net*_*ope 2 windows-7 ntfs permissions acl icacls
我将硬盘连接到我的 win7 机器上,并将驱动器号分配给硬盘I:上唯一的分区。该硬盘最初来自另一台计算机,为了避免所有那些“您当前没有权限...”对话框,我决定使用icacls清除所有 ACL。
I ran icacls I:\ /reset /t /c /l. After a while, Chrome stopped working. Safari crashed. I traced the problem and find that the ACLs of my home folder (in C:\Users) are all messed up. Chrome and Safari couldn't write to their cache folder. I fixed the ACLs of my home folder and everything seems to be OK now.
Why would icacls mess with my home folder when I specifically told it to work on the I: drive? I have even put in the /L switch so that it won't resolve symbolic links. Did I misunderstood the switch?
For your reference, below is the relevant parts of the help screen.
ICACLS name /reset [/T] [/C] [/L] [/Q]
replaces ACLs with default inherited ACLs for all matching files.
/T indicates that this operation is performed on all matching
files/directories below the directories specified in the name.
/C indicates that this operation will continue on all file errors.
Error messages will still be displayed.
/L indicates that this operation is performed on a symbolic link
itself versus its target.
好的,我找到了答案...
隐藏Documents and Settings在I:\是一个指向 的连接点C:\Users。结点的目标是绝对路径(与相对路径相反)。由于/L需要照顾的符号链接而已,icacls分解I:\Documents and Settings成C:\Users和重置所有的ACL那里。
因此,icacls除非您检查了要icacls处理的文件夹中的所有结点,否则切勿使用!这使得icacls作为递归 ACL 修改工具几乎毫无用处...如果文件夹包含指向C:\文件夹结构内部深处的连接点,您可能会在不知道原因的情况下杀死您的 Windows!