{"id":23,"date":"2008-02-24T11:22:14","date_gmt":"2008-02-24T19:22:14","guid":{"rendered":"http:\/\/porkrind.org\/missives2\/?p=23"},"modified":"2013-05-30T01:48:58","modified_gmt":"2013-05-30T08:48:58","slug":"leopard-permissions-going-crazy","status":"publish","type":"post","link":"https:\/\/porkrind.org\/missives\/leopard-permissions-going-crazy\/","title":{"rendered":"Leopard Permissions Going Crazy"},"content":{"rendered":"<p>So a couple days ago I noticed I had no permission to access one of my directories. Since it was a directory that I use in command line mode I naturally checked the permissions that way:<\/p>\n<pre>$ ls -ld Downloads\r\ndrwxrwxr-x   81 david    david       27370 Feb 23 11:18 Downloads\/\r\n<\/pre>\n<p>Looks ok! So it works, right?<\/p>\n<pre>$ cat &gt; Downloads\/eat\r\n-bash: Downloads\/eat: Permission denied\r\n<\/pre>\n<p>What?<\/p>\n<p>After puzzling for a few moments I decide to get info in Finder:<\/p>\n<p><a href=\"http:\/\/porkrind.org\/wp-uploads\/2008\/02\/crazypermissions.png\"><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"176\" data-permalink=\"https:\/\/porkrind.org\/missives\/leopard-permissions-going-crazy\/crazypermissions\/\" data-orig-file=\"https:\/\/porkrind.org\/wp-uploads\/2008\/02\/crazypermissions.png\" data-orig-size=\"265,201\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;}\" data-image-title=\"Crazy Permissions\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/porkrind.org\/wp-uploads\/2008\/02\/crazypermissions.png\" data-large-file=\"https:\/\/porkrind.org\/wp-uploads\/2008\/02\/crazypermissions.png\" class=\"aligncenter size-full wp-image-176\" title=\"Crazy Permissions\" src=\"http:\/\/porkrind.org\/wp-uploads\/2008\/02\/crazypermissions.png\" alt=\"\" width=\"265\" height=\"201\" \/><\/a><\/p>\n<p>Oooo. I didn\u00e2\u20ac\u2122t know OS X had ACLs. I don\u00e2\u20ac\u2122t really like ACLs in general because they seem too complicated for normal usage.<\/p>\n<p>Well, I\u00e2\u20ac\u2122ll just click that nice little minus sign button and delete all the extra ACL things. Except that the minus sign button just straight up doesn\u00e2\u20ac\u2122t work. I\u00e2\u20ac\u2122ve unlocked it and typed in my password so I should have root permission at that point but the dumb button just doesn\u00e2\u20ac\u2122t do anything. Something must be screwed up. Sigh. Back to the command line\u00e2\u20ac\u00a6<\/p>\n<p>So I do some googling and fine you can check the ACLs at the command line with <tt>ls -e<\/tt>.<\/p>\n<pre>$ ls -e Downloads\/\r\nls: invalid option -- e\r\nTry `ls --help' for more information.\r\n<\/pre>\n<p>What? Oh yeah, I put GNU <tt>ls<\/tt> on my machine so I could do color <tt>ls<\/tt> (turns out Leopard <tt>ls<\/tt> can do color with <tt>-G<\/tt>). Ok, let\u00e2\u20ac\u2122s use the system <tt>ls<\/tt>:<\/p>\n<pre>$ \/bin\/ls -ld Downloads\/\r\ndrwxrwxr-x+ 81 david  david  27370 Feb 23 11:18 Downloads\/\r\n<\/pre>\n<p>Aha!. There\u00e2\u20ac\u2122s a <tt>+<\/tt> on the end of the permissions to show me ACLs exist.<\/p>\n<pre>$ \/bin\/ls -lde Downloads\/\r\ndrwxrwxr-x+  81 david  david     27370 Feb 23 11:18 Downloads\r\n 0: user:root allow list,add_file,search,delete,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,writesecurity\r\n 1: group:everyone deny add_file,delete,add_subdirectory,delete_child,writeattr,writeextattr,chown\r\n 2: user:root allow list,add_file,search,delete,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,writesecurity\r\n 3: user:root allow list,add_file,search,delete,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,writesecurity\r\n 4: user:root allow list,add_file,search,delete,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,writesecurity\r\n 5: user:root allow list,add_file,search,delete,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,writesecurity\r\n 6: user:root allow list,add_file,search,delete,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,writesecurity\r\n 7: user:root allow list,add_file,search,delete,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,writesecurity\r\n...\r\n<\/pre>\n<p>The list goes on exactly like that up to 127! Ok. That looks a bit screwey! So I figure out that you can manipulate ACLs with <tt>chmod<\/tt>, but annoyingly <tt>chmod<\/tt> doesn\u00e2\u20ac\u2122t have an option to just wipe all the ACLs clean. Grrr\u00e2\u20ac\u00a6 Ok, so I get to write a little loop in shell:<\/p>\n<pre>$ while \/bin\/ls -ld Downloads | f 1 | grep -q '+'; do chmod -a# 0 Downloads; done\r\n<\/pre>\n<p><tt>f<\/tt> is a little program I stole from <a href=\"http:\/\/perl.plover.com\/classes\/mybin\/samples\/slide010.html\">here<\/a>.<\/p>\n<p>So\u00e2\u20ac\u00a6 Did it work?<\/p>\n<pre>$ \/bin\/ls -led Downloads\/\r\ndrwxrwxr-x  81 david  david  27370 Feb 23 11:18 Downloads\/\r\n<\/pre>\n<p>Yes!<\/p>\n<p>Now let\u00e2\u20ac\u2122s make that a shell function so I can run it easier:<\/p>\n<pre>clear-acls() { while \/bin\/ls -ld $1 | f 1 | grep -q '+'; do chmod -a# 0 $1; done }\r\n<\/pre>\n<p>Now I can just do <tt>clear-acls Music<\/tt> and fix my music directory, which is also screwed up.<\/p>\n<p>It also occurred to me that fixing the permissions with Disk Utility might work as well, so I am trying that now. The progress bar is not moving and it has been saying it will be done in \u00e2\u20ac\u0153less than a 1 minute\u00e2\u20ac\u009d for the past 10 minutes. Nice. Does anything work in Leopard?<\/p>\n<p>Half an hour later\u00e2\u20ac\u00a6 Disk Utility fixed some ACLs, but only on system directories. My home directory still has a bunch of folders with weird ACLs on them. I have no idea who put them there (I can only assume some stupid Apple bug, probably in Time Machine\u00e2\u20ac\u201cwhat else scans my whole disk?), but at least I can manually fix it when it happens.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>So a couple days ago I noticed I had no permission to access one of my directories&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[10],"tags":[],"class_list":["post-23","post","type-post","status-publish","format-standard","hentry","category-sysadmin"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/porkrind.org\/missives\/wp-json\/wp\/v2\/posts\/23","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/porkrind.org\/missives\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/porkrind.org\/missives\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/porkrind.org\/missives\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/porkrind.org\/missives\/wp-json\/wp\/v2\/comments?post=23"}],"version-history":[{"count":8,"href":"https:\/\/porkrind.org\/missives\/wp-json\/wp\/v2\/posts\/23\/revisions"}],"predecessor-version":[{"id":79,"href":"https:\/\/porkrind.org\/missives\/wp-json\/wp\/v2\/posts\/23\/revisions\/79"}],"wp:attachment":[{"href":"https:\/\/porkrind.org\/missives\/wp-json\/wp\/v2\/media?parent=23"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/porkrind.org\/missives\/wp-json\/wp\/v2\/categories?post=23"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/porkrind.org\/missives\/wp-json\/wp\/v2\/tags?post=23"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}