Best way to check if directory is writable in BAT script?

Asked 1/9, 2011 at 15:45 Answered 9/4, 2023 at 22:6

How can I check whether a directory is writable by the executing user from a batch script?

Here's what I've tried so far:

> cd "%PROGRAMFILES%"

> echo. > foo
Access is denied.
> echo %ERRORLEVEL%
0

Ok, so how about...

> copy NUL > foo
Access is denied.
> echo %ERRORLEVEL%
0

Not that either? Then what about...

> copy foo bar
Access is denied.
        0 file(s) copied.
> echo %ERRORLEVEL%
1

This works, but it breaks if the file doesn't exist.

I've read something about internal commands not setting ERRORLEVEL, but copy obviously seems to do so in the last case.

Noto answered 1/9, 2011 at 15:45 Comment(5)

oh yeah... windows environment will piss you off with that. Many commands do not return %errorlevel% correctly... as well as many installed applications that use command line arguments. =D – Stridulate 1/9, 2011 at 15:49

haha, yeah... not to mention the thin proverbial ice that is quotation and paths containing spaces. I've resorted to using 8.3 pathnames. ;) – Noto 1/9, 2011 at 15:54

you might get more luck with this question in SO sister site .. superuser.com – Bags 1/9, 2011 at 15:58

What is the something you read about internal commands? Do you happen to have a link handy? – Consequence 27/11, 2012 at 19:19

this helped me a lot [how-to-check-in-command-line-if-a-given-file-or-directory-is-locked-used-by-any][1] [1]: #10518651 – Gluteal 3/12, 2014 at 19:50

Definitely running a command against it to find if its denied is the easy way to do it. You can also use CACLS to find exactly what the permissions are or aren't. Here's a sample.

In CMD type CACLS /?

CACLS "filename" will give you what the current permissions is allowed on the file. R = Read, W = Write, C = Change (same as write?), F = Full access.

EDIT: You can use directory name as well.

So to do a check, you would:

FOR /F "USEBACKQ tokens=2 delims=:" %%F IN (`CACLS "filename" ^| FIND "%username%"`) DO (
 IF "%%F"=="W" (SET value=true && GOTO:NEXT)
 IF "%%F"=="F" (SET value=true && GOTO:NEXT)
 IF "%%F"=="C" (SET value=true && GOTO:NEXT)
 SET value=false
)
ECHO This user does not have permissions to write to file.
GOTO:EOF
:NEXT
ECHO This user is able to write to file.

Stridulate answered 1/9, 2011 at 16:17 Comment(7)

This is not correct, you can have access to a folder without having a specific ACE for your user (Admins, users, everyone etc) – Lentissimo 1/9, 2011 at 19:42

@Lentissimo Make a folder and run the following command on the folder cacls foldername /P %computername%\%username%:R Now CD into it and do ECHO hello>file.txt You'll get an access denied. – Stridulate 1/9, 2011 at 19:51

@Mechaflash: What does that have to do with anything? The problem in your code I'm talking about is the FIND "%username%" part. Just because a user is not listed does not mean they don't have write access (or other kinds of access). I can have a folder with just "Everyone:(OI)(CI)F" and I can write to it... – Lentissimo 1/9, 2011 at 20:4

I see your point. However, if you check access rights for even original install folders (Documents and Settings for example), Everyone will only ever be assigned READ-ONLY unless altered. And if someone's set Everyone to have FULL or WRITE access to anything... they shouldn't be touching a computer =/ – Stridulate 1/9, 2011 at 20:18

@Mechaflash: I use Everyone etc in the ACL (not user or computer specific) on some USB drives, I guess I should walk away from the keyboard then... – Lentissimo 1/9, 2011 at 21:25

"The Cacls command can be run only on disk drives that use the NTFS file system." – Strontia 15/2, 2013 at 10:24

^ This was so 2011 ago =P Didn't know that lil tidbit however. – Stridulate 15/2, 2013 at 16:26

You can write copy %0 foo to copy the batch file itself.
This will always exist.

Remember to delete the file afterwards, and to make sure that you aren't overwriting an existing file by that name.

There ought to be a better way to do this, but I don't know of any.

EDIT: Better yet, try mkdir foo.
In case the batch file is running off a network (or if it's very large), this may be faster.

Kaminski answered 1/9, 2011 at 15:49 Comment(3)

Clever :). I can't answer my own question yet, but it struck me I could also do copy NUL foo and achieve the same result. – Noto 1/9, 2011 at 15:52

You can also create an empty file with copy nul foo, for example. – Fredia 1/9, 2011 at 16:39

It won't work in script triggered by using "call :label", as %0 would be the label name - so not "always". ;) – Donald 12/12, 2015 at 0:47

set testdir=%programfiles%
set myguid={A4E30755-FE04-4ab7-BD7F-E006E37B7BF7}.tmp
set waccess=0
echo.> "%testdir%\%myguid%"&&(set waccess=1&del "%testdir%\%myguid%")
echo write access=%waccess%

Lentissimo answered 1/9, 2011 at 20:0 Comment(0)

i found that executing copy within the batch file echoed an error to STDERR, but left %ERRORLEVEL% untouched (still 0). so the workaround was to combine the command with a conditional execution of set.

copy /Y NUL "%FOLDER%\.writable" > NUL 2>&1 && set WRITEOK=1
IF DEFINED WRITEOK ( 
  rem ---- we have write access ----
  ...
 ) else (
  rem ---- we don't ----
  ...
)

this is tested on XP and 7 and seems to work reliably.

Dedication answered 31/1, 2012 at 11:54 Comment(0)

An extension to Mechaflash's answer, and solves the problem of overwriting the file by generating a unique filename for the "testing" file.

@ECHO OFF
SETLOCAL ENABLEDELAYEDEXPANSION
SET "a=%~1"
SET "b="
SET "g=0"
:a
SET "c= `1234567890-=qwertyuiop[]asdfghjkl;'zxcvbnm,.~!@#$%%^&()_+QWERTYUIOP{}ASDFGHJKLZXCVBNM"
SET /A "d=0, e=1"
:b
IF "!c!" NEQ "" (
    IF "!c:~%d%,1!" NEQ "" (
        IF EXIST "!a!\!b!!c:~%d%,1!" (
            SET "c=!c:~0,%d%!!c:~%e%!"
        ) ELSE (
            SET /A "d=!d!+1, e=!e!+1"
        )
        GOTO :b
    )
)
IF "!c!" EQU "" (
    SET "c= `1234567890-=qwertyuiop[]asdfghjkl;'zxcvbnm,.~!@#$%%^&()_+QWERTYUIOP{}ASDFGHJKLZXCVBNM"
    :c
    IF "!c!" NEQ "" (
        IF "!c:~%d%,1!" NEQ "" (
            SET /A "d=!d!+1"
            GOTO :c
        )
    )
    SET /A "d=!d!-1"
    SET /A "f=%RANDOM%*!d!/32768"
    SET "b=!b!!c:~%f%,1!"
    GOTO :a
) ELSE (
    SET /A "d=!d!-1"
    SET /A "f=%RANDOM%*!d!/32768"
    SET "b=!b!!c:~%f%,1!"
)
((ECHO EXIT>"!a!\!b!" && SET "g=1") & IF EXIST "!a!\!b!" DEL /F "!a!\!b!") >NUL 2>&1
ENDLOCAL & (SET "a=%g%")
IF "%a%" EQU "1" ECHO TRUE

(%~1 is the input directory)
EDIT: If you want a more safe option

@ECHO OFF
SETLOCAL ENABLEDELAYEDEXPANSION
SET "a=%~1"
SET "b="
SET "g=0"
:a
SET "c= `1234567890-=qwertyuiop[]asdfghjkl;'zxcvbnm,.~!@#$%%^&()_+QWERTYUIOP{}ASDFGHJKLZXCVBNM"
SET /A "d=0, e=1"
:b
IF "!c!" NEQ "" (
    IF "!c:~%d%,1!" NEQ "" (
        IF EXIST "!a!\!b!!c:~%d%,1!" (
            SET "c=!c:~0,%d%!!c:~%e%!"
        ) ELSE (
            SET /A "d=!d!+1, e=!e!+1"
        )
        GOTO :b
    )
)
IF "!c!" EQU "" (
    SET "c= `1234567890-=qwertyuiop[]asdfghjkl;'zxcvbnm,.~!@#$%%^&()_+QWERTYUIOP{}ASDFGHJKLZXCVBNM"
    :c
    IF "!c!" NEQ "" (
        IF "!c:~%d%,1!" NEQ "" (
            SET /A "d=!d!+1"
            GOTO :c
        )
    )
    SET /A "d=!d!-1"
    SET /A "f=%RANDOM%*!d!/32768"
    SET "b=!b!!c:~%f%,1!"
    GOTO :a
) ELSE (
    SET /A "d=!d!-1"
    SET /A "f=%RANDOM%*!d!/32768"
    SET "b=!b!!c:~%f%,1!"
)
IF EXIST "!a!\!b!" (
    SET "b=!b:~0,-1!"
    GOTO :a
) ELSE (
    ((ECHO EXIT>"!a!\!b!" && SET "g=1") & IF EXIST "!a!\!b!" DEL /F "!a!\!b!") >NUL 2>&1
)
ENDLOCAL & (SET "a=%g%")
IF "%a%" EQU "1" ECHO TRUE

Falter answered 28/11, 2018 at 5:44 Comment(0)

You can solve this problem by using echo.

(> %tmpfile% echo) 2>NUL && (del %tmpfile% && goto can-write || goto can-write-not-del) || goto cannot-write

Try writing to a file with echo. On succes (&&) delete the %tmpfile% again and do something. On error (||) do something different.

Example

C:\>check-directory.bat
usage: check-directory.bat <folder>

C:\>check-directory.bat is-writable
Can write to C:\is-writable

C:\>check-directory.bat is-not-writable
Can **not** write to C:\is-not-writable

check-directory.bat

@echo off

if "%~1" == "" (
    echo usage: %0 ^<folder^>
    goto :eof
)
if not exist "%~1\*" (
    echo The folder '%~1' does not exist.
    goto :eof
)

set tmpfile=%~1\.deleteme
(> %tmpfile% echo) 2>NUL && (del %tmpfile% && goto can-write || goto can-write-not-del) || goto cannot-write

:cannot-write
echo Can **not** write to %CD%
goto :eof

:can-write
echo Can write to %CD%
goto :eof

:can-write-not-del
echo Can write to %CD% but couldn't delete %tmpfile%.
goto :eof

Wieland answered 15/3, 2023 at 10:52 Comment(0)

2023 UPDATE

Anthony Miller's answer is depreciated, this is the updated version.

This checks if the user has full access on the C: drive.

set CHK_DISK=C:
set CHK_PERMISSION=F
FOR /F "USEBACKQ tokens=2 delims=:" %%F IN (`ICACLS "%CHK_DISK%" ^| FIND "%username%"`) DO (
    set perm_str=%%F
    set adj_perm_str=!perm_str:%CHK_PERMISSION%=!
    if not x!perm_str!==x!adj_perm_str! (
        echo %username% has full access for %CHK_DISK%
    ) else (
        echo %username% does not have full access for %CHK_DISK%
    )
)

It first reads the ICALS output for the user on the specific drive, for example (OI)(CI)(F). It then assigns this to perm_str and creates a new variable adj_perm_str where the letter F (full control) is removed. If the perm_str and adj_perm_str are equal, there is no F present. If there is, the user has full control.

Change CHK_DISK if you want to check permission for a different disk, adjust CHK_PERMISSION to check for other permissions.

F - Full access
M- Modify access
RX - Read and execute access
R - Read-only access
W - Write-only access

Claudclauddetta answered 9/4, 2023 at 22:6 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Example

check-directory.bat

Recommended topics

Hot tags