Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

A scriptable solution to flush Access Control List entries System
If you create many access control lists (ACLs), you might want at some point to flush them all. Unfortunately, there's no single command that allows you to remove all the Access Contrll Entries (ACEs) on a file at once, you have to remove them one at a time until there's no more left. There is no elegant solution, but this one-liner will remove all ACEs for you:
until ! { /bin/chmod -a# 0 filename 2> /dev/null; } do echo -n;  done
Using the above, you could also create a small script that will recursively remove all the ACEs on a given directory:
#!/bin/bash
for file in $(find $1)
do
  until ! { /bin/chmod -a# 0 ${file} 2> /dev/null; } do echo -n;  done
done
This hint was emailed to me by Alexandre B. I haven't tested it, as I don't use ACLs. If you do test it, please leave a comment on your experiences.
    •    
  • Currently 1.00 / 5
  • 1
  • 2
  • 3
  • 4
  • 5
  (1 vote cast)
 
[12,825 views]  

A scriptable solution to flush Access Control List entries | 7 comments | Create New Account
Click here to return to the 'A scriptable solution to flush Access Control List entries' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Bug fix
Authored by: blanalex on May 01, '07 12:58:39PM
I've found out later that I made a small mistake: the filename should be enclosed in quotes (") because the filenames might contain whitespace. So the one-line will look like this:
until ! { /bin/chmod -a# 0 "filename" 2> /dev/null; } do echo -n;  done
and the script will look like that:
for file in $(find "$@")
do
        until ! { /bin/chmod -a# 0 "${file}" 2> /dev/null; } do echo -n;  done
done
This method is not really fast but it's the only one I've found to erase all the ACEs. I've used this command on a medium-sized webserver (175,000 files), with each file having 3 ACEs and it took over 2 hours and a half to complete.

[ Reply to This | # ]
A scriptable solution to flush Access Control List entries
Authored by: oem on May 01, '07 02:45:48PM
You can Use Sandbox wich is a graphical front end to do all this :)

www.mickey-san.net/sandbox/

---
I luv mac, Vindoze Sucks

[ Reply to This | # ]

A scriptable solution to flush Access Control List entries
Authored by: blanalex on May 01, '07 08:00:09PM

I've tried Sandbox and it seems that it can edit the ACL for only one file a time and there's now way to propagate the permissions to enclosed files & folders.



[ Reply to This | # ]
A scriptable solution to flush Access Control List entries
Authored by: oem on May 01, '07 02:48:44PM
sorry, a typo...

http://www.mikey-san.net/sandbox/

---
I luv mac, Vindoze Sucks

[ Reply to This | # ]

A scriptable solution to flush Access Control List entries
Authored by: TvE on May 04, '07 03:33:16PM

"There is no elegant solution"


Well - Workgroup Manager can propagate ACL's on a Tiger Server, so:

A. Upgrade to OS X Server ;-)
B. Temporary attach the volume to an OS X Server and propagate the ACL's ;-)
C. Hack the tool


Elegant?
Creative - yes ;-D



[ Reply to This | # ]
A scriptable solution to flush Access Control List entries
Authored by: Anonymous on Oct 27, '07 09:27:32AM
Why not just do:
find PATHTOYOURDIRECTORY -depth -exec chmod -a# 0 {} \;


[ Reply to This | # ]
A scriptable solution to flush Access Control List entries
Authored by: joelbruner on Jan 19, '11 11:46:57AM
chmod now has the -N option that will flush all ACLs, no recursion necessary
#!/bin/bash
IFS=$'\t\n'
find "${@}" -exec chmod -N {} \;
The IFS (internal field seperator) entry omits space as a seperator, so folders with spaces are handled properly

[ Reply to This | # ]