• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: acl_delete_file_np
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: acl_delete_file_np

  • Subject: Re: acl_delete_file_np
  • From: Michael Smith <email@hidden>
  • Date: Wed, 16 Aug 2006 12:47:40 -0700

On Aug 16, 2006, at 12:01 PM, email@hidden wrote:

Message: 2
Date: Tue, 15 Aug 2006 20:43:39 -0700 (PDT)
From: Brendan Creane <email@hidden>
Subject: acl_delete_file_np
To: email@hidden
Message-ID: <email@hidden>
Content-Type: text/plain; charset=iso-8859-1

Hello Darwin-List,

I've been trying to remove the access control list
entries associated with a file, and not having
success. All of the following consistently return
ENOENT: acl_delete_file_np(), acl_delete_link_np(),
and acl_delete_fd_np(), though the path or file
descriptor is valid. When I walk into the library
routine's assembly code, it looks like the call is
stubbed out -- pop the stack and then return to the
caller.

Does anyone know the status of the acl_delete routines
under OS X 10.4.7? If indeed they aren't functional,
is the best work-around to delete acl entries
one-by-one?


Deleting entries one by one gives you an ACL with zero entries, which
is not the same as no ACL at all; in particular, Windows systems will
interpret this as "deny all", vs. "allow all" implied by having no ACL.

You can remove the ACL on a file with setattrlist(2), by specifying an
ACL with an entrycount of KAUTH_FILESEC_NOACL.  This is handled
by this slightly dodgy fragment of code in xnu/bsd/vfs/vfs_attrlist.c:

                nace = rfsec->fsec_acl.acl_entrycount;
                if (nace == KAUTH_FILESEC_NOACL) {
                        /* deleting ACL */
                        VATTR_SET(&va, va_acl, NULL);
                } else {

if (nace > KAUTH_ACL_MAX_ENTRIES) { /* ACL size invalid */
error = EINVAL;
VFS_DEBUG(ctx, vp, "ATTRLIST - ERROR: supplied ACL is too large");
goto out;
}
VATTR_SET(&va, va_acl, &rfsec->fsec_acl);
}

You should, however, file a bug against the stubbed libSystem routines;
they should be fleshed out, as they are the preferred interface. In particular,
setattrlist takes the kauth_filesec_t structure which is not really meant to
be exposed.

 = Mike
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden




    

  • Prev by Date:
Re: acl_delete_file_np

    • 

  • Next by Date:
PlayListBroadcaster for Window did not create sdp file with special	name

    • 

  • Previous by thread:
Re: acl_delete_file_np

    • 

  • Next by thread:
suggestions to develop a PCI driver

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •