PERMOWNER% %PERMPATH%
      IF "%DEBUG%" == "y" ECHO Dir, Nosubdirs, Noedit, Inhflag, Noinh...
      IF "%DEBUG%" == "y" ECHO %PERMPATH% %PERMSUBDIRFLAG% %PERMOWNER% %PERMEDITFLAG% %PERMMODIFYFLAG% %PERMACLUSER% %PERMPERM% %PERMSPEC% %PERMINHFLAG% %PERMINH%
      GOTO setperms_done

     :setperms_dir_nosubdirs_noedit_inhflag_inh
      CHOWN -q %USER% %PERMPATH%      
      IF "%PERMSPEC%" == "0" SWXCACLS %PERMPATH% /%PERMMODIFYFLAG% %PERMACLUSER%:%PERMPERM%/%PERMINH% /I %PERMINHFLAG% /Q /L %LOGFILE% ELSE (
       SWXCACLS %PERMPATH% /%PERMMODIFYFLAG% %PERMACLUSER%:%PERMPERM%;%PERMSPEC%/%PERMINH% /I %PERMINHFLAG% /Q /L %LOGFILE%
      )
      CHOWN -q %PERMOWNER% %PERMPATH%
      IF "%DEBUG%" == "y" ECHO Dir, Nosubdirs, Noedit, Inhflag, Inh...
      IF "%DEBUG%" == "y" ECHO %PERMPATH% %PERMSUBDIRFLAG% %PERMOWNER% %PERMEDITFLAG% %PERMMODIFYFLAG% %PERMACLUSER% %PERMPERM% %PERMSPEC% %PERMINHFLAG% %PERMINH%
      GOTO setperms_done

   :setperms_dir_nosubdirs_edit
    IF "%PERMINHFLAG%" == "0" GOTO setperms_dir_nosubdirs_edit_noinhflag
    GOTO setperms_dir_nosubdirs_edit_inhflag
   
    :setperms_dir_nosubdirs_noedit_noinhflag
     IF "%PERMINH%" == "0" GOTO setperms_dir_nosubdirs_edit_noinhflag_noinh
     GOTO setperms_dir_nosubdirs_edit_noinhflag_inh

     :setperms_dir_nosubdirs_edit_noinhflag_noinh
      CHOWN -q %USER% %PERMPATH%
      IF "%PERMSPEC%" == "0" SWXCACLS /E %PERMPATH% /%PERMMODIFYFLAG% %PERMACLUSER%:%PERMPERM% /Q /L %LOGFILE% ELSE (
       SWXCACLS /E %PERMPATH% /%PERMMODIFYFLAG% %PERMACLUSER%:%PERMPERM%;%PERMSPEC% /Q /L %LOGFILE%
      )
      CHOWN -q %PERMOWNER% %PERMPATH%
      IF "%DEBUG%" == "y" ECHO Dir, Nosubdirs, Edit, Noinhflag, Noinh...
      IF "%DEBUG%" == "y" ECHO %PERMPATH% %PERMSUBDIRFLAG% %PERMOWNER% %PERMEDITFLAG% %PERMMODIFYFLAG% %PERMACLUSER% %PERMPERM% %PERMSPEC% %PERMINHFLAG% %PERMINH%
      GOTO setperms_done

     :setperms_dir_nosubdirs_edit_noinhflag_inh
      CHOWN -q %USER% %PERMPATH%
      IF "%PERMSPEC%" == "0" SWXCACLS /E %PERMPATH% /%PERMMODIFYFLAG% %PERMACLUSER%:%PERMPERM%/%PERMINH% /Q /L %LOGFILE% ELSE (
       SWXCACLS /E %PERMPATH% /%PERMMODIFYFLAG% %PERMACLUSER%:%PERMPERM%;%PERMSPEC%/%PERMINH% /Q /L %LOGFILE%
      )
      CHOWN -q %PERMOWNER% %PERMPATH%
      IF "%DEBUG%" == "y" ECHO Dir, Nosubdirs, Edit, Noinhflag, Inh...
      IF "%DEBUG%" == "y" ECHO %PERMPATH% %PERMSUBDIRFLAG% %PERMOWNER% %PERMEDITFLAG% %PERMMODIFYFLAG% %PERMACLUSER% %PERMPERM% %PERMSPEC% %PERMINHFLAG% %PERMINH%
      GOTO setperms_done
   
    :setperms_dir_nosubdirs_edit_inhflag
     IF "%PERMINH%" == "0" GOTO setperms_dir_nosubdirs_edit_inhflag_noinh
     GOTO setperms_dir_nosubdirs_edit_inhflag_inh

     :setperms_dir_nosubdirs_edit_inhflag_noinh
      CHOWN -q %USER% %PERMPATH%
      IF "%PERMSPEC%" == "0" SWXCACLS /E %PERMPATH% /%PERMMODIFYFLAG% %PERMACLUSER%:%PERMPERM% /I %PERMINHFLAG% /Q /L %LOGFILE% ELSE (
       SWXCACLS /E %PERMPATH% /%PERMMODIFYFLAG% %PERMACLUSER%:%PERMPERM%;%PERMSPEC% /I %PERMINHFLAG% /Q /L %LOGFILE%
      )
      CHOWN -q %PERMOWNER% %PERMPATH%
      IF "%DEBUG%" == "y" ECHO Dir, Nosubdirs, Edit, Inhflag, Noinh...
      IF "%DEBUG%" == "y" ECHO %PERMPATH% %PERMSUBDIRFLAG% %PERMOWNER% %PERMEDITFLAG% %PERMMODIFYFLAG% %PERMACLUSER% %PERMPERM% %PERMSPEC% %PERMINHFLAG% %PERMINH%
      GOTO setperms_done

     :setperms_dir_nosubdirs_edit_inhflag_inh
      CHOWN -q %USER% %PERMPATH%
      IF "%PERMSPEC%" == "0" SWXCACLS /E %PERMPATH% /%PERMMODIFYFLAG% %PERMACLUSER%:%PERMPERM%/%PERMINH% /I %PERMINHFLAG% /Q /L %LOGFILE% ELSE (
       SWXCACLS /E %PERMPATH% /%PERMMODIFYFLAG% %PERMACLUSER%:%PERMPERM%;%PERMSPEC%/%PERMINH% /I %PERMINHFLAG% /Q /L %LOGFILE%
      )
      CHOWN -q %PERMOWNER% %PERMPATH%
      IF "%DEBUG%" == "y" ECHO Dir, Nosubdirs, Edit, Inhflag, Inh...
      IF "%DEBUG%" == "y" ECHO %PERMPATH% %PERMSUBDIRFLAG% %PERMOWNER% %PERMEDITFLAG% %PERMMODIFYFLAG% %PERMACLUSER% %PERMPERM% %PERMSPEC% %PERMINHFLAG% %PERMINH%
      GOTO setperms_done

  :setperms_dir_subdirs
   IF "%PERMEDITFLAG%" == "0" GOTO setperms_dir_subdirs_noedit
   IF "%PERMEDITFLAG%" == "1" GOTO setperms_dir_subdirs_edit
   ECHO Must specify edit flag...
   GOTO setperms_error

   :setperms_dir_subdirs_noedit
    IF "%PERMINHFLAG%" == "0" GOTO setperms_dir_subdirs_noedit_noinhflag
    GOTO setperms_dir_subdirs_noedit_inhflag
   
    :setperms_dir_subdirs_noedit_noinhflag
     IF "%PERMINH%" == "0" GOTO setperms_dir_subdirs_noedit_noinhflag_noinh
     GOTO setperms_dir_subdirs_noedit_noinhflag_inh

     :setperms_dir_subdirs_noedit_noinhflag_noinh
      CHOWN -r -q %USER% %PERMPATH%
      IF "%PERMSPEC%" == "0" SWXCACLS /S %PERMPATH% /%PERMMODIFYFLAG% %PERMACLUSER%:%PERMPERM% /Q /L %LOGFILE% ELSE (
       SWXCACLS /S %PERMPATH% /%PERMMODIFYFLAG% %PERMACLUSER%:%PERMPERM%;%PERMSPEC% /Q /L %LOGFILE%
      )
      CHOWN -r -q %PERMOWNER% %PERMPATH%
      IF "%DEBUG%" == "y" ECHO Dir, Subdirs, Noedit, Noinhflag, Noinh...
      IF "%DEBUG%" == "y" ECHO %PERMPATH% %PERMSUBDIRFLAG% %PERMOWNER% %PERMEDITFLAG% %PERMMODIFYFLAG% %PERMACLUSER% %PERMPERM% %PERMSPEC% %PERMINHFLAG% %PERMINH%
      GOTO setperms_done

     :setperms_dir_subdirs_noedit_noinhflag_inh
      CHOWN -r -q %USER% %PERMPATH%
      IF "%PERMSPEC%" == "0" SWXCACLS /S %PERMPATH% /%PERMMODIFYFLAG% %PERMACLUSER%:%PERMPERM%/%PERMINH% /Q /L %LOGFILE% ELSE (
       SWXCACLS /S %PERMPATH% /%PERMMODIFYFLAG% %PERMACLUSER%:%PERMPERM%;%PERMSPEC%/%PERMINH% /Q /L %LOGFILE%
      )      
      CHOWN -r -q %PERMOWNER% %PERMPATH%
      IF "%DEBUG%" == "y" ECHO Dir, Subdirs, Noedit, Noinhflag, Inh...
      IF "%DEBUG%" == "y" ECHO %PERMPATH% %PERMSUBDIRFLAG% %PERMOWNER% %PERMEDITFLAG% %PERMMODIFYFLAG% %PERMACLUSER% %PERMPERM% %PERMSPEC% %PERMINHFLAG% %PERMINH%
      GOTO setperms_done
   
    :setperms_dir_subdirs_noedit_inhflag
     IF "%PERMINH%" == "0" GOTO setperms_dir_subdirs_noedit_inhflag_noinh
     GOTO setperms_dir_subdirs_noedit_inhflag_inh

     :setperms_dir_subdirs_noedit_inhflag_noinh
      CHOWN -r -q %USER% %PERMPATH%
      IF "%PERMSPEC%" == "0" SWXCACLS /S %PERMPATH% /%PERMMODIFYFLAG% %PERMACLUSER%:%PERMPERM% /I %PERMINHFLAG% /Q /L %LOGFILE% ELSE (
       SWXCACLS /S %PERMPATH% /%PERMMODIFYFLAG% %PERMACLUSER%:%PERMPERM%;%PERMSPEC% /I %PERMINHFLAG% /Q /L %LOGFILE%
      )
      CHOWN -r -q %PERMOWNER% %PERMPATH%
      IF "%DEBUG%" == "y" ECHO Dir, Subdirs, Noedit, Inhflag, Noinh...
      IF "%DEBUG%" == "y" ECHO %PERMPATH% %PERMSUBDIRFLAG% %PERMOWNER% %PERMEDITFLAG% %PERMMODIFYFLAG% %PERMACLUSER% %PERMPERM% %PERMSPEC% %PERMINHFLAG% %PERMINH%
      GOTO setperms_done

     :setperms_dir_subdirs_noedit_inhflag_inh
      CHOWN -r -q %USER% %PERMPATH%
      IF "%PERMSPEC%" == "0" SWXCACLS /S %PERMPATH% /%PERMMODIFYFLAG% %PERMACLUSER%:%PERMPERM%/%PERMINH% /I %PERMINHFLAG% /Q /L %LOGFILE% ELSE (
       SWXCACLS /S %PERMPATH% /%PERMMODIFYFLAG% %PERMACLUSER%:%PERMPERM%;%PERMSPEC%/%PERMINH% /I %PERMINHFLAG% /Q /L %LOGFILE%
      )
      CHOWN -r -q %PERMOWNER% %PERMPATH%
      IF "%DEBUG%" == "y" ECHO Dir, Subdirs, Noedit, Inhflag, Inh...
      IF "%DEBUG%" == "y" ECHO %PERMPATH% %PERMSUBDIRFLAG% %PERMOWNER% %PERMEDITFLAG% %PERMMODIFYFLAG% %PERMACLUSER% %PERMPERM% %PERMSPEC% %PERMINHFLAG% %PERMINH%
      GOTO setperms_done

   :setperms_dir_subdirs_edit
    IF "%PERMINHFLAG%" == "0" GOTO setperms_dir_subdirs_edit_noinhflag
    GOTO setperms_dir_subdirs_edit_inhflag
   
    :setperms_dir_subdirs_noedit_noinhflag
     IF "%PERMINH%" == "0" GOTO setperms_dir_subdirs_edit_noinhflag_noinh
     GOTO setperms_dir_subdirs_edit_noinhflag_inh

     :setperms_dir_subdirs_edit_noinhflag_noinh
      CHOWN -r -q %USER% %PERMPATH%
      IF "%PERMSPEC%" == "0" SWXCACLS /S %PERMPATH% /%PERMMODIFYFLAG% %PERMACLUSER%:%PERMPERM% /Q /L %LOGFILE% ELSE (
       SWXCACLS /S %PERMPATH% /%PERMMODIFYFLAG% %PERMACLUSER%:%PERMPERM%;%PERMSPEC% /Q /L %LOGFILE%
      )
      CHOWN -r-q %PERMOWNER% %PERMPATH%
 
      IF "%DEBUG%" == "y" ECHO Dir, Subdirs, Edit, Noinhflag, Noinh...
      IF "%DEBUG%" == "y" ECHO %PERMPATH% %PERMSUBDIRFLAG% %PERMOWNER% %PERMEDITFLAG% %PERMMODIFYFLAG% %PERMACLUSER% %PERMPERM% %PERMSPEC% %PERMINHFLAG% %PERMINH%
      GOTO setperms_done

     :setperms_dir_subdirs_edit_noinhflag_inh
      CHOWN -r -q %USER% %PERMPATH%
      IF "%PERMSPEC%" == "0" SWXCACLS /S %PERMPATH% /%PERMMODIFYFLAG% %PERMACLUSER%:%PERMPERM%/%PERMINH% /Q /L %LOGFILE% ELSE (
       SWXCACLS /S %PERMPATH% /%PERMMODIFYFLAG% %PERMACLUSER%:%PERMPERM%;%PERMSPEC%/%PERMINH% /Q /L %LOGFILE%
      )
      CHOWN -r -q %PERMOWNER% %PERMPATH%
      IF "%DEBUG%" == "y" ECHO Dir, Subdirs, Edit, Noinhflag, Inh...
      IF "%DEBUG%" == "y" ECHO %PERMPATH% %PERMSUBDIRFLAG% %PERMOWNER% %PERMEDITFLAG% %PERMMODIFYFLAG% %PERMACLUSER% %PERMPERM% %PERMSPEC% %PERMINHFLAG% %PERMINH%
      GOTO setperms_done
   
    :setperms_dir_subdirs_edit_inhflag
     IF "%PERMINH%" == "0" GOTO setperms_dir_subdirs_edit_inhflag_noinh
     GOTO setperms_dir_subdirs_edit_inhflag_inh

     :setperms_dir_subdirs_edit_inhflag_noinh
      CHOWN -r -q %USER% %PERMPATH%
      IF "%PERMSPEC%" == "0" SWXCACLS /S /E %PERMPATH% /%PERMMODIFYFLAG% %PERMACLUSER%:%PERMPERM% /I %PERMINHFLAG% /Q /L %LOGFILE% ELSE (
       SWXCACLS /S /E %PERMPATH% /%PERMMODIFYFLAG% %PERMACLUSER%:%PERMPERM%;%PERMSPEC% /I %PERMINHFLAG% /Q /L %LOGFILE%
      )
      CHOWN -r -q %PERMOWNER% %PERMPATH%
      IF "%DEBUG%" == "y" ECHO Dir, Subdirs, Edit, Inhflag, Noinh...
      IF "%DEBUG%" == "y" ECHO %PERMPATH% %PERMSUBDIRFLAG% %PERMOWNER% %PERMEDITFLAG% %PERMMODIFYFLAG% %PERMACLUSER% %PERMPERM% %PERMSPEC% %PERMINHFLAG% %PERMINH%
      GOTO setperms_done

     :setperms_dir_subdirs_edit_inhflag_inh
      CHOWN -r -q %USER% %PERMPATH%
      IF "%PERMSPEC%" == "0" SWXCACLS /S /E %PERMPATH% /%PERMMODIFYFLAG% %PERMACLUSER%:%PERMPERM%/%PERMINH% /I %PERMINHFLAG% /Q /L %LOGFILE% ELSE (
       SWXCACLS /S /E %PERMPATH% /%PERMMODIFYFLAG% %PERMACLUSER%:%PERMPERM%;%PERMSPEC%/%PERMINH% /I %PERMINHFLAG% /Q /L %LOGFILE%
      )
      CHOWN -r -q %PERMOWNER% %PERMPATH%
      IF "%DEBUG%" == "y" ECHO Dir, Subdirs, Edit, Inhflag, Inh...
      IF "%DEBUG%" == "y" ECHO %PERMPATH% %PERMSUBDIRFLAG% %PERMOWNER% %PERMEDITFLAG% %PERMMODIFYFLAG% %PERMACLUSER% %PERMPERM% %PERMSPEC% %PERMINHFLAG% %PERMINH%
      GOTO setperms_done

 :setperms_comment
  IF "%DEBUG%" == "y" ECHO Comment...
  GOTO setperms_done
 :setperms_noexist
  ECHO Error; No path: %PERMPATH%
  GOTO setperms_error

 :setperms_done
  EXIT /B 0
 :setperms_error
  EXIT /B 1

:no_need
EXIT /B 0

:no_file
ECHO No such permission file: %1
EXIT /B -2
:bad_user
 ECHO I need a username to run under when setting permissions.
 EXIT /B -3

:usage_error
ECHO Usage: %0 [context] [permfile]
ECHO.
ECHO        context=debug   - Debug this program
ECHO        context=startup - Ran at startup
ECHO        context=logon   - Ran at logon or after logon
SET RET=-2
GOTO done

:done
EXIT /B %RET%
ENDLOCAL
```
csperm.bat - Used to parse and execute the standard permission files.

```
@ECHO OFF

IF "%1" == "" GOTO usage_error

REM === Set permissions from the standard files ===
REM Standard permissions
CALL cperm %1 C:\SETTINGS\sperm.prm
REM Custom permissions
CALL cperm %1 C:\SETTINGS\cperm.prm

GOTO done

:usage_error
ECHO Usage: %0 [context]
ECHO.
ECHO        context=debug   - Debug this program
ECHO        context=startup - Ran at startup
ECHO        context=logon   - Ran at logon or after logon
GOTO done

:done
```
=========================================================

If a the documentation is incorrect or the command line mappings can map better, please post an answer. Also do so if you notice a bug.a


----------



## des000 (May 30, 2008)

Looks like now it's time to find out when the standard permissions should be set to verify that they're always set. I think I'm just going to insure that it checks often enough to appear that it's always set. There's no way to check if the permissions are set in my code, and so I'll just set the permissions without checking. If the user made changes to the stuff before I reset it to the standard, too bad, so sad!

I don't know what msec does on Mandriva Linux, which this is meant to be "something like", but I guess short of looking at the source code, which I don't want or even need to do for this program, because I understand the concepts behind it and I want it to be origional code, not just rewriting their code in my own words, I can't find when it does it's checks. Therefore, I'll just at least start by checking when I want to. There are differences between Windows XP and Linux anyway, so even if I'd found when it checks, it may not apply to Windows XP or even another Linux.


----------



## des000 (May 30, 2008)

A new version of one of the documentation files that corrects grammar errors. Plus here's the other files too.


----------



## des000 (May 30, 2008)

It looks as if I must create a scheduled task in order to run the command every once in awhile, so I did. Now it should run every hour or so. at appears not to work because you can't tell it to run every hour, but it works to tell that to scheduled tasks.


----------



## des000 (May 30, 2008)

I can't seem to find a suitable program with an option to set just the NP flag that corresponds to the GUI. If I could, I might be getting very close to implementing all the support for every GUI option available of the permissions. If not, then I'm not getting close it it yet, but I might have to just not use that option.


----------

