On Wed, Jan 13, 2010 at 8:09 AM, Joshua Juran <jju...@gmail.com> wrote:
> So I'm setting myself up with a non-admin account on OS X, which involves > chowning a bunch of stuff. > > $ cd $DIR; sudo chown -R jjuran:jjuran . > chown: ./path/to/files/foo.cp: Operation not permitted > chown: ./path/to/files/bar.cp: Operation not permitted > chown: ./path/to/files/baz.cp: Operation not permitted > > Um, what? I'm ROOT. There's nothing I can't do. WTF? > Your root shell has a $ prompt? Err, okay. > Viewing the files in the Finder makes everything clear. They're locked. Congratulations, you've discovered ACLs. They were added way back in 10.4: http://arstechnica.com/apple/reviews/2005/04/macosx-10-4.ars/8 And they became enabled by default back in 10.5: http://arstechnica.com/apple/reviews/2007/10/mac-os-x-10-5.ars/12#acls Do try to keep up. Now, you see, locked (in Mac OS) is not the same as read-only (in Unix). > Read-only means only that you can't write to a file -- you can still rename > it or delete as long as you have write privileges to the parent directory. > But a locked file can't be renamed or deleted until the lock is removed. > Congratulations, you've discovered ACLs. > I thought I understood this -- that you get the semantics of whichever > filing system whose API you call. FSpOpenDF() or FSpDelete() might return a > file busy error, but open() and unlink() won't.[1] > > But I was wrong. Even using BSD's POSIX layer, even *as root*, the Locked > attribute wins. > Congratulations, you've discovered ACLs. > Apparently, Mac OS X is not Unix. Apparently, 1970s solutions to 2000s problems may not be sufficient in all cases. Congratulations, you've discovered ACLs. -- Chris Devers
