Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Make a folder read-write for all users without using ACLs' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Make a folder read-write for all users without using ACLs
Authored by: Sesquipedalian on Feb 05, '10 12:52:57PM
This method is interesting, but it is complicated and it definitely has some drawbacks (as the original hint describes). Instead, if inherited ACLs are not doing the job for you, I suggest using a Launch Agent to update permissions in the shared folder automatically.

First, create a new plain text file named info.stovell.MakeSharedReallyShared.plist on your desktop with the following contents:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>Label</key>
	<string>info.stovell.MakeSharedReallyShared</string>
	<key>ProgramArguments</key>
	<array>
		<string>find</string>
		<string>/Users/Shared</string>
		<string>!</string>
		<string>-perm</string>
		<string>777</string>
		<string>-exec</string>
		<string>chmod</string>
		<string>777</string>
		<string>{}</string>
		<string>;</string>
	</array>
	<key>RunAtLoad</key>
	<true/>
	<key>StartInterval</key>
	<integer>3600</integer>
	<key>WatchPaths</key>
	<array>
		<string>/Users/Shared</string>
	</array>
</dict>
</plist>

Then move the file to /Library/LaunchAgents. You will need to enter your administrator password to complete the move.

Finally, either log out and log back in, or just enter the following command into Terminal:launchctl load /Library/LaunchAgents/info.stovell.MakeSharedReallyShared.plist

A bit of explanation:

Whenever the contents of /Users/Shared are modified, and once every hour (3600 seconds), this launch agent will run a command that finds all files or folders in /Users/Shared that do not have full permissions for everyone, and sets the permissions on those files so that everyone does have full permissions.

Note that the launch agent is triggered any time something changes within /Users/Shared itself, but not if something changes in a file within a subfolder of /Users/Shared. That is why the launch agent also runs once every hour, so that it can catch any files that may have recently been added in a subfolder somewhere. If you want to change the frequency at which the command runs, just change the 3600 to another number (e.g. 900 for every 15 mins, 86400 for every 24 hrs).

[ Reply to This | # ]

Make a folder read-write for all users without using ACLs
Authored by: DrivingHome on Feb 11, '10 04:14:00AM
I went one step further, since I was having problems with ownership that was preventing this from working properly. I'd tried the chmod -R and chown -R in crontab, but found that my time machine backups were massive every night. Because this is only touching the files that have the wrong permission/ownership, it's much better.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>Label</key>
	<string>com.Pictures.fixsharedownership</string>
	<key>UserName</key>
	<string>root</string>
	<key>ProgramArguments</key>
	<array>
		<string>find</string>
		<string>/Users/Shared/Pictures</string>
		<string>(</string>
		<string>!</string>
		<string>-user</string>
		<string>myusername</string>
		<string>-or</string>
		<string>!</string>
		<string>-group</string>
		<string>mygroupname</string>
		<string>)</string>
		<string>-exec</string>
		<string>chown</string>
		<string>myusername:mygroupname</string>
		<string>{}</string>
		<string>;</string>
	</array>
	<key>RunAtLoad</key>
	<true/>
	<key>StartInterval</key>
	<integer>3631</integer>
	<key>WatchPaths</key>
	<array>
		<string>/Users/Shared/Pictures</string>
	</array>
</dict>
</plist>
Note, the brackets that set the precedence of the or operator, otherwise it doesn't work. This together with a similar plist file to the one above for permissions goes in the LaunchDaemons directory as we need it to be always run by root. I decided to use consecutive prime numbers for the interval to ensure they're not always running at the same time. In actual fact, I have 6 of these launch daemons running, 2 for shared Music, 2 for shared Pictures and 2 for shared Documents.

[ Reply to This | # ]
Make a folder read-write for all users without using ACLs
Authored by: michaelw on Jul 15, '10 08:29:42AM

Still would like more detail about the Launch Agent solution works, and the improvements of the second solution.

Also, is there a simple way in the command syntax of these scripts to exclude a specific folder?



[ Reply to This | # ]