One of the many things I like about Mac OS X (Server) is the fact it’s a pure-bred UNIX. It’s even certified as such. Not to mention that the Director of Unix Technology at Apple is the person who at one point started the FreeBSD project: Jordan K. Hubbard. (I love FreeBSD, so I’m very appreciative of Jordan’s work)
Another reason I like OS X as much as I do, is because literally anything can be done from the command-line, something a Unix nerd like myself thoroughly loves to do. But, OS X has advanced features like Access Control Lists and all that fancy stuff, so sometimes I can be a bit of a learn to find out how exactly OS X does things compared to other members of the Unix family.
Now, I mentioned ACL’s, when you do something rather simple like ‘ls -la on /Groups’, you get this:
server:Groups username$ ls -la total 0 drwxr-xr-x+ 6 root wheel 204 Aug 7 21:57 . drwxr-xr-x 33 root wheel 1190 Aug 17 09:29 .. -rwxr-xr-x 1 root wheel 0 Jul 27 21:29 .localized drwxrwx---+ 5 root admin 170 Aug 13 12:37 group1 drwxrwx---+ 2 root admin 68 Aug 7 21:57 group2 drwxrwx---+ 2 root admin 68 Jul 27 21:47 workgroup
which is nice enough, but what if I wanted to see the real permissions, including the ACL’s? There’s a switch for that:
ls -lae
Wich produces the following output:
total 0 drwxr-xr-x+ 6 root wheel 204 Aug 7 21:57 . 0: user:_spotlight inherited allow list,search,file_inherit,directory_inherit drwxr-xr-x 33 root wheel 1190 Aug 17 09:29 .. -rwxr-xr-x 1 root wheel 0 Jul 27 21:29 .localized drwxrwx---+ 5 root admin 170 Aug 13 12:37 group1 0: group:group1 allow list,add_file,search,delete,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,writesecurity,chown,file_inherit,directory_inherit 1: user:_spotlight inherited allow list,search,file_inherit,directory_inherit drwxrwx---+ 2 root admin 68 Aug 7 21:57 group2 0: group:group2 allow list,add_file,search,delete,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,writesecurity,chown,file_inherit,directory_inherit 1: user:_spotlight inherited allow list,search,file_inherit,directory_inherit drwxrwx---+ 2 root admin 68 Jul 27 21:47 workgroup 0: 839AE424-BBF3-442E-BAD6-C8B5E8B596F5 allow list,add_file,search,delete,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,writesecurity,chown,file_inherit,directory_inherit 1: user:_spotlight inherited allow list,search,file_inherit,directory_inherit
It might be a bit daunting to read through, but heck if it does’t show you exactly what you need to see. It’s really easy seeing ACL’s on Mac OS X with ls!
In case you’re wondering, the ‘839AE424-BBF3-442E-BAD6-C8B5E8B596F5’ part corresponds to a UserID in OpenDirectory/LDAP.