Do that with your Home folder, and that might cause confusion. Although it may seem tempting to perform a test run, note very carefully the warning given at the bottom of the window: even a test run will change the modification dates on all folders. If that looks too complex, TinkerTool System does offer the option to Reset Home, which is the new repairing permissions, perhaps. So what do you do if you discover that the current ACLs are getting in your way? If you can, try correcting those ACLs manually, starting at the top of the tree. Drop the item at the top, select any user from its popup menu, and the ticks and crosses show exactly what that user can and can’t do according to the ACL set. Where TinkerTool System is invaluable is displaying Effective Permissions. Use its Show or Set Permissions view to inspect any item to see whether it has an ACL, and to edit it if necessary. Thankfully, some GUI tools give good access to ACLs, and my favourite remains TinkerTool System, which has excellent support for them, and much more besides. Unless you’re a command line wizard, of course. The rules given in each ACE in the list are applied in order until they allow the given action, so their order is important.īecause ACLs aren’t readily seen, can normally only be inspected in the command line, and would normally be changed using the command chmod, when they go wrong it’s hard to discover and fix. Used together, those last two ACEs in the same ACL would allow me (and all my processes) to append data to an existing file, but not to read that file or replace its contents. User:hoakley allow append allows the user hoakley to append data to that item.
User:hoakley deny read,write prevents the user hoakley from reading or writing that item Group:everyone deny delete prevents those in the everyone group from deleting that item If that sounds far fetched, I’ve already heard of several users who have ended up with strange ACLs set for their Home folders which have resulted in problems.Įach ACL consists of a list of ACEs, the individual access controls, which are like simple sentences in that they allow or deny a specified user/group an access privilege. Just when we thought we could forget the panacea of repairing permissions on our Home folder, here’s another reason that you could experience permission-related problems. They also explain why doing anything with special folders isn’t straightforward. In the case of ACLs on your Home folder, they could cause normal operations like creating or deleting a custom folder to go wrong. You’ll also find this propagates to all your standard folders within that, such as Documents, but not to the folders you’ve created inside those.īefore you wonder what this has to do with you, like all access controls, sometimes they get fiddled with or go wrong and stop working in the way that you expect. In this case, it prevents those in the everyone group from deleting that directory, which is handy protection for a Home folder to have. Where that second line is the ACE (Access Control Entry) in its ACL. To discover the additional restrictions placed on your Home folder, you’ll need to use a command likeĭrwxr-xr-x+ 106 hoakley staff 3392 10 Feb 14:59 /Users/hoakley Only the Finder can’t tell you any more than that. You probably haven’t noticed it, but custom access is relatively recent, and indicates that, in addition to regular POSIX permissions, access to your Home folder is controlled by an ACL. In the lowermost section Sharing & Permissions, it should state that you have “custom access”, while confirming that you have Read & Write privileges. Select your Home folder, for example, and Get Info on it.
For those we have to turn to ACLs, Access Control Lists, which have been supported in OS X since 10.4, but have been little used until recently. That lacks control over important subtleties, which could limit who can list folder contents, change extended attributes, permissions and ownership. Each file and directory has settings for its owner, group, and everyone else, which determine whether they can read, write or (where appropriate) execute that item. Regular POSIX (Unix) permissions are crude controls.
0 kommentar(er)
