site_archiver@lists.apple.com Delivered-To: darwin-dev@lists.apple.com Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=pOtLPDyy+mUsk2JKnwlYE/IAn+C7q++85WIcxCzJ1us=; b=RhPrJTj9ifX9CzAxr0w862wZF0J8e7FsZDLmrLmNCWJvJ6+mp9J1PoFBhFSFUEnz7r cOQ0PrGtgPjxbZGOZbWNras7DoYilZoUU45/XITWBdoqXm7fZIDqOwhs4YnfFf+Qbhk5 Ab5h9okFeIwusv7dY5ySUgg8HzP6+GRlYvctA= Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=S786AI+v7fPmZGs8aSqPy99gW9q65Fges8Fa8a8F6D3KHPR/MYsq63WOl64HMULGSn zE5WkuInGpueXRcrZTM0KsGhwXrXCeC/jxOI29dmnK9sT9E39FqMPUHbb1b8cGx8gBP5 80NW/QTqnzJ7TxxIEIkzkKp7E81w2wICrkLUo= 2009/2/23 Jeremy S. Albrecht <jsalbre@gmail.com>:
Ben,
Check out a program called Sandbox ( http://www.mikey-san.net/sandbox/ ) for easy ACL work. When I have an issue similar to yours I basically set the ACL as desired on the parent directory, tell it that it's inherited from it's parent, and then propagate it to all subfolders, *then* take away the "inherited" flag from the parent folder. A bit of a round-about way to do it, but it works.
If I understand what you are doing, I don't think it is the correct approach. The ACL at the root of an inheritance tree should have at least one ACE that is marked file_inherit or directory_inherit. When these ACEs are copied to child objects, they should be marked with the inherit bit. This is so that everyone else knows how the ACL inheritance tree is constructed and can reflow it. If you don't correctly maintain the inheritance bits, then it all just looks like a collection of direct ACEs to the system. The problem with this is that if someone comes along an adds just one direct ACE to something in the inheritance tree, then you can't reflow any more because you lost the information about which ACEs where inherited and which were not. -- James Peach | jorgar@gmail.com _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-dev mailing list (Darwin-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-dev/site_archiver%40lists.appl... This email sent to site_archiver@lists.apple.com