Best way to check if directory is writable in BAT script?

Question

How can I check whether a directory is writable by the executing user from a batch script?

Here's what I've tried so far:

> cd "%PROGRAMFILES%"

> echo. > foo
Access is denied.
> echo %ERRORLEVEL%
0

Ok, so how about...

> copy NUL > foo
Access is denied.
> echo %ERRORLEVEL%
0

Not that either? Then what about...

> copy foo bar
Access is denied.
        0 file(s) copied.
> echo %ERRORLEVEL%
1

This works, but it breaks if the file doesn't exist.

I've read something about internal commands not setting ERRORLEVEL, but copy obviously seems to do so in the last case.

Answer 1

2023 UPDATE

Anthony Miller's answer is depreciated, this is the updated version.

This checks if the user has full access on the C: drive.

set CHK_DISK=C:
set CHK_PERMISSION=F
FOR /F "USEBACKQ tokens=2 delims=:" %%F IN (`ICACLS "%CHK_DISK%" ^| FIND "%username%"`) DO (
    set perm_str=%%F
    set adj_perm_str=!perm_str:%CHK_PERMISSION%=!
    if not x!perm_str!==x!adj_perm_str! (
        echo %username% has full access for %CHK_DISK%
    ) else (
        echo %username% does not have full access for %CHK_DISK%
    )
)

It first reads the ICALS output for the user on the specific drive, for example (OI)(CI)(F). It then assigns this to perm_str and creates a new variable adj_perm_str where the letter F (full control) is removed. If the perm_str and adj_perm_str are equal, there is no F present. If there is, the user has full control.

Change CHK_DISK if you want to check permission for a different disk, adjust CHK_PERMISSION to check for other permissions.

• F - Full access
• M- Modify access
• RX - Read and execute access
• R - Read-only access
• W - Write-only access

Answer 2

You can solve this problem by using echo.

(> %tmpfile% echo) 2>NUL && (del %tmpfile% && goto can-write || goto can-write-not-del) || goto cannot-write

Try writing to a file with echo. On succes (&&) delete the %tmpfile% again and do something. On error (||) do something different.

Example

C:\>check-directory.bat
usage: check-directory.bat <folder>

C:\>check-directory.bat is-writable
Can write to C:\is-writable

C:\>check-directory.bat is-not-writable
Can **not** write to C:\is-not-writable

check-directory.bat

@echo off

if "%~1" == "" (
    echo usage: %0 ^<folder^>
    goto :eof
)
if not exist "%~1\*" (
    echo The folder '%~1' does not exist.
    goto :eof
)

set tmpfile=%~1\.deleteme
(> %tmpfile% echo) 2>NUL && (del %tmpfile% && goto can-write || goto can-write-not-del) || goto cannot-write

:cannot-write
echo Can **not** write to %CD%
goto :eof

:can-write
echo Can write to %CD%
goto :eof

:can-write-not-del
echo Can write to %CD% but couldn't delete %tmpfile%.
goto :eof

Answer 3

An extension to Mechaflash's answer, and solves the problem of overwriting the file by generating a unique filename for the "testing" file.

@ECHO OFF
SETLOCAL ENABLEDELAYEDEXPANSION
SET "a=%~1"
SET "b="
SET "g=0"
:a
SET "c= `1234567890-=qwertyuiop[]asdfghjkl;'zxcvbnm,.~!@#$%%^&()_+QWERTYUIOP{}ASDFGHJKLZXCVBNM"
SET /A "d=0, e=1"
:b
IF "!c!" NEQ "" (
    IF "!c:~%d%,1!" NEQ "" (
        IF EXIST "!a!\!b!!c:~%d%,1!" (
            SET "c=!c:~0,%d%!!c:~%e%!"
        ) ELSE (
            SET /A "d=!d!+1, e=!e!+1"
        )
        GOTO :b
    )
)
IF "!c!" EQU "" (
    SET "c= `1234567890-=qwertyuiop[]asdfghjkl;'zxcvbnm,.~!@#$%%^&()_+QWERTYUIOP{}ASDFGHJKLZXCVBNM"
    :c
    IF "!c!" NEQ "" (
        IF "!c:~%d%,1!" NEQ "" (
            SET /A "d=!d!+1"
            GOTO :c
        )
    )
    SET /A "d=!d!-1"
    SET /A "f=%RANDOM%*!d!/32768"
    SET "b=!b!!c:~%f%,1!"
    GOTO :a
) ELSE (
    SET /A "d=!d!-1"
    SET /A "f=%RANDOM%*!d!/32768"
    SET "b=!b!!c:~%f%,1!"
)
((ECHO EXIT>"!a!\!b!" && SET "g=1") & IF EXIST "!a!\!b!" DEL /F "!a!\!b!") >NUL 2>&1
ENDLOCAL & (SET "a=%g%")
IF "%a%" EQU "1" ECHO TRUE

(%~1 is the input directory)
EDIT: If you want a more safe option

@ECHO OFF
SETLOCAL ENABLEDELAYEDEXPANSION
SET "a=%~1"
SET "b="
SET "g=0"
:a
SET "c= `1234567890-=qwertyuiop[]asdfghjkl;'zxcvbnm,.~!@#$%%^&()_+QWERTYUIOP{}ASDFGHJKLZXCVBNM"
SET /A "d=0, e=1"
:b
IF "!c!" NEQ "" (
    IF "!c:~%d%,1!" NEQ "" (
        IF EXIST "!a!\!b!!c:~%d%,1!" (
            SET "c=!c:~0,%d%!!c:~%e%!"
        ) ELSE (
            SET /A "d=!d!+1, e=!e!+1"
        )
        GOTO :b
    )
)
IF "!c!" EQU "" (
    SET "c= `1234567890-=qwertyuiop[]asdfghjkl;'zxcvbnm,.~!@#$%%^&()_+QWERTYUIOP{}ASDFGHJKLZXCVBNM"
    :c
    IF "!c!" NEQ "" (
        IF "!c:~%d%,1!" NEQ "" (
            SET /A "d=!d!+1"
            GOTO :c
        )
    )
    SET /A "d=!d!-1"
    SET /A "f=%RANDOM%*!d!/32768"
    SET "b=!b!!c:~%f%,1!"
    GOTO :a
) ELSE (
    SET /A "d=!d!-1"
    SET /A "f=%RANDOM%*!d!/32768"
    SET "b=!b!!c:~%f%,1!"
)
IF EXIST "!a!\!b!" (
    SET "b=!b:~0,-1!"
    GOTO :a
) ELSE (
    ((ECHO EXIT>"!a!\!b!" && SET "g=1") & IF EXIST "!a!\!b!" DEL /F "!a!\!b!") >NUL 2>&1
)
ENDLOCAL & (SET "a=%g%")
IF "%a%" EQU "1" ECHO TRUE

Answer 4

i found that executing copy within the batch file echoed an error to STDERR, but left %ERRORLEVEL% untouched (still 0). so the workaround was to combine the command with a conditional execution of set.

copy /Y NUL "%FOLDER%\.writable" > NUL 2>&1 && set WRITEOK=1
IF DEFINED WRITEOK ( 
  rem ---- we have write access ----
  ...
 ) else (
  rem ---- we don't ----
  ...
)

this is tested on XP and 7 and seems to work reliably.

Answer 5

set testdir=%programfiles%
set myguid={A4E30755-FE04-4ab7-BD7F-E006E37B7BF7}.tmp
set waccess=0
echo.> "%testdir%\%myguid%"&&(set waccess=1&del "%testdir%\%myguid%")
echo write access=%waccess%

Answer 6

Definitely running a command against it to find if its denied is the easy way to do it. You can also use CACLS to find exactly what the permissions are or aren't. Here's a sample.

In CMD type CACLS /?

CACLS "filename" will give you what the current permissions is allowed on the file. R = Read, W = Write, C = Change (same as write?), F = Full access.

EDIT: You can use directory name as well.

So to do a check, you would:

FOR /F "USEBACKQ tokens=2 delims=:" %%F IN (`CACLS "filename" ^| FIND "%username%"`) DO (
 IF "%%F"=="W" (SET value=true && GOTO:NEXT)
 IF "%%F"=="F" (SET value=true && GOTO:NEXT)
 IF "%%F"=="C" (SET value=true && GOTO:NEXT)
 SET value=false
)
ECHO This user does not have permissions to write to file.
GOTO:EOF
:NEXT
ECHO This user is able to write to file.

Answer 7

You can write copy %0 foo to copy the batch file itself.
This will always exist.

Remember to delete the file afterwards, and to make sure that you aren't overwriting an existing file by that name.

There ought to be a better way to do this, but I don't know of any.

EDIT: Better yet, try mkdir foo.
In case the batch file is running off a network (or if it's very large), this may be faster.