Be careful using this: Apple hides it away because of the dangerous changes which you could inadvertently make with it. Try removing user ID 501 and you will immediately wreak havoc with every file and folder owned by the primary admin user – this is the notorious ‘missing 501’ problem.Īlthough the Finder’s Get Info dialog will display lists of users and groups, they’re incomplete, and the best way to view and study them is in Directory Utility, a tool now hidden away in /System/Library/CoreServices/Applications. Move an external drive to another Mac, and it won’t see the files on there as being owned by username, but by user ID 501. This is important because of the association of that user ID with all your files and folders. When macOS is configured on your Mac, that first admin account is always given the number 501. In this context, you should remember just one number: 501, the number invariably assigned to the primary admin user of every Mac. MacOS, like all breeds of Unix, doesn’t itself work with names for users and groups, but with numbers. Permissions are granted on the basis of the item’s owner and group, so this short article looks at how you can discover lists of owners and groups, and how to change the owner and group of a file or folder – another basic user skill. The Finder's idea of "Read only" access corresponds to read,readattr,readextattr,readsecurity, and its "Read & Write" access corresponds to read,write,append,readattr,writeattr,readextattr,writeextattr,readsecurity.Last week, I looked at changing the permissions of a file or folder, both using the Finder and in the command line. You also need to specify a full list of types of read and/or write (or other) access are being granted. So to add access for another group, you need to add an ACE. The Finder hides the distinction between POSIX permissions and ACEs, but anytime you have more than one user or group, the additional ones are ACEs. They can (but usually don't) have a list of ACEs that allow (or deny, but don't worry about that) access to additional users and/or groups, and have much more detailed control over what access is being allowed (/denied). All files and folders have POSIX permissions, consisting of one user (the owner), one group, and everyone else, and for each of those some combination of read, write, and execute (don't ask) access. Longer answer, the theory: macOS has two different types of file permissions: standard POSIX (unix-like) permissions, and access control lists (ACLs) consisting of one or more access control entries (ACEs). This wipes that entire entry like the "-" control does in the GUI. To just remove an entry of the ACL, you can use chmod -a# followed by the entry number (you can see the numbers in the ls -le output). To examine these ACLs and check your work: ls -le /path/to/file.txtĪdvanced usage: you can use chmod =a# to rewrite the numbered rule instead of adding or removing entries. To add Read & Write access: chmod +a "group:mygroup allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity" /path/to/folderĪnd for a file: chmod +a "group:mygroup allow read,write,append,readattr,writeattr,readextattr,writeextattr,readsecurity" /path/to/file.txt Longer answer, the practical details: to add (or remove) Read only access for the group mygroup to the folder at /path/to/folder: chmod +a "group:mygroup allow list,search,readattr,readextattr,readsecurity" /path/to/folderĬhmod -a "group:mygroup allow list,search,readattr,readextattr,readsecurity" /path/to/folderįor a file, Read only access would be: chmod +a "group:mygroup allow read,readattr,readextattr,readsecurity" /path/to/file.txt Really short answer: use chmod +a to add access control entries, ls -le to view them, and man chmod and man ls for details. Permissions on macOS are rather complex the Finder hides most of the complexity, but at the command line it's fully exposed and you have to deal with it. Yes, you can do it, but it's a bit complicated.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |