Crouching lion, hidden UNIX

One of the many things I like about Mac OS X (Server) is the fact it’s a pure-bred UNIX. It’s even certified as such. Not to mention that the Director of Unix Technology at Apple is the person who at one point started the FreeBSD project: Jordan K. Hubbard. (I love FreeBSD, so I’m very appreciative of Jordan’s work)

Another reason I like OS X as much as I do, is because literally anything can be done from the command-line, something a Unix nerd like myself thoroughly loves to do. But, OS X has advanced features like Access Control Lists and all that fancy stuff, so sometimes I can be a bit of a learn to find out how exactly OS X does things compared to other members of the Unix family.

Now, I mentioned ACL’s, when you do something rather simple like ‘ls -la on /Groups’, you get this:

server:Groups username$ ls -la
total 0
drwxr-xr-x+  6 root  wheel   204 Aug  7 21:57 .
drwxr-xr-x  33 root  wheel  1190 Aug 17 09:29 ..
-rwxr-xr-x   1 root  wheel     0 Jul 27 21:29 .localized
drwxrwx---+  5 root  admin   170 Aug 13 12:37 group1
drwxrwx---+  2 root  admin    68 Aug  7 21:57 group2
drwxrwx---+  2 root  admin    68 Jul 27 21:47 workgroup

which is nice enough, but what if I wanted to see the real permissions, including the ACL’s? There’s a switch for that:

ls -lae

Wich produces the following output:

total 0
drwxr-xr-x+  6 root  wheel   204 Aug  7 21:57 .
 0: user:_spotlight inherited allow list,search,file_inherit,directory_inherit
drwxr-xr-x  33 root  wheel  1190 Aug 17 09:29 ..
-rwxr-xr-x   1 root  wheel     0 Jul 27 21:29 .localized
drwxrwx---+  5 root  admin   170 Aug 13 12:37 group1
 0: group:group1 allow list,add_file,search,delete,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,writesecurity,chown,file_inherit,directory_inherit
 1: user:_spotlight inherited allow list,search,file_inherit,directory_inherit
drwxrwx---+  2 root  admin    68 Aug  7 21:57 group2
 0: group:group2 allow list,add_file,search,delete,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,writesecurity,chown,file_inherit,directory_inherit
 1: user:_spotlight inherited allow list,search,file_inherit,directory_inherit
drwxrwx---+  2 root  admin    68 Jul 27 21:47 workgroup
 0: 839AE424-BBF3-442E-BAD6-C8B5E8B596F5 allow list,add_file,search,delete,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,writesecurity,chown,file_inherit,directory_inherit
 1: user:_spotlight inherited allow list,search,file_inherit,directory_inherit

It might be a bit daunting to read through, but heck if it does’t show you exactly what you need to see. It’s really easy seeing ACL’s on Mac OS X with ls!

In case you’re wondering, the ‘839AE424-BBF3-442E-BAD6-C8B5E8B596F5’ part corresponds to a UserID in OpenDirectory/LDAP.

Leave a Reply

Your email address will not be published. Required fields are marked *