Propagate All ACLs from CLI

Question

Propagate All ACLs from CLI

I'd like to be able to do the equivalent of Server Admin/File Sharing's *Propagate Permissions...: Access Control List* from the command line.

Which is to say, I'd like to be able to recursively enforce inherited ACLs from an arbitrary root directory all the way down, assuring that all children take after their parents according to whatever rules are set for each directory, without actually assigning any new permissions.

My attempts to use chmod have been only partially successful, and I'm plagued by the sense that I'm reinventing the wheel.

Anybody?

Mac Pro 2x2.26 Quad, et al, Mac OS X (10.5.7), OS X Server 10.5.7

Posted on Jul 20, 2009 12:35 AM

Reply

Answer 1

Jul 20, 2009 9:13 PM in response to Mabel O'Farrell

Thanks, but that's not what I'm after. Reading the ACLs isn't the issue. Server Admin does a fine job reading and propagating ACLs, but I need to replicate the propagation functionality in a shell script.

I'm dealing with a situation where I receive an entire file system where only the folders have ACLs, but the permissions of the files have been stripped. I just wish I knew what SA is actually doing when I tell it "propagate ACLs". Whatever it is, It works perfectly, but I need to be able to script it. Using an application to execute it isn't an option.

Reply

Answer 2

Camelot

Level 9

54,339 points

Jul 20, 2009 8:33 AM in response to R Bryan Harrison

You need to set the file_inherit and/or <directory_inherit> options on the top level of the directory in order for ACLs to propagate down:

chmod +a "guest allow file_inherit" /path/to/dir

The above will ensure that all files in /path/to/dir will inherit the directory's guest ACLs.

Note that the above command does not apply the ACL to existing files, only to ones created after the ACL is applied. You can use chmod -R switch to apply the ACL recursively (i.e. to existing files/directories, too).

Reply

Answer 3

Jul 20, 2009 2:02 PM in response to Camelot

Thanks. Unfortunately, what I basically want is to apply existing folder ACLs to existing files. (Don't ask why they don't already have them. Suffice it to say I'll need to do this frequently.)

Reply

Answer 4

Jul 20, 2009 8:15 PM in response to R Bryan Harrison

Do this in Terminal.app:
cd /path/to/sharepointorfolder
Then:
ls -lae
The directory listing will return the ACLs on the contents of the sharepoint or folder.

Alternatively, you can use the GUI application ' Sandbox' to inspect, add, remove, or modify, the ACLs on any folder on your server to determine what the issue is.

Reply