Quarter Life Crisis

The world according to Sven-S. Porst

« Emotional BankingMain10 eggs, 7 countries »


783 words

While I appreciate the Unix underpinnings of Mac OS X in the sense that they presumably make things more secure and conceptually well balanced in an abstract way, most of the time they create nothing but annoyance.

It seems as if the machine simply tried to make me jump through extra hoops, so that I - its overlord after all - can move or delete some files. There might be an aspect of keeping me from hurting myself in that, but more often than not it isn’t. Firstly because I’ll have typed in my password or issued a sudo command to do the destructive action while I’m still angry at the system for getting in my way and before realising that I just did something incredibly dumb. [And OS X is unixoid enough these days to quite naturally not offer undo for any of the actions which actually are dangerous.]

Secondly, many of those ‘authentication’ hassles are in rather non-dangerous situations. In fact, I find that many come from me trying to move files around my very own hard drives from different user accounts. After such actions the files frequently end up with the ‘wrong’ access permissions. ‘Wrong’ in the sense of the user who wants to move his files easily. While cursing about that, I recently discovered on a friend’s machine that a file I put in his File Sharing ‘Drop Box’ could be deleted by him without any password annoyance.

A quick chuckle and a few Terminal commands later I found that the magic needed for that seems to be done by this bit of ACL:

[kalle:~] ssp% ls -le Public/
drwx-wx-wx@ 4 ssp  ssp  136 15 Nov  2007 Drop Box
 0: user:ssp allow list,add_file,search,delete,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,writesecurity,chown,file_inherit,directory_inherit

This ensures that all files added to my ‘Drop Box’ folder can be deleted by me without further ado. Which is pretty much all I was asking for. Unfortunately this clever setup only seems to be added to newly created accounts on the machine while the old accounts that you keep across an upgrade or migrate onto the machine don’t benefit from Apple wisening up.

Hence it may be useful to know that the command for applying the ACL to the folder is good old chmod in the form of

chmod +a "USERNAME allow list,add_file,search,delete,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,writesecurity,chown,file_inherit,directory_inherit" FOLDERPATH

Everything is good after doing that. Well, not quite to be honest. While Apple’s system of giving each user a ‘Public’ folder together with a ‘Drop Box’ doesn’t seem unreasonable to me, I usually find it quite inconvenient as well. The machine is my computer and I want to easily share files between all the users I have on there as well as with the few friends who can log into the machine. No fancypants access rights needed here, just a big truly public folder.

Luckily Mac OS X.5 finally gave us back a reasonably convenient feature for setting this up. Apparently it took more half a decade of OS X development to catch up with System 7 as far as convenient file sharing is concerned. In X.5 you can easily set up a global shared folder for File Sharing by either using the Finder’s info window or the Sharing preference pane. For this you can set the access rights to your heart’s content (from the command line at least, the Finder’s info window’s access rights setup seems a rather bad bit of software - even in the context of the Finder). And - even more importantly - you should be able to remove the per-user ‘Public’ folders which aren’t used. This will clean up the server volume selection dialogue box when connecting to a server.

Let me finish by just dumping slightly related points at the end:

  1. For some (silly?) reason the Finder prevents you from connecting to the File Sharing (AFP) server running on your own machine
  2. The Finder being a bit dumb works for us here, though. If you access your own AFP server by using an address that’s not obviously your machine’s (say, by forwarding port 548 from your router to your own machine and then using the router’s ‘external’ IP address), it will connect to that volume just fine.
  3. I quite like doing that simply to test whether I didn’t make a mistake when setting up the shared folders and their access rights.
  4. The mDNS command can be rather convenient as well to make services on your machine visible. It works like this:

    mDNS -R "Name" _afpovertcp._tcp . 548

    I assume that with all the proper forwarding, tunneling or DynDNSing this can give you convenient access to many things.

  5. And why not combine this stuff with some launchd magic or location awareness?
  6. October 31, 2008, 21:59

    Tagged as afp, file sharing, mac os x, x.5.

Add your comment

« Emotional BankingMain10 eggs, 7 countries »

Comments on




This page

Out & About

pinboard Links


Received data seems to be invalid. The wanted file does probably not exist or the guys at last.fm changed something.