[Fed-Talk] Home directory ACL's
[Fed-Talk] Home directory ACL's
- Subject: [Fed-Talk] Home directory ACL's
- From: Mark Moorcroft <email@hidden>
- Date: Fri, 07 Mar 2008 16:50:01 -0800
- Thread-topic: Home directory ACL's
Has anyone noticed or been interested in the discrepancies between the ACL's
in the account created at install time and all subsequent "unmanaged"
accounts? I create accounts for 4 administrators plus myself. The initial
account has the following ACL's:
drwxr-xr-x+ 20 tsadmin staff 680 Mar 7 16:25 tsadmin
bash-3.2# ls -lae /Users/tsadmin/
total 56
drwxr-xr-x+ 20 tsadmin staff 680 Mar 7 16:25 .
0: group:everyone deny delete
drwxr-xr-x 9 root admin 306 Mar 6 15:41 ..
-rw------- 1 tsadmin staff 3 Mar 6 14:59 .CFUserTextEncoding
-rw-r--r--@ 1 tsadmin staff 6148 Mar 6 15:00 .DS_Store
drwx------ 5 tsadmin staff 170 Mar 6 17:17 .Trash
-rw------- 1 tsadmin staff 0 Mar 6 16:24 .Xauthority
-rw------- 1 root staff 661 Mar 6 16:38 .bash_history
-rw------- 1 root staff 35 Mar 7 16:26 .lesshst
drwx------ 2 tsadmin staff 68 Mar 6 16:32 .macports
-rw-r--r-- 1 tsadmin staff 95 Mar 6 17:02 .profile
-rw------- 1 root staff 1324 Mar 6 16:34 .viminfo
drwx------+ 4 tsadmin staff 136 Mar 6 17:17 Desktop
0: group:everyone deny delete
drwx------+ 4 tsadmin staff 136 Mar 6 14:59 Documents
0: group:everyone deny delete
drwx------+ 4 tsadmin staff 136 Mar 6 16:44 Downloads
0: group:everyone deny delete
drwx------+ 28 tsadmin staff 952 Mar 6 15:30 Library
0: group:everyone deny delete
drwx------+ 3 tsadmin staff 102 Mar 6 14:59 Movies
0: group:everyone deny delete
drwx------+ 3 tsadmin staff 102 Mar 6 14:59 Music
0: group:everyone deny delete
drwx------+ 4 tsadmin staff 136 Mar 6 14:59 Pictures
0: group:everyone deny delete
drwxr-xr-x+ 5 tsadmin staff 170 Mar 6 14:59 Public
0: group:everyone deny delete
drwxr-xr-x+ 5 tsadmin staff 170 Mar 6 14:59 Sites
0: group:everyone deny delete
All subsequent accounts are:
drwxr-xr-x 14 ebrown staff 476 Mar 6 15:51 ebrown
bash-3.2# ls -lae /Users/ebrown/
total 24
drwxr-xr-x 14 ebrown staff 476 Mar 6 15:51 .
drwxr-xr-x 9 root admin 306 Mar 6 15:41 ..
-rw------- 1 ebrown staff 3 Mar 6 14:59 .CFUserTextEncoding
-rw-r--r--@ 1 ebrown staff 6148 Mar 6 15:00 .DS_Store
drwx------ 2 ebrown staff 68 Mar 6 15:37 .Trash
drwx------+ 3 ebrown staff 102 Mar 6 15:51 Desktop
0: group:everyone deny delete
drwx------+ 4 ebrown staff 136 Mar 6 15:51 Documents
0: group:everyone deny delete
drwx------+ 4 ebrown staff 136 Mar 6 15:51 Downloads
0: group:everyone deny delete
drwx------ 28 ebrown staff 952 Mar 6 15:51 Library
drwx------+ 3 ebrown staff 102 Mar 6 15:51 Movies
0: group:everyone deny delete
drwx------+ 3 ebrown staff 102 Mar 6 15:51 Music
0: group:everyone deny delete
drwx------+ 4 ebrown staff 136 Mar 6 15:51 Pictures
0: group:everyone deny delete
drwxr-xr-x+ 5 ebrown staff 170 Mar 6 15:51 Public
0: group:everyone deny delete
drwxr-xr-x 5 ebrown staff 170 Mar 6 15:51 Sites
The differences are subtle but I would expect them to be the same.
bash-3.2# uname -a
Darwin mathilde.arc.nasa.gov 9.2.0 Darwin Kernel Version 9.2.0: Tue Feb 5
16:15:19 PST 2008; root:xnu-1228.3.13~1/RELEASE_PPC Power Macintosh
This is 10.5.2 all patched.
Here is the Template:
bash-3.2# ls -lae /System/Library/User\ Template/English.lproj/
total 8
drwxr-xr-x 12 root wheel 408 Mar 6 12:09 .
drwx------ 5 root wheel 170 Sep 23 23:01 ..
-rw------- 1 root wheel 3 Jul 24 2007 .CFUserTextEncoding
drwx------+ 3 root wheel 102 Oct 2 11:16 Desktop
0: group:everyone deny delete
drwx------+ 4 root wheel 136 Oct 2 11:16 Documents
0: group:everyone deny delete
drwx------+ 4 root wheel 136 Oct 2 11:16 Downloads
0: group:everyone deny delete
drwx------+ 20 root wheel 680 Oct 2 11:16 Library
0: group:everyone deny delete
drwx------+ 3 root wheel 102 Oct 2 11:16 Movies
0: group:everyone deny delete
drwx------+ 3 root wheel 102 Oct 2 11:16 Music
0: group:everyone deny delete
drwx------+ 4 root wheel 136 Mar 6 12:09 Pictures
0: group:everyone deny delete
drwxr-xr-x+ 4 root wheel 136 Oct 2 11:16 Public
0: group:everyone deny delete
drwxr-xr-x+ 5 root wheel 170 Mar 6 12:09 Sites
0: group:everyone deny delete
I'm starting to work on my Leopard CIS benchmark build.
--
Mark Moorcroft
ELORET Corp.
650-604-4784
mailto:email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden