Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Script to list all filesystem objects with ACLs' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Script to list all filesystem objects with ACLs
Authored by: xr4ti on Aug 19, '08 04:00:20PM

Wiping out existing ACLs won't prevent a rogue or badly written installer (or program with elevated permissions, for that matter) from adding new ACLs. (I've also read some warnings about wiping out all ACLs with MacPilot, I don't think the author of MacPilot intended for it to be used that way.)

As to using ACLs: I compartmentalize my data - I have different user accounts for different purposes. If I really needed these user accounts to share data in complex ways, I could go beyond the POSIX notion of shared groups and use ACLs to define read, write, inheritance, ability to change permissions, etc.

I have a fairly complex single-user system, but even for my setup, I simply don't see any reason to use ACLs.

But that's just my one opinion. I'm open to someone else saying they have a strong need for ACLs.



[ Reply to This | # ]
Script to list all filesystem objects with ACLs
Authored by: sjk on Aug 21, '08 02:10:12PM
I have a fairly complex single-user system, but even for my setup, I simply don't see any reason to use ACLs.
Same here.

However long it takes, UNIX/POSIX and ACL file-based security will eventually be a deprecated legacy. Original UNIX file permissions, essentially unchanged except for adding an ACL layer, certainly weren't designed or intended to scale to the huge numbers of files on many current filesystems.

[ Reply to This | # ]