Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Level 1

5 points

recursive ACL's????

I have a number of files in my home directory that somehow accumulated ACL entries out of the blue nowhere. Getting rid of these in the finder is a pain. It turns out that getting rid of them in the terminal is a little bit easier, but not much.

MyComp:~ myUser$ cd Desktop
MyComp:Desktop myUser$ ll -e
total 144
drwxr-xr-x 8 myUser staff 272 Oct 31 08:04 .
drwxr-xr-x 37 myUser staff 1258 Oct 31 13:56 ..
-rwxr-xr-x@ 1 myUser staff 24580 Oct 31 09:12 .DS_Store
0: group:everyone deny delete
-rwxr-xr-x+ 1 myUser staff 0 Mar 29 2007 .localized
0: group:everyone deny delete
drwxr-xr-x@ 11 myUser staff 374 Oct 31 14:16 InBox
0: group:everyone deny delete
drwxr-xr-x@ 4 myUser staff 136 Oct 19 12:27 Out
0: group:everyone deny delete
-rwxr-xr-x@ 1 myUser staff 0 Oct 31 08:00 Pending
0: group:everyone deny delete
drwxr-xr-x@ 16 myUser staff 544 Oct 31 01:33 Transfer
MyComp:Desktop myUser$

See the ACL entries for each line? When I try to recursively chmod them to get rid of the ACL:

MyComp:Desktop myUser sudo chmod -R -a# 0 *
chmod: No ACL present

or

MyComp:Desktop myUser sudo chmod -R -a# 0 Inbox
chmod: No ACL present

That directory, and only that directory, not anything inside of it, are affected.

Whereas without the flag....

MyComp:Desktop myUser sudo chmod -a# 0 Out

... works as expected

So how do I do recursive ACL's so that I don't have to hunt through every directory???

G5, Mac OS X (10.4.8)

Posted on Oct 31, 2007 11:44 AM

25 replies

Nov 3, 2007 5:52 PM in response to Midknight32

The version that has the N flag is at:

http://developer.apple.com/documentation/Darwin/Reference/ManPages/man1/chmod.1. html

Nov 6, 2007 1:23 AM in response to ruebezahl

Hi, I hope i am on the right page.All this mac stuff is new to me.I only know that since I upgrade to Leopard I have had heaps of program hangs and a list of ACL found but not expected.Nothing I seem to do (or disk utility ) can get rid of them.Can somebody help ? Please

aRKay

Level 2

224 points

Nov 6, 2007 5:14 AM in response to Billy_Bowden

Billy_Bowden

I don't know if you are on the right topic or not but I used the Mac Pilot utility to clear
all of the Disk Utility reported ACL errors. Apple and every one of the 10.5 beta testers
should be ashamed for releasing the Leopard. Where are you Apple when we need
help???? There have been pros and cons posted about stripping the ACL's. I did and
mine works perfect.

<http://www.macupdate.com/info.php/id/12850/mac-pilot>

Nov 11, 2007 8:01 AM in response to ruebezahl

The -N option is not in my man page either, but I ran 'chmod -RN mydirectory' and it did get rid of the ACLs, so it's an option which is undocumented for some of us, apparently. What's odd is that the man pages that do and don't have the -N option seem to be otherwise identical, including issue date.

Midknight32 Author

Level 1

5 points

Nov 11, 2007 10:20 AM in response to jswoodburn

I know... worked for me too... and you saw the man page I posted...

acmdorio

Level 1

0 points

Dec 16, 2007 2:37 PM in response to Midknight32

Hi Everyone...

Thanks Midknight32 for you trick to solve my "permission nightmare" in Leopard...

For everyone that have the same problem, try to use this from Terminal (maybe you need to change to user root):
#sudo chmod -R +a "group:everyone deny delete" mydirectoryname

followed by the removal...

#sudo chmod -R -a "group:everyone deny delete" mydirectoryname

You may have to force another add/remove cycle on some subdirectories, but it took me less than 20 minutes to clean out my home directory this way, and no recurring problems since.

Cheers.

Dec 21, 2007 12:08 PM in response to Midknight32

I think I have a solution to the permissions problem on an account that existed on Tiger before the update to Leopard. The results match an account created in Leopard.

Preparation:

Go to Accounts in Preferences
Make the account an administrator account
Right click on the account in the list on the left
Select Advanced Options
If necessary, change the Group ID to 20

Here we go:

1. Log into the account

2. Remove ACLs recursively starting with (and including) the Home folder, using any of the methods in this thread.

3. Run Terminal

cd /Users/username

4. To make sure the account owns all its files and that the files are in the staff group. After this step, you might not need sudo.

sudo chown -R username:staff *

5. Set the account owner's permissions correctly on all the files.

chmod -R u+rwx *

6. Set the group and everyone permissions correctly on all the files (this messes up the directories temporarily)

chmod -R go+r * to

7. Fix the directories

find . -type d -exec chmod -R go+rx * {} \;

8. Put the right ACLs on the top-level directories in the Home account (that is, Desktop, Documents, Movies) do them one by one, omitting Public and Sites

chmod -R +a "group:everyone deny delete" directoryname

Dec 21, 2007 1:34 PM in response to Ken Collins

On the last step in my previous post, LEAVE OUT -R

Dec 24, 2007 10:22 AM in response to Ken Collins

I get this error in step 7 of your solution:

chmod -R go+r * to
chmod: to: No such file or directory

Jan 5, 2008 2:37 PM in response to Midknight32

As you listed, the chmod man page says this:

"...The +ai# mode may be used to insert inherited entries at a specific location. Note that these modes allow non-canonical ACL ordering to be constructed..."

Is the term "inherited entries" in the page correct, or contributing to confusion (or i'm just confused:)): I would have thought that you would be adding, something like an "inheriting entry"..

recursive ACL's????