Information Technology Grimoire

Version .0.0.1

IT Notes from various projects because I forget, and hopefully they help you too.

File Permissions

Windows Files

powershell dir

The “Mode” is what to look for in powershell

PS C:\backup\v> powershell dir


    Directory: C:\backup\v


Mode                 LastWriteTime         Length Name
----                 -------------         ------ ----
d-----         4/23/2023   9:03 PM                9menmorris
d-----         4/26/2023   6:38 PM                AH4SMF_8
d-----          5/8/2023  12:47 PM                aimazing
d-----         4/10/2023  10:20 AM                amzaffiliate
d-----         3/13/2023  12:43 PM                encryption
d-----         3/25/2023   8:51 PM                flask_app_2
d-----         3/25/2023   9:02 PM                flask_app_3
d-----         3/26/2023   1:27 PM                flask_app_4

icacls

PS C:\backup\v> icacls .\9menmorris\
.\9menmorris\ BUILTIN\Administrators:(I)(F)
              BUILTIN\Administrators:(I)(OI)(CI)(IO)(F)
              NT AUTHORITY\SYSTEM:(I)(F)
              NT AUTHORITY\SYSTEM:(I)(OI)(CI)(IO)(F)
              NT AUTHORITY\Authenticated Users:(I)(M)
              NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(IO)(M)
              BUILTIN\Users:(I)(RX)
              BUILTIN\Users:(I)(OI)(CI)(IO)(GR,GE)

Powershell Get-Acl

PS C:\backup\v> Get-ChildItem .\9menmorris\ | Get-Acl


    Directory: C:\backup\v\9menmorris


Path                Owner           Access
----                -----           ------
Include             JAMESDELL2\User BUILTIN\Administrators Allow  FullControl...
Lib                 JAMESDELL2\User BUILTIN\Administrators Allow  FullControl...
Scripts             JAMESDELL2\User BUILTIN\Administrators Allow  FullControl...
__pycache__         JAMESDELL2\User BUILTIN\Administrators Allow  FullControl...
1.ogg               JAMESDELL2\User NULL SID Deny  ExecuteFile, DeleteSubdirectoriesAndFiles, ReadPermissions...
1.png               JAMESDELL2\User BUILTIN\Administrators Allow  FullControl...
2.ogg               JAMESDELL2\User NULL SID Deny  ExecuteFile, DeleteSubdirectoriesAndFiles, ReadPermissions...
2.png               JAMESDELL2\User BUILTIN\Administrators Allow  FullControl...
3.ogg               JAMESDELL2\User NULL SID Deny  ExecuteFile, DeleteSubdirectoriesAndFiles, ReadPermissions...
3.png               JAMESDELL2\User BUILTIN\Administrators Allow  FullControl...

Powershell Get-Acl + fl

PS C:\backup\v> Get-ChildItem .\9menmorris\*.ogg | Get-Acl | fl


Path   : Microsoft.PowerShell.Core\FileSystem::C:\backup\v\9menmorris\1.ogg
Owner  : JAMESDELL2\User
Group  : JAMESDELL2\None
Access : NULL SID Deny  ExecuteFile, DeleteSubdirectoriesAndFiles, ReadPermissions
         JAMESDELL2\User Allow  Write, Delete, Read, ChangePermissions, TakeOwnership, Synchronize
         JAMESDELL2\None Deny  ExecuteFile
         NT AUTHORITY\Authenticated Users Deny  ExecuteFile, DeleteSubdirectoriesAndFiles, Write
         NT AUTHORITY\SYSTEM Deny  ExecuteFile
         BUILTIN\Administrators Deny  ExecuteFile
         BUILTIN\Users Deny  ExecuteFile
         JAMESDELL2\None Allow  ReadAndExecute, Synchronize
         NT AUTHORITY\Authenticated Users Allow  Write, ReadAndExecute, Synchronize
         NT AUTHORITY\SYSTEM Allow  Write, ReadAndExecute, Synchronize
         BUILTIN\Administrators Allow  Write, ReadAndExecute, Synchronize
         BUILTIN\Users Allow  ReadAndExecute, Synchronize
         Everyone Allow  Read, Synchronize
Audit  :
Sddl   : O:S-1-5-21-1765701941-401501480-1302896186-1001G:S-1-5-21-1765701941-401501480-1302896186-513D:P(D;;WPDTRC;;;S-1-0-0)(A;;0x1f019f;;;S-1-5-21-1765701941-401501480-1302896186-1001)(D;;WP;;;S-1-5-21-1765701941-401501480-1302896186-513)(D;;DCLCRPWPDTCR;;;AU)(D;;WP;
         ;;SY)(D;;WP;;;BA)(D;;WP;;;BU)(A;;0x1200a9;;;S-1-5-21-1765701941-401501480-1302896186-513)(A;;0x1201bf;;;AU)(A;;0x1201bf;;;SY)(A;;0x1201bf;;;BA)(A;;0x1200a9;;;BU)(A;;FR;;;WD)

Linux

chmod

placeholder

chgrp

placeholder

chown

placeholder