1221 Views Previous 1 2 Next 20 Replies Latest reply: May 22, 2008 2:24 PM by joshz Go to original post
because when I try *chmod +a* it doesn't work right. I'm not sure why but I tested it with a couple of accounts on my computer and if I don't use +ai,
and user 2 drops a file in Drop Box of user 1, then user 1 doesn't get full privileges to that file. Instead, user 2 gets those privileges! By this I mean that user 2 not only remains the owner of that file (that's of course expected) but that file also acquires a bunch of ACLs giving user 2 full access to it!
It sounds weird but that's what happens when I test it. Could you test it yourself and see how it works for you?
It may be because of a weird setup on my machine (i chmod -R 770'd my home directory to give my admin account full access), but it worked fine (no acls on the file). Here's the permissions from an ls -ale ~/Public/Drop\ Box:
Josh:~ josh$ ls -ale ~/Public/Drop\ Box/
drwxrwx---+ 4 josh admin 136 May 17 17:09 .
0: user:josh allow list,addfile,search,delete,add_subdirectory,delete_child,readattr,writeattr,readextattr, writeextattr,readsecurity,writesecurity,chown,file_inherit,directoryinherit
drwxrwx---+ 5 josh admin 170 Mar 6 2007 ..
0: group:everyone deny delete
-rwxrwx--- 1 josh admin 0 Nov 12 2006 .localized
-rw-r--r-- 1 admin staff 317 May 17 17:09 Untitled.rtf
In Leopard, if "Apply to enclosed Items" is used on the home folder, massive permissions issues can be caused on the home folder-symptoms are having to provide your password to move items within your home folder, as well as having to provide your password to rename items in your home folder. The issues are caused by putting a hidden ACL permission entry on everything in your home folder.
The solution is to:
1. Open /Applications/Utilities/Terminal from the affected account.
IMPORTANT NOTE: copy the blue text in. Don't attempt to retype it, as a mistake could cause more issues.
2. Copy the blue text in, and press enter. chmod -R -N ~
That command removes all ACL entries from your home folder. The next commands put them back where they should be.
3. (Press enter after copying and pasting this command in). chmod +a "everyone deny delete" ~/ ~/Desktop ~/Documents ~/Downloads ~/Library ~/Movies ~/Music ~/Pictures ~/Public ~/Sites
4. (Press enter after copying and pasting this command in). chmod +a "`id -un` allow list,addfile,search,delete,add_subdirectory,delete_child,readattr,writeattr,readextattr, writeextattr,readsecurity,writesecurity,chown,file_inherit,directoryinherit" ~/Public/Drop\ Box
After running those commands, your home folder permissions should be fine.