• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: ACLs, ACE and ls -e / chmod
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ACLs, ACE and ls -e / chmod

  • Subject: Re: ACLs, ACE and ls -e / chmod
  • From: James Peach <email@hidden>
  • Date: Thu, 5 Feb 2009 10:36:47 -0800
2009/2/5 John Michael Zorko <email@hidden>:
>
> Hello, all ...
>
> I'm writing code to save file ACLs in a sqlite database.  While learning how
> to read the ACL of a file / directory, I learned a lot just by looking at
> the source for the Darwin 'ls' command.  However, i've a question. The 'ls'
> source (print.c:321) has a for loop that does something like this for each
> ACE in an ACL:
>
>    for (i = 0, first = 0; acl_perms[i].name != NULL; i++) {
>      if (acl_get_perm_np(perms, acl_perms[i].perm) == 0)
>        continue;
>      if (!(acl_perms[i].flags & (isdir ? ACL_PERM_DIR : ACL_PERM_FILE)))
>        continue;
>      (void)printf("%s%s", first++ ? "," : "", acl_perms[i].name);
>    }
>
> ... since this is a for loop and there is no break statement after the
> printf, i'm wondering if it is possible for one ACE to represent multiple
> permissions i.e. "jmzorko deny write allow read allow execute" (even though
> chmod only seems to take one user / permission at a time).  I want to make
> sure I save everything about the ACL in my database.

An ACE contains an identity, a type and a set of permissions. This
means that a single ACE can allow OR deny more than one permission but
it can't allow AND deny.

"jmzorko deny write allow read allow execute" breaks down into 2 ACES:
    jmzorko deny write
    jmzorko allow read execute

Darwin ACLs follow the Windows ACL model pretty closely, so the
description of ACL structure here
<http://alt.pluralsight.com/wiki/default.aspx/Keith.GuideBook/WhatIsAnAccessControlList.html>
is quite applicable. Just substitute GUID where it says SID.

If you rewrite ACLs, remember to preserve the canonical ordering (see
chmod(1)) because there's no API in the system to do that for you.

--
James Peach | email@hidden
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • Re: ACLs, ACE and ls -e / chmod
      • From: John Michael Zorko <email@hidden>
References: 
 >ACLs, ACE and ls -e / chmod (From: John Michael Zorko <email@hidden>)

  • Prev by Date: ACLs, ACE and ls -e / chmod
  • Next by Date: Re: ACLs, ACE and ls -e / chmod
  • Previous by thread: ACLs, ACE and ls -e / chmod
  • Next by thread: Re: ACLs, ACE and ls -e / chmod
  • Index(es):
    • Date
    • Thread