Q: Using "Apply to Enclosed Items" on a Home folder

The "Apply to Enclosed items" feature in the Sharing & Permissions" section of a Get Info window can have undesired consequences when applied to a home folder or one of its system-supplied subfolders (Documents, Desktop, Pictures, etc). This issue seems to come up a lot, and so I thought I would share some recent testing that I've done.

Apple has an earlier Leopard support article about this issue:

Mac OS X 10.5: Renaming or saving after using "Apply to enclosed items" on a Home folder

I've tried to explore this on my own dual-boot Snow Leopard-Lion setup, using a newly-created admin account on both systems for testing. Here are my results:

In both Lion and Snow Leopard, the home folder and its main subfolders carry an "everyone deny delete" ACL, a custom permission that does not show up in the Get Info window.

In Lion, but not in Snow Leopard, using "Apply to enclosed items" on the home folder propagates that "everyone deny delete" ACL onto the contained user data files and folders.  There is no outward sign that this has happened, but if you then try to rename or Trash one of your user files or folders, you will need to authenticate your action with your admin password. This is clearly undesirable.

Once this happens, you cannot recover just by running the "Reset Home Folder Permssions and ACLs" utility that is on the Recovery HD. This will not remove the unwanted ACLs that are on the user-created items. The Terminal command "chmod -RN ~"  will remove the unwanted ACLs, but will also remove the original desired ACLs on the home folder itself and on its main subfolders. When I ran this command I also received the error message "chmod: Failed to clear ACL on file ubiquity.socket: Invalid argument," This didn't seem to matter - the command still cleared the other ACLs properly.

THe recovery strategy of first running "chmod -RN ~", and then running the "Reset Home Folder Permissions and ACLs" utility on the Recovery HD seemed to work well.  Except for the location of the utility program, this is equivalent to Apple's recommended procedure in the Leopard support article mentioned above. That article advised  using sudo chmod -RN ~; I did not need the sudo.

At least in my system, Snow Leopard seemed to have a safeguard that was missing in Lion - as mentioned, in my Snow Leopard system the ACL on the home folder did not get propagated to the contained user items after using the "Apply to enclosed items" feature.

If anyone has done some testing and gotten different results from the above, please post details.

My own view is that to avoid all these issues a safe rule would be not to use "Apply to enclosed items" on any folder that you did not create yourself.