783 words
While I appreciate the Unix underpinnings of Mac OS X in the sense that they presumably make things more secure and conceptually well balanced in an abstract way, most of the time they create nothing but annoyance.
It seems as if the machine simply tried to make me jump through extra hoops, so that I - its overlord after all - can move or delete some files. There might be an aspect of keeping me from hurting myself in that, but more often than not it isn’t. Firstly because I’ll have typed in my password or issued a sudo command to do the destructive action while I’m still angry at the system for getting in my way and before realising that I just did something incredibly dumb. [And OS X is unixoid enough these days to quite naturally not offer undo for any of the actions which actually are dangerous.]
Secondly, many of those ‘authentication’ hassles are in rather non-dangerous situations. In fact, I find that many come from me trying to move files around my very own hard drives from different user accounts. After such actions the files frequently end up with the ‘wrong’ access permissions. ‘Wrong’ in the sense of the user who wants to move his files easily. While cursing about that, I recently discovered on a friend’s machine that a file I put in his File Sharing ‘Drop Box’ could be deleted by him without any password annoyance.
A quick chuckle and a few Terminal commands later I found that the magic needed for that seems to be done by this bit of ACL:
[kalle:~] ssp% ls -le Public/ drwx-wx-wx@ 4 ssp ssp 136 15 Nov 2007 Drop Box 0: user:ssp allow list,add_file,search,delete,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,writesecurity,chown,file_inherit,directory_inherit
This ensures that all files added to my ‘Drop Box’ folder can be deleted by me without further ado. Which is pretty much all I was asking for. Unfortunately this clever setup only seems to be added to newly created accounts on the machine while the old accounts that you keep across an upgrade or migrate onto the machine don’t benefit from Apple wisening up.
Hence it may be useful to know that the command for applying the ACL to the folder is good old chmod in the form of
chmod +a "USERNAME allow list,add_file,search,delete,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,writesecurity,chown,file_inherit,directory_inherit" FOLDERPATH
Everything is good after doing that. Well, not quite to be honest. While Apple’s system of giving each user a ‘Public’ folder together with a ‘Drop Box’ doesn’t seem unreasonable to me, I usually find it quite inconvenient as well. The machine is my computer and I want to easily share files between all the users I have on there as well as with the few friends who can log into the machine. No fancypants access rights needed here, just a big truly public folder.
Luckily Mac OS X.5 finally gave us back a reasonably convenient feature for setting this up. Apparently it took more half a decade of OS X development to catch up with System 7 as far as convenient file sharing is concerned. In X.5 you can easily set up a global shared folder for File Sharing by either using the Finder’s info window or the Sharing preference pane. For this you can set the access rights to your heart’s content (from the command line at least, the Finder’s info window’s access rights setup seems a rather bad bit of software - even in the context of the Finder). And - even more importantly - you should be able to remove the per-user ‘Public’ folders which aren’t used. This will clean up the server volume selection dialogue box when connecting to a server.
Let me finish by just dumping slightly related points at the end:
The mDNS command can be rather convenient as well to make services on your machine visible. It works like this:
mDNS -R "Name" _afpovertcp._tcp . 548
I assume that with all the proper forwarding, tunneling or DynDNSing this can give you convenient access to many things.