{"id":192337,"date":"2010-01-17T14:10:00","date_gmt":"2010-01-17T19:10:00","guid":{"rendered":"tag:blogger.com,1999:blog-5587346.post-5443777689204883030"},"modified":"2010-01-19T23:55:53","modified_gmt":"2010-01-20T04:55:53","slug":"is-there-a-club-for-people-who-hate-os-x-permissions","status":"publish","type":"post","link":"https:\/\/mereja.media\/index\/192337","title":{"rendered":"Is there a club for people who hate OS X permissions?"},"content":{"rendered":"<div>I&#8217;m looking for a club made up of people who hate Apple&#8217;s brain-dead OS X permissions\/security scheme.<\/div>\n<div><\/div>\n<div>In the latest installment of OS X misery consider a file on a shared 10.5 drive. Whenever I edit the file from a 10.6 machine it&#8217;s saved in such a way that my wife loses edit permissions &#8212; even though both she and I have read\/write permissions on the parent folder.<\/div>\n<div><\/div>\n<div>OS X needs to abandon its broken unix-style permissions and imitate Windows 7\/Vista\/XP\/2000\/NT. (The admin\/user issues with Vista to NT weren&#8217;t related to the permissions model &#8211; but that&#8217;s another post.)<\/div>\n<div><\/div>\n<div>Grrrr. I wish the OS X customer base were <i>way<\/i> more demanding. Insufficiently demanding customers are one of the three banes of modern commerce (Two others: lock-in and fraud\/deception).<\/div>\n<div><\/div>\n<div>See also:<\/div>\n<div>\n<ul>\n<li><a href=\"http:\/\/tech.kateva.org\/2008\/09\/permissions-bug-in-os-x-105-unable-to.html\">Permissions bug in OS X 10.5 &#8211; unable to update applications<\/a><\/li>\n<li><a href=\"http:\/\/tech.kateva.org\/2008\/01\/permissons-most-messed-up-part-of-os-x.html\">Gordon&#8217;s Tech: Permissions: the most messed up part of OS X<\/a><\/li>\n<li><a href=\"http:\/\/tech.kateva.org\/2008\/01\/permissons-most-messed-up-part-of-os-x.html\"><\/a><a href=\"http:\/\/tech.kateva.org\/2008\/09\/os-x-leopard-105-unknown-user-and-group.html\">Gordon&#8217;s Tech: OS X Leopard 10.5: The unknown user and group bugs<\/a><\/li>\n<\/ul>\n<\/div>\n<div><b>Update 1\/18\/10<\/b>: No sooner do I write this rant that I have to figure out how to <a href=\"http:\/\/tech.kateva.org\/2010\/01\/how-to-fix-permissions-in-os-x-package.html\">fix a novel permissions hassle related to moving a VMWare Package between users<\/a>. This stuff is seriously evil.<\/div>\n<div><\/div>\n<div><b>Update 1\/19\/09<\/b>: See comments. Inspired by Andrew W, I dredged up a memory of<a href=\"http:\/\/arstechnica.com\/apple\/reviews\/2005\/04\/macosx-10-4.ars\"> John Sicracus&#8217;s famous <b>10.4<\/b> review<\/a> telling us that Apple was going  to fix their broken permissions model years ago! Today in their <a href=\"http:\/\/www.apple.com\/server\/macosx\/features\/file-sharing.html\">OS X server marketing you can read<\/a> (emphases mine) &#8230;<\/div>\n<blockquote><p>Mac OS X Server supports <b>both traditional UNIX file permissions<\/b> and <b>access control lists<\/b>, giving administrators an unprecedented level of control over file and folder permissions. With access control lists, any file object can be assigned multiple users and groups, including groups within groups. Each file object can also be assigned to allow and deny permissions, as well as assign a granular set of permissions for administrative control, read, write, and delete operations. <b>Mac OS X Server supports a file permission inheritance model, ensuring that user permissions are inherited when files are moved to the server and rewritten when files are copied to the server<\/b>.<\/p><\/blockquote>\n<div><a href=\"http:\/\/en.wikipedia.org\/wiki\/File_system_permissions\">ACLs have been used in the Windows world since NT inherited them from OpenVMS<\/a>. This is one of several areas in which Windows has been far ahead of OS X.<\/div>\n<div><\/div>\n<div>The problem, of course, is that Apple has not provided an equivalent of <a href=\"http:\/\/arstechnica.com\/apple\/news\/2008\/04\/mac-os-x-security.ars\">Tiger&#8217;s Workgroup Manager GUI<\/a> in 10.6 standard to work with ACls, and they presumably break a lot of current software. Apple gave up on the 10.6 migration to ACLs, perhaps because of the Intel migration and the introduction of the iPhone OS.<\/div>\n<div><\/div>\n<div><a href=\"http:\/\/www.mikey-san.net\/sandbox\/\">Sandbox <\/a>provided an ACL control GUI for 10.4 10.5 users, but it&#8217;s not been updated for 10.6. <strike>Apple <a href=\"http:\/\/support.apple.com\/downloads\/Server_Admin_Tools_10_5_7\">does allow us to download their Server Admin Tools<\/a> which can reputedly edit ACLs on non-servers<span class=\"Apple-style-span\" style=\"-webkit-text-decorations-in-effect: none; \">.<span class=\"Apple-style-span\" style=\"-webkit-text-decorations-in-effect: none; \"> (It only installs on OS X server.)<\/span><\/span><\/strike><\/div>\n<div><\/div>\n<div>See also:<\/div>\n<div>\n<ul>\n<li><a href=\"http:\/\/www.bresink.com\/osx\/193281\/Docs-en\/ACL.html\">The ACL Permissions pane<\/a>: great review, part of the <a href=\"http:\/\/www.bresink.com\/osx\/TinkerToolSys2.html\">TinkerTools<\/a> utility.<\/li>\n<li><a href=\"http:\/\/www.makemacwork.com\/control-file-access-with-acls.htm\">Make Mac Work: Control File Access With ACLs<\/a><\/li>\n<\/ul>\n<\/div>\n<div>I&#8217;ll have to continue this one in <a href=\"http:\/\/tech.kateva.org\/\">my tech blog<\/a>. (BTW, Bing did better than Google at finding these references.)<\/div>\n<p>&#8212;<br \/><small><a href=\"feed:\/\/www.google.com\/reader\/public\/atom\/user\/06457543619879090746\/state\/com.google\/broadcast\">My Google Reader Shared items (feed)<\/a><\/small><\/p>\n<div class=\"blogger-post-footer\"><img width='1' height='1' src='https:\/\/blogger.googleusercontent.com\/tracker\/5587346-5443777689204883030?l=notes.kateva.org' alt='' \/><\/div>\n","protected":false},"excerpt":{"rendered":"<p>I&#8217;m looking for a club made up of people who hate Apple&#8217;s brain-dead OS X permissions\/security scheme. In the latest installment of OS X misery consider a file on a shared 10.5 drive. Whenever I edit the file from a 10.6 machine it&#8217;s saved in such a way that my wife loses edit permissions &#8212; [&hellip;]<\/p>\n","protected":false},"author":711,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[],"class_list":["post-192337","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/posts\/192337","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/users\/711"}],"replies":[{"embeddable":true,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/comments?post=192337"}],"version-history":[{"count":0,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/posts\/192337\/revisions"}],"wp:attachment":[{"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/media?parent=192337"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/categories?post=192337"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/tags?post=192337"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}