OS X - Access Control Lists (ACL)
Every modern operating system provides a more fine graded method of access control to operating system items
then the classic Unix security which can provide read, write and execute permission to the three groups Owner, Group and Others.
Mac OS X uses two types of permissions on files, file modes and Access Control Lists (ACLs).
The command s
- -a
-
remove acl
- +a
-
add acl
- -a#
-
# specifies th rule which should be deleted or modified
ACL command
"user
- -e
-
show ACLs
ls -le OSX-Acl.txt
-rw-r--r--+ 1 tuxi staff 29 16 Aug 12:59 OSX-Acl.txt
0: user:tuxi deny read,write
1: user:tuxi allow append
area uesed to manage ACLs on OSX
In a shell type the following commands to test.
- Create a sample and show the file
date > OSX-Acl.txt
cat OSX-Acl.txt
12 Aug 2013 12:55:46 CEST
chmod +a "tuxi deny read,write" OSX-Acl.txt
chmod +a "tuxi allow append" OSX-Acl.txt
ls -le OSX-Acl.txt
-rw-r--r--+ 1 tuxi staff 29 16 Aug 12:59 OSX-Acl.txt
0: user:tuxi deny read,write
1: user:tuxi allow append
- Now I can not read and write the file but append data - very handy for logfile security
cat OSX-Acl.txt
OSX-Acl.txt: Permission denied
date > OSX-Acl.txt
OSX-Acl.txt: Permission denied
date >> OSX-Acl.txt
Remove Rule 0
chmod -a# 0 OSX-Acl.txt
ls -le OSX-Acl.txt
-rw-r--r--+ 1 tuxi staff 58 16 Aug 13:06 OSX-Acl.txt
0: user:tuxi allow append
cat OSX-Acl.txt
12 Aug 2013 12:55:46 CEST
12 Aug 2013 12:59:23 CEST
Remove all ACLs
chmod -N OSX-Acl.txt
ls -le OSX-Acl.txt
-rw-r--r--+ 1 tuxi staff 58 16 Aug 13:06 OSX-Acl.txt
chmod
chmod +a "admin allow write" myfile.txt
chmod +a "guest deny read" myfile.txt
chmod +a "admin allow delete" myfile.txt
chmod +ai "others allow read" myfile.txt
chmod +a# 2 "others deny read" myfile.txt
chmod -a# 1 myfile.txt
chmod -a "admin allow write" myfile.txt
chmod =a# 1 "admin allow write,chown"
If the "Finder wants to make changes. Type your password to allow this." dialog appears when you attempt to move, rename, or delete files, it's likely incorrect permissions on your files have accidentally been set. More specifically, the Access Control Lists (ACLs) on the affected files causes the problem.
To correct the problem, you'll need to use the Terminal to remove the ACL from the problem file with the following command:
chmod -N filename
Status: Published Date: 2017/06/05 14:13:04 Revision: 1.1
Copyright bei Andreas Haack (C) 2014.
Diese Seite wird so wie sie ist zur Verfuegung gestellt, ohne irgenweche Garantien der Verwendbarkeit fuer bestimte Zwecke. Die auf dieser Seiten angebrachten Links liegen ausserhalb der redaktionellen Verantwortung von Andreas Haack und es wird keine Haftung oder Garantie uebernommen. Die Seiten sind Copyright (c) 2014 von Andreas Haack. Kein Teil darf ohne die schriftliche Einverstaendnis von Andreas Haack veroeffentlicht werden.
The page is provided 'as is' , without warranty of any kind, express or implied, including but not limited to the warranties of merchantability, fit- ness for a particular purpose and non-infringement. In no event shall Andreas Haack be liable for any claim, damages or other liability. This page is copyrighted property of Andreas Haack. Copyright by Andreas Haack (c) 2014 . No part of this page may be published without written permission for Andreas Haack. A hyper-link may created to this page but NOT to the embedded elements of this page. It may be freely downloaded for private purpose only as long as it is unaltered.