ACL-Probleme unter Mac OS X

Vor einigen Monaten begann OS X mir den Zugriff auf bestimmte Dateien in meinem Benutzerordern zu verweigern. Ich löste das Problem jeweils, indem ich sie als root öffnete, bearbeitete oder löschte, aber das war natürlich keine befriedigende Lösung. Weil ich ausweislich der UNIX-Zugriffsrechte vollen Zugriff hätte haben sollen und die Dateien im Terminal mit einem seltsamen "+"-Symbol dargestellt wurden:

-rwxr-xr-x+ 14 jan wheel 476 10 Sep 20:59 djangoproject

erinnerte ich mich an die Access Control Lists (ACL), die Apple irgendwann eingeführt hatte. Nach einiger Recherche fand ich einen sehr hilfreichen und ausführlichen Foren-Beitrag von Cy-Winnipeg zu diesem Problem, den ich hier leicht gekürzt wiedergebe:

What creates the ACL problem?

Go to your users folder using the Terminal application, and type the following in the terminal window:

chmod -R =rw,+X username

This will force Leopard to set the read and write permissions to the usual default to your user folder and to all files/folders recursively (this is what the -R is for) in your user folder (the +X will retain any execute permissions that are currently set). After doing this you will again create the problem.

What causes the problem?

Run the Terminal application (you should be in your home directory) and type:

ls -le

This will list all your files and folders in your home directory, along with the ACL extensions to the file permissions. On my machine I get under each "permission affected" files or folders the following additional information.

0: group:everyone deny delete

So this "everyone" person is not allowed to delete any files (or rename them). And this "everyone" person is a "group" that includes EVERYONE including the user as well. Thus, since "everyone" can't change files, neither can the user. This part is confusing at first to realize what is going on since in Unix terminology normally "everyone" only refers to the outside world, and not the user himself. I believe Apple tried to use the ACL extension to prevent certain files/folder that Leopard would not want the user to rename/delete (i.e. Pictures directory), but for some reason Leopard is applying this to all files, folder, and contents of folders.

What solves the problem?

The solution the solution is simple. Remove this ACL condition for all files or folders in your home directory.

Remove ACL conditions from the user folder recursively

You typically can easily do this from the user folder level in Terminal, since the affected account also has the same ACL condition applied to it. Type ls -le to see if this condition is present for the affected user folder account itself. If it is, then all you have to do is type is:

chmod -R -a# 0 username

This will remove the ACL condition (numbered 0) from the user account folder, and all files or folders in it (the -R condition causes this recursive fix of all contents of all folders).

Remove ACL conditions from affected folders

You may not be able to do this from the user folder level in Terminal if the user folder itself does not have this ACL condition. In this case, simply go to your home directory in Terminal, and fix to each file or folder within your home directory individually, and do this recursively to all contents of folders so you don't have to do it for the contents of the folders in your home directory. Type ls -le, and find which files/folders are affected, and for each affected file/folder type the following to remove their ACL condition:

chmod -R -a# 0 file_or_folder_name

After doing this, if you type " ls -le " in Terminal window you will see that the ACL condition is gone from every fixed file or folder. Also, if you do a Get Info in Finder on any fixed file/folder you will see in the permission section the phrase "You can read and write".

Should the permission problem be fixed this way by canceling the ACL conditions, I am not sure. But it is now fixed on my machine (not solved, but fixed) and I again have full access to all my files.