site_archiver@lists.apple.com Delivered-To: darwin-dev@lists.apple.com On Aug 16, 2006, at 12:01 PM, darwin-dev-request@lists.apple.com wrote: Message: 2 Date: Tue, 15 Aug 2006 20:43:39 -0700 (PDT) From: Brendan Creane <bcreane@yahoo.com> Subject: acl_delete_file_np To: darwin-dev@lists.apple.com Message-ID: <20060816034339.76588.qmail@web37211.mail.mud.yahoo.com> Content-Type: text/plain; charset=iso-8859-1 Hello Darwin-List, I've been trying to remove the access control list entries associated with a file, and not having success. All of the following consistently return ENOENT: acl_delete_file_np(), acl_delete_link_np(), and acl_delete_fd_np(), though the path or file descriptor is valid. When I walk into the library routine's assembly code, it looks like the call is stubbed out -- pop the stack and then return to the caller. Does anyone know the status of the acl_delete routines under OS X 10.4.7? If indeed they aren't functional, is the best work-around to delete acl entries one-by-one? Deleting entries one by one gives you an ACL with zero entries, which is not the same as no ACL at all; in particular, Windows systems will interpret this as "deny all", vs. "allow all" implied by having no ACL. You can remove the ACL on a file with setattrlist(2), by specifying an ACL with an entrycount of KAUTH_FILESEC_NOACL. This is handled by this slightly dodgy fragment of code in xnu/bsd/vfs/vfs_attrlist.c: nace = rfsec->fsec_acl.acl_entrycount; if (nace == KAUTH_FILESEC_NOACL) { /* deleting ACL */ VATTR_SET(&va, va_acl, NULL); } else { = Mike _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-dev mailing list (Darwin-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-dev/site_archiver%40lists.appl... if (nace > KAUTH_ACL_MAX_ENTRIES) { /* ACL size invalid */ error = EINVAL; VFS_DEBUG(ctx, vp, "ATTRLIST - ERROR: supplied ACL is too large"); goto out; } VATTR_SET(&va, va_acl, &rfsec->fsec_acl); } You should, however, file a bug against the stubbed libSystem routines; they should be fleshed out, as they are the preferred interface. In particular, setattrlist takes the kauth_filesec_t structure which is not really meant to be exposed. This email sent to site_archiver@lists.apple.com