Leopard ACLs

Posted by unbrand on 25 November 2007 | 2 Comments

Tags: Apple, Leopard

I love Apple's Leopard. Except for the Access Control Lists.

It seems that as part of backing up to Time Machine, Leopard will set a bunch of ACLs on each file and directory that go into Time Machine: 

simpler:src brian$ ls -le README 
-rw-r--r--@ 1 brian  staff  111 20 Oct 18:12 README
 0: group:everyone deny write,delete,append,writeattr,writeextattr,chown
The 'e' above in the 'ls -le' means "show ACL information", and that line beginning with '0:' means "nobody can do shit on this file even if the file permissions are set to 777. Ha! Sucker."

Why does it matter? It matters if you want to do something crazy like manually copy a file (or a directory) from Time Machine to your filesystem. Which I wanted to do because I had some stuff on a beta Time Machine drive that I wanted to wipe once Leopard went final. I thought I could just copy files from the Time Machine drive to my new regular Leopard installation. After much weeping and gnashing of teeth, I finally found a way to make it work.

The answer lies in using chmod to remove the ACLs. I thought this would get rid of the time machine crap on all directories from here down: 
find . -type d | xargs chmod -a# 0
(no, this won't work b/c chmod can't take a bunch of fname args at once, which is what find throws at it)

The following works because one chmod will be executed for each directory, like we want: 
find . -type d -exec chmod -a# 0 {} \;
Just replace the 'type d' above with 'type f' to remove the ACL for regular files.

Lastly, to make sure I got everything (I had over 140,000 files/dirs to deal with!), I created a file which could be grepped for "0: ": 
ls -lateR > ACLtest
Whew. You know, I don't really mind all this too much, because technically it makes a lot of sense what Apple chose to do with ACLs and Time Machine. My only gripe is that Apple didn't tell anyone outside of Apple HQ about all this! Maybe it's hidden somewhere in the bowels of developer documentation? Dunno. Seems like a lot of people are going to try to copy files from a Time Machine drive onto their local hard drive, only to find they can't add to directories, modify files, etc.

Post your comment

Comments

  • Wanted to let you know that your find/xargs/chown script there can be done with using find's print-w/-null-terminator option "-print0". Along with xargs's -0 switch you can get this done like so:

    find . -type d -print0 | xargs -0 chmod -a# 0

    This will end up being more efficient because chmod will only execute once but in your above script chown gets executed for every file found.

    Hope that helps!

    Posted by Jesse, 23/04/2008 1:44pm (4 months ago)

  • Hey there,

    Just wanted to drop a line and say thanks a million for posting this. I've been trying to figure out how to feed all file names under my / and /Volumes/XYZ to chmod command to remove the ACLs.

    You are the BOMB. Live well my friend,
    Jack

    Posted by Jack, 10/04/2008 6:53am (5 months ago)

RSS feed for comments on this page