Comments on: Out Of My Access Control http://www.red-sweater.com/blog/427/out-of-my-access-control Mac & Technology Writings by Daniel Jalkut Wed, 17 Mar 2010 22:33:24 +0000 http://wordpress.org/?v=2.9 hourly 1 By: rvAmerongen http://www.red-sweater.com/blog/427/out-of-my-access-control/comment-page-1#comment-134289 rvAmerongen Wed, 31 Oct 2007 21:28:39 +0000 http://www.red-sweater.com/blog/427/out-of-my-access-control#comment-134289 Hi, Is there a difference when people do upgrade, archive their system and do a new install? Someone did notice something? Hi,

Is there a difference when people do upgrade, archive their system and do a new install?

Someone did notice something?

]]> By: Charles http://www.red-sweater.com/blog/427/out-of-my-access-control/comment-page-1#comment-134287 Charles Wed, 31 Oct 2007 11:47:42 +0000 http://www.red-sweater.com/blog/427/out-of-my-access-control#comment-134287 @Robert - which would seem to confirm my suggestion - it's a well-buried piece of anti-idiot/malware protection. I'm still on Tiger, so have no ACL, though e is given as an option for ls. Does nothing, though. @Robert – which would seem to confirm my suggestion – it’s a well-buried piece of anti-idiot/malware protection.

I’m still on Tiger, so have no ACL, though e is given as an option for ls. Does nothing, though.

]]> By: Robert Thompson http://www.red-sweater.com/blog/427/out-of-my-access-control/comment-page-1#comment-134282 Robert Thompson Wed, 31 Oct 2007 02:33:14 +0000 http://www.red-sweater.com/blog/427/out-of-my-access-control#comment-134282 Charles — I just now did a /bin/ls -led /Users/myusername… and the home folder does indeed have the no delete ACL. Charles — I just now did a /bin/ls -led /Users/myusername… and the home folder does indeed have the no delete ACL.

]]> By: Charles http://www.red-sweater.com/blog/427/out-of-my-access-control/comment-page-1#comment-134280 Charles Tue, 30 Oct 2007 22:04:07 +0000 http://www.red-sweater.com/blog/427/out-of-my-access-control#comment-134280 Daniel - I didn't mean to suggest that Apple was futzing things either. More that this is a protective measure; barely anyone would come across it. And those who did - like you - would eventually be able to figure it out. QED. Daniel – I didn’t mean to suggest that Apple was futzing things either. More that this is a protective measure; barely anyone would come across it. And those who did – like you – would eventually be able to figure it out. QED.

]]> By: Ben http://www.red-sweater.com/blog/427/out-of-my-access-control/comment-page-1#comment-134279 Ben Tue, 30 Oct 2007 22:03:19 +0000 http://www.red-sweater.com/blog/427/out-of-my-access-control#comment-134279 Never mind. I figured it out. Never mind. I figured it out.

]]> By: Ben http://www.red-sweater.com/blog/427/out-of-my-access-control/comment-page-1#comment-134275 Ben Tue, 30 Oct 2007 20:28:09 +0000 http://www.red-sweater.com/blog/427/out-of-my-access-control#comment-134275 Does anyone have a link on how to set up Virtual Hosts on Leopard? I haven't been able to figure it out now that Netinfo is gone. Thanks. Does anyone have a link on how to set up Virtual Hosts on Leopard?

I haven’t been able to figure it out now that Netinfo is gone.

Thanks.

]]> By: Daniel Jalkut http://www.red-sweater.com/blog/427/out-of-my-access-control/comment-page-1#comment-134274 Daniel Jalkut Tue, 30 Oct 2007 19:26:23 +0000 http://www.red-sweater.com/blog/427/out-of-my-access-control#comment-134274 Charles - I don't think Apple's trying to futz anything up. It's just this is the kind of thing where unintended consequences are really hard to track down. I wanted to mainly help publicize in case others run into the problem. Charles – I don’t think Apple’s trying to futz anything up. It’s just this is the kind of thing where unintended consequences are really hard to track down. I wanted to mainly help publicize in case others run into the problem.

]]> By: Charles http://www.red-sweater.com/blog/427/out-of-my-access-control/comment-page-1#comment-134273 Charles Tue, 30 Oct 2007 19:23:46 +0000 http://www.red-sweater.com/blog/427/out-of-my-access-control#comment-134273 Possibly, if it is an inbuilt thing, it's so that people (a) can't delete their Documents folder by accident (people can do dumb things, after all) (b) malware can't do rm -rf ~/Documents (and, who knows, rm -rf ~/ - have you looked to see if this "can't delete" ACL applies to the whole of the home folder?) So it might be Apple being a beneficient backstop, rather than trying to futz up your Apache. Though I'm sure an upgrade install would tear up all sorts of symlinks etc if you had MySQL installed and PHP in Apache etc. Possibly, if it is an inbuilt thing, it’s so that people
(a) can’t delete their Documents folder by accident (people can do dumb things, after all)

(b) malware can’t do rm -rf ~/Documents (and, who knows, rm -rf ~/ – have you looked to see if this “can’t delete” ACL applies to the whole of the home folder?)

So it might be Apple being a beneficient backstop, rather than trying to futz up your Apache. Though I’m sure an upgrade install would tear up all sorts of symlinks etc if you had MySQL installed and PHP in Apache etc.

]]> By: Paul Sargent http://www.red-sweater.com/blog/427/out-of-my-access-control/comment-page-1#comment-134269 Paul Sargent Tue, 30 Oct 2007 17:29:55 +0000 http://www.red-sweater.com/blog/427/out-of-my-access-control#comment-134269 I've seen this too, as I like to symlink certain parts of my home account between OS releases (Music, Movies, Pictures). All have ACL rules on them, and have done for a few seeds now. This is doing an erase and install, and having a new blank user though. Slightly different to the process you guys are discussing/ I’ve seen this too, as I like to symlink certain parts of my home account between OS releases (Music, Movies, Pictures). All have ACL rules on them, and have done for a few seeds now.

This is doing an erase and install, and having a new blank user though. Slightly different to the process you guys are discussing/

]]> By: Daniel Jalkut http://www.red-sweater.com/blog/427/out-of-my-access-control/comment-page-1#comment-134268 Daniel Jalkut Tue, 30 Oct 2007 15:12:52 +0000 http://www.red-sweater.com/blog/427/out-of-my-access-control#comment-134268 Matt - thanks for the feedback - I was worried I might be overstating the case, but I had gotten some corroboration from friends after I first discovered it. Just to clarify - you are checking for the ACL by "ls -led" on the affected directory? Rich - thanks for your comments - I am glad to hear that at least if Matt is right that it's not happening across the board, it is still happening to quite a few people. Matt – thanks for the feedback – I was worried I might be overstating the case, but I had gotten some corroboration from friends after I first discovered it. Just to clarify – you are checking for the ACL by “ls -led” on the affected directory?

Rich – thanks for your comments – I am glad to hear that at least if Matt is right that it’s not happening across the board, it is still happening to quite a few people.

]]>