Skip to main content
Super User

Return to Answer

Added syntax highlighting and verify command
Source Link
JW0914
JW0914
  • 8.3k
  • 7
  • 31
  • 50
  • CLI:
    
:: Set Variable ::
set key="C:\Path\to\key"

:: Remove Inheritance ::
cmd /c icacls %key% /c /t /inheritance:d

:: Set Ownership to Owner ::
cmd /c icacls %key% /c /t /grant %username%:F

:: Remove All Users, except for Owner ::
cmd /c icacls %key%  /c /t /remove Administrator BUILTIN\Administrators BUILTIN Everyone System Users

    CLI:

      :: Set Variable ::
  set key="C:\Path\to\key"

  :: Remove Inheritance ::
  cmd /c icacls %key% /c /t /inheritance:d

  :: Set Ownership to Owner ::
  cmd /c icacls %key% /c /t /grant %username%:F

  :: Remove All Users, except for Owner ::
  cmd /c icacls %key%  /c /t /remove Administrator BUILTIN\Administrators BUILTIN Everyone System Users

  :: Verify ::
  cmd /c icacls %key%
  • CLI
    
   # Set Variables

     # Key  
       key="/path/to/key"

     # User:
       user="$(echo $USER)"

   # Set Ownership
     # This assumes user's name is also user's group name
       chown $user:$user $key

   # Set Access Rights
     chmod 0600 $key

    CLI

      # Set Variables

    # Key  
      key="/path/to/key"

    # User:
      user="$(echo $USER)"

  # Set Ownership
    # This assumes user's name is also user's group name
      chown $user:$user $key

  # Set Access Rights
    chmod 0600 $key

  # Verify
  ls -l $key
  • CLI:
    
:: Set Variable ::
set key="C:\Path\to\key"

:: Remove Inheritance ::
cmd /c icacls %key% /c /t /inheritance:d

:: Set Ownership to Owner ::
cmd /c icacls %key% /c /t /grant %username%:F

:: Remove All Users, except for Owner ::
cmd /c icacls %key%  /c /t /remove Administrator BUILTIN\Administrators BUILTIN Everyone System Users
  • CLI
    
   # Set Variables

     # Key  
       key="/path/to/key"

     # User:
       user="$(echo $USER)"

   # Set Ownership
     # This assumes user's name is also user's group name
       chown $user:$user $key

   # Set Access Rights
     chmod 0600 $key

  • CLI:

      :: Set Variable ::
  set key="C:\Path\to\key"

  :: Remove Inheritance ::
  cmd /c icacls %key% /c /t /inheritance:d

  :: Set Ownership to Owner ::
  cmd /c icacls %key% /c /t /grant %username%:F

  :: Remove All Users, except for Owner ::
  cmd /c icacls %key%  /c /t /remove Administrator BUILTIN\Administrators BUILTIN Everyone System Users

  :: Verify ::
  cmd /c icacls %key%

  • CLI

      # Set Variables

    # Key  
      key="/path/to/key"

    # User:
      user="$(echo $USER)"

  # Set Ownership
    # This assumes user's name is also user's group name
      chown $user:$user $key

  # Set Access Rights
    chmod 0600 $key

  # Verify
  ls -l $key
Source Link
JW0914
JW0914
  • 8.3k
  • 7
  • 31
  • 50

Keys must only be accessible to the user they're intended for and no other account, service, or group.

  • I don't use WSL, as it's a security nightmare, creating more problems than it solves, so I'll provide both ways to set correct permissions

Windows Powershell Terminal

  • GUI:
    • [File] Properties - Security - Advanced
      1. Set Owner to the key's user
      2. Remove all users, groups, and services, except for the key's user, under Permission Entries
      3. Set key's user to Full Control

  • CLI:
    :: Set Variable ::
set key="C:\Path\to\key"

:: Remove Inheritance ::
cmd /c icacls %key% /c /t /inheritance:d

:: Set Ownership to Owner ::
cmd /c icacls %key% /c /t /grant %username%:F

:: Remove All Users, except for Owner ::
cmd /c icacls %key%  /c /t /remove Administrator BUILTIN\Administrators BUILTIN Everyone System Users

WSL Bash Terminal

  • CLI
       # Set Variables

     # Key  
       key="/path/to/key"

     # User:
       user="$(echo $USER)"

   # Set Ownership
     # This assumes user's name is also user's group name
       chown $user:$user $key

   # Set Access Rights
     chmod 0600 $key