Comments on: Out Of My Access Control

By: rvAmerongen

rvAmerongen — Wed, 31 Oct 2007 21:28:39 +0000

Hi,

Is there a difference when people do upgrade, archive their system and do a new install?

Someone did notice something?

By: Charles

Charles — Wed, 31 Oct 2007 11:47:42 +0000

@Robert - which would seem to confirm my suggestion - it’s a well-buried piece of anti-idiot/malware protection.

I’m still on Tiger, so have no ACL, though e is given as an option for ls. Does nothing, though.

By: Robert Thompson

Robert Thompson — Wed, 31 Oct 2007 02:33:14 +0000

Charles — I just now did a /bin/ls -led /Users/myusername… and the home folder does indeed have the no delete ACL.

By: Charles

Charles — Tue, 30 Oct 2007 22:04:07 +0000

Daniel - I didn’t mean to suggest that Apple was futzing things either. More that this is a protective measure; barely anyone would come across it. And those who did - like you - would eventually be able to figure it out. QED.

By: Ben

Ben — Tue, 30 Oct 2007 22:03:19 +0000

Never mind. I figured it out.

By: Ben

Ben — Tue, 30 Oct 2007 20:28:09 +0000

Does anyone have a link on how to set up Virtual Hosts on Leopard?

I haven’t been able to figure it out now that Netinfo is gone.

Thanks.

By: Daniel Jalkut

Daniel Jalkut — Tue, 30 Oct 2007 19:26:23 +0000

Charles - I don’t think Apple’s trying to futz anything up. It’s just this is the kind of thing where unintended consequences are really hard to track down. I wanted to mainly help publicize in case others run into the problem.

By: Charles

Charles — Tue, 30 Oct 2007 19:23:46 +0000

Possibly, if it is an inbuilt thing, it’s so that people
(a) can’t delete their Documents folder by accident (people can do dumb things, after all)

(b) malware can’t do rm -rf ~/Documents (and, who knows, rm -rf ~/ - have you looked to see if this “can’t delete” ACL applies to the whole of the home folder?)

So it might be Apple being a beneficient backstop, rather than trying to futz up your Apache. Though I’m sure an upgrade install would tear up all sorts of symlinks etc if you had MySQL installed and PHP in Apache etc.

By: Paul Sargent

Paul Sargent — Tue, 30 Oct 2007 17:29:55 +0000

I’ve seen this too, as I like to symlink certain parts of my home account between OS releases (Music, Movies, Pictures). All have ACL rules on them, and have done for a few seeds now.

This is doing an erase and install, and having a new blank user though. Slightly different to the process you guys are discussing/

By: Daniel Jalkut

Daniel Jalkut — Tue, 30 Oct 2007 15:12:52 +0000

Matt - thanks for the feedback - I was worried I might be overstating the case, but I had gotten some corroboration from friends after I first discovered it. Just to clarify - you are checking for the ACL by “ls -led” on the affected directory?

Rich - thanks for your comments - I am glad to hear that at least if Matt is right that it’s not happening across the board, it is still happening to quite a few people.