[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[rdiff-backup-users] Insights - Mac OS X - ACLs and Resource forks are x
|
From: |
Murali Vadivelu |
|
Subject: |
[rdiff-backup-users] Insights - Mac OS X - ACLs and Resource forks are xattrs? |
|
Date: |
Fri, 25 Nov 2005 13:59:49 +0000 |
Dear All,
I have had this suspicion for a while now and it seems to be right.
It could be very useful and may simplify many compatibility issues
with Mac OS X (HFS+) and other file systems.
As in earlier versions of Mac OS X, files prefixed with "._" contain
all of the metadata for their un-prefixed partner that the native
volume format cannot contain in a single file: resource forks, flags,
dates, and now in Tiger, extended attributes. -- from http://
arstechnica.com/reviews/os/macosx-10.4.ars/7
I have known the above but then did not suspect ACLs to be stored
along with xattr/ rsrc forks (But I doubted it as pylibacl had
problems with Mac OS X Tiger ACLs) - This post confirms it: http://
list.cashcow.dk/users/0229.html --
Each file is also associated with a set of extended attributes, that can
be accessed using the xattr system calls. These system calls are found
in other BSD systems as well, but not in FreeBSD. The extended
attributes can be used to store extra keywords that you can search for
using the Spotlight GUI (or mdfind commands). *** They also store ACL
information. ***
Since py-xattr does work in Mac OS X python (from undefined.org/
python/), I have also submitted a fink package for the same, it
should simplify ACL/ rsrc fork / metadata mangement in Mac OS X
Tiger, at least.
man:chmod (Tiger OS X 10.4) - It does not use setfacl (known fact
though):
ACL MANIPULATION OPTIONS
ACLs are manipulated using extensions to the symbolic mode
grammar. Each
file has one ACL, containing an ordered list of entries. Each
entry
refers to a user or group, and grants or denies a set of
permissions.
The following permissions are applicable to all filesystem
objects:
delete Delete the item. Deletion may be granted by
either this
permission on an object or the delete_child right
on the
containing directory.
readattr
Read an objects basic attributes. This is
implicitly
granted if the object can be looked up and not
explicitly
denied.
writeattr
Write an object's basic attributes.
readextattr
Read extended attributes.
writeextattr
Write extended attributes.
readsecurity
Read an object's extended security information
(ACL).
writesecurity
Write an object's security information
(ownership, mode,
ACL).
chown Change an object's ownership.
The following permissions are applicable to directories:
list List entries.
search Look up files by name.
add_file
Add a file.
add_subdirectory
Add a subdirectory.
delete_child
Delete a contained object. See the file delete
permission
above.
The following permissions are applicable to non-directory
filesystem
objects:
read Open for reading.
write Open for writing.
append Open for writing, but in a fashion that only
allows writes
into areas of the file not previously written.
execute
Execute the file as a script or program.
ACL inheritance is controlled with the following permissions
words, which
may only be applied to directories:
file_inherit
Inherit to files.
directory_inherit
Inherit to directories.
limit_inherit
This flag is only relevant to entries inherited
by subdi-
rectories; it causes the directory_inherit flag
to be
cleared in the entry that is inherited,
preventing further
nested subdirectories from also inheriting the
entry.
only_inherit
The entry is inherited by created items but not
considered
when processing the ACL.
The ACL manipulation options are as follows:
+a The +a mode parses a new ACL entry from the next
argument on the
commandline and inserts it into the canonical location
in the
ACL. If the supplied entry refers to an identity
already listed,
the two entries are combined.
Examples
# ls -le
-rw-r--r--+ 1 juser wheel 0 Apr 28 14:06 file1
# chmod +a "admin allow write" file1
# ls -le
-rw-r--r--+ 1 juser wheel 0 Apr 28 14:06 file1
owner: juser
1: admin allow write
# chmod +a "guest deny read" file1
# ls -le
-rw-r--r--+ 1 juser wheel 0 Apr 28 14:06 file1
owner: juser
1: guest deny read
2: admin allow write
# chmod +a "admin allow delete" file1
# ls -le
-rw-r--r--+ 1 juser wheel 0 Apr 28 14:06 file1
owner: juser
1: guest deny read
2: admin allow write,delete
The +a mode strives to maintain correct canonical form
for the
ACL.
local deny
local allow
inherited deny
inherited allow
By default, chmod adds entries to the top of the local
deny and
local allow lists. Inherited entries are added by using
the +ai
mode.
Examples
# ls -le
-rw-r--r--+ 1 juser wheel 0 Apr 28 14:06 file1
owner: juser
1: guest deny read
2: admin allow write,delete
3: juser inherited deny delete
4: admin inherited allow delete
5: backup inherited deny read
6: admin inherited allow write-security
# chmod +ai "others allow write" file1
# ls -le
-rw-r--r--+ 1 juser wheel 0 Apr 28 14:06 file1
owner: juser
1: guest deny read
2: admin allow write,delete
3: juser inherited deny delete
4: others inherited allow read
5: admin inherited allow delete
6: backup inherited deny read
7: admin inherited allow write-security
+a# When a specific ordering is required, the exact
location at which
an entry will be inserted is specified with the +a# mode.
Examples
# ls -le
-rw-r--r--+ 1 juser wheel 0 Apr 28 14:06 file1
owner: juser
1: guest deny read
2: admin allow write
# chmod +a# 2 "others deny read" file1
# ls -le
-rw-r--r--+ 1 juser wheel 0 Apr 28 14:06 file1
owner: juser
1: guest deny read
2: others deny read
3: admin allow write
The +ai# mode may be used to insert inherited entries
at a spe-
cific location. Note that these modes allow non-
canonical ACL
ordering to be constructed.
-a The -a mode is used to delete ACL entries. All entries
exactly
matching the supplied entry will be deleted. If the
entry lists a
subset of rights granted by an entry, only the rights
listed are
removed. Entries may also be deleted by index using the
-a# mode.
Examples
# ls -le
-rw-r--r--+ 1 juser wheel 0 Apr 28 14:06 file1
owner: juser
1: guest deny read
2: admin allow write,delete
# chmod -a# 1 file1
# ls -le
-rw-r--r--+ 1 juser wheel 0 Apr 28 14:06 file1
owner: juser
1: admin allow write,delete
# chmod -a "admin allow write" file1
# ls -le
-rw-r--r--+ 1 juser wheel 0 Apr 28 14:06 file1
owner: juser
1: admin allow delete
Inheritance is not considered when processing the -a
mode; rights
and entries will be removed regardless of their
inherited state.
=a# Individual entries are rewritten using the =a# mode.
Examples
# ls -le
-rw-r--r--+ 1 juser wheel 0 Apr 28 14:06 file1
owner: juser
1: admin allow delete
# chmod =a# 1 "admin allow write,chown"
# ls -le
-rw-r--r--+ 1 juser wheel 0 Apr 28 14:06 file1
owner: juser
1: admin allow write,chown
This mode may not be used to add new entries.
-E Reads the ACL information from stdin, as a sequential
list of
ACEs, separated by newlines. If the information parses
cor-
rectly, the existing information is replaced.
-C Returns false if any of the named files have ACLs in
non-canoni-
cal order.
-i Removes the 'inherited' bit from all entries in the
named file(s)
ACLs.
-I Removes all inherited entries from the named file(s) ACL
(s).
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [rdiff-backup-users] Insights - Mac OS X - ACLs and Resource forks are xattrs?,
Murali Vadivelu <=