do not step out
29/Jun/2005 | 14:31

I've been working with Tiger Server's access control lists lately, in various file tweaking flurries. Server Admin's interface for manipulating them is decent, but chmod is also really usable, if you know the modes you can set. Here's an example:

$ chmod +a "mikey allow delete" file.txt

Wait a second. I forgot something.

Can you spot what it is?

. . . Where's the group name? ACLs set permissions for both users and groups. Here's the problem, though: chmod doesn't have a way to distinguish between user names and group names when editing ACLs. I can't seem to find information on which takes precedence, user or group, but honestly, I still see this as an oversight that requires correction.

$ chmod +a "pants deny read" file.txt
$ chmod +a "socks allow write" file.txt

Which one is a user, and which one is a group?

Now, realistically, it shouldn't crop up as much of an issue. I can't think of a scenario where I would be named "mikey" and not belong to the "mikey" group, but I've seen stranger setups in corporate offices before. I'm a "future sight" kind of person, and since, as they say, you don't know what you don't know, there's no telling what kinds of problems this sort of ambiguity could present.

Here's hoping Apple takes note of the issue.


Have you tried

chmod g+a "socks allow write" file.txt

That's how traditional chmod adjusts group permissions. I'm not at a Tiger machine right now, so I can't test it.

posted by Brett Johnson on June 29, 2005 at 17:01