unwwwritten

OS X permissions are now more complicated than UNIX permissions

Posted March 11th, 2010 at 10:15 am EST by S. Brent Faulkner — View Comments

So, I was pulling an old mysql database out of a backup today and discovered that there were some OS X permissions "things" that I needed to learn... (gasp)

Ever look at a file listing (ie. ls -l) and see those @ characters after your permissions?

$ ls -ld data
drwxr-x---@ 22 _mysql  wheel      748 11 Mar 09:45 data

Well, the @ indicates that there are extended attributes.

Extended attributes take care of things like telling the Finder that you downloaded a file from the internet and to prompt you for whether or not you think it's safe to open the file.

Want to get see the extended attributes?

$ xattr data
com.apple.metadata:_kTimeMachineOldestSnapshot

Want to get remove an extended attribute?

$ xattr -d 'com.apple.metadata:_kTimeMachineOldestSnapshot' data

So, now you look at your file and instead of an @ you see a + after the permissions. What's up with that?

What you're seeing is that the file has an ACL or Access Control List.

Want to see the ACL?

$ ls -led data
drwxr-x---@ 22 _mysql  wheel  748 11 Mar 09:57 data
 0: group:everyone deny add_file,delete,add_subdirectory,delete_child,writeattr,writeextattr,chown

Want to remove the ACL?

$ chmod -a# 0 data

blog comments powered by Disqus

unwwwritten

OS X permissions are now more complicated than UNIX permissions

related posts

tags

archive