1
1
I'm having an issue where there are many duplicates on ACL assignments for various files and folders. I won't get into the details of how or why this happened (we can thank Server.app bugs), but the bottom line is that I now have many thousands of files and folders with attributes like this:
$ ls -le:
dr-xr-x---+ 4 myusername staff 4 Sep 16 2016 tmp
0: user:_spotlight allow list,search,file_inherit,directory_inherit
1: user:_spotlight allow list,search,file_inherit,directory_inherit
2: user:myusername allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit
3: user:_spotlight allow list,search,file_inherit,directory_inherit
4: user:myusername allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit
5: user:_spotlight allow list,search,file_inherit,directory_inherit
6: user:myusername allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit
7: user:_spotlight allow list,search,file_inherit,directory_inherit
8: user:_spotlight allow list,search,file_inherit,directory_inherit
9: user:myusername allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit
10: user:_spotlight allow list,search,file_inherit,directory_inherit
11: user:myusername allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit
12: user:_spotlight allow list,search,file_inherit,directory_inherit
13: user:myusername allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit
14: user:_spotlight allow list,search,file_inherit,directory_inherit
15: user:myusername allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit
16: user:_spotlight allow list,search,file_inherit,directory_inherit
17: user:myusername allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit
18: user:_spotlight allow list,search,file_inherit,directory_inherit
19: user:_spotlight allow list,search,file_inherit,directory_inherit
20: user:myusername allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit
21: user:_spotlight allow list,search,file_inherit,directory_inherit
22: user:myusername allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit
23: user:_spotlight allow list,search,file_inherit,directory_inherit
24: user:myusername allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit
25: user:_spotlight allow list,search,file_inherit,directory_inherit
26: user:myusername allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit
27: user:_spotlight allow list,search,file_inherit,directory_inherit
28: user:myusername allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit
29: user:_spotlight allow list,search,file_inherit,directory_inherit
30: user:myusername allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit
31: user:_spotlight allow list,search,file_inherit,directory_inherit
32: user:myusername allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit
33: user:_spotlight allow list,search,file_inherit,directory_inherit
34: user:myusername allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit
35: user:_spotlight allow list,search,file_inherit,directory_inherit
36: user:myusername allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit
37: user:_spotlight allow list,search,file_inherit,directory_inherit
38: user:myusername allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit
39: user:_spotlight allow list,search,file_inherit,directory_inherit
40: user:_spotlight allow list,search,file_inherit,directory_inherit
41: user:myusername allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit
42: user:_spotlight allow list,search,file_inherit,directory_inherit
43: user:myusername allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit
44: user:_spotlight allow list,search,file_inherit,directory_inherit
45: user:myusername allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit
46: user:_spotlight allow list,search,file_inherit,directory_inherit
47: user:myusername allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit
48: user:_spotlight allow list,search,file_inherit,directory_inherit
49: user:myusername allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit
50: user:_spotlight allow list,search,file_inherit,directory_inherit
51: user:myusername allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit
52: user:_spotlight allow list,search,file_inherit,directory_inherit
53: user:myusername allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit
54: user:_spotlight allow list,search,file_inherit,directory_inherit
55: user:myusername allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit
56: user:_spotlight allow list,search,file_inherit,directory_inherit
57: user:_spotlight allow list,search,file_inherit,directory_inherit
58: user:myusername allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit
59: user:_spotlight allow list,search,file_inherit,directory_inherit
60: user:_spotlight allow list,search,file_inherit,directory_inherit
61: user:_spotlight allow list,search,file_inherit,directory_inherit
62: user:myusername allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit
63: user:_spotlight allow list,search,file_inherit,directory_inherit
64: user:myusername allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit
65: user:_spotlight allow list,search,file_inherit,directory_inherit
66: user:myusername allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit
67: user:_spotlight allow list,search,file_inherit,directory_inherit
68: user:myusername allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit
69: user:_spotlight allow list,search,file_inherit,directory_inherit
70: user:myusername allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit
71: user:_spotlight allow list,search,file_inherit,directory_inherit
72: user:myusername allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit
73: user:_spotlight allow list,search,file_inherit,directory_inherit
74: user:myusername allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit
75: user:_spotlight allow list,search,file_inherit,directory_inherit
76: user:myusername allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit
77: user:_spotlight allow list,search,file_inherit,directory_inherit
78: user:_spotlight allow list,search,file_inherit,directory_inherit
79: user:_spotlight allow list,search,file_inherit,directory_inherit
80: user:myusername allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit
81: user:_spotlight allow list,search,file_inherit,directory_inherit
82: user:_spotlight allow list,search,file_inherit,directory_inherit
83: user:myusername allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit
84: user:_spotlight allow list,search,file_inherit,directory_inherit
85: user:_spotlight allow list,search,file_inherit,directory_inherit
86: user:_spotlight allow list,search,file_inherit,directory_inherit
87: user:_spotlight allow list,search,file_inherit,directory_inherit
88: user:_spotlight allow list,search,file_inherit,directory_inherit
89: user:_spotlight allow list,search,file_inherit,directory_inherit
90: user:_spotlight allow list,search,file_inherit,directory_inherit
91: user:_spotlight allow list,search,file_inherit,directory_inherit
92: user:_spotlight allow list,search,file_inherit,directory_inherit
93: user:_spotlight allow list,search,file_inherit,directory_inherit
94: user:_spotlight allow list,search,file_inherit,directory_inherit
95: user:_spotlight allow list,search,file_inherit,directory_inherit
96: user:_spotlight allow list,search,file_inherit,directory_inherit
97: user:_spotlight allow list,search,file_inherit,directory_inherit
98: user:_spotlight allow list,search,file_inherit,directory_inherit
99: user:_spotlight allow list,search,file_inherit,directory_inherit
100: user:_spotlight allow list,search,file_inherit,directory_inherit
101: user:_spotlight allow list,search,file_inherit,directory_inherit
102: user:_spotlight allow list,search,file_inherit,directory_inherit
103: user:_spotlight allow list,search,file_inherit,directory_inherit
104: user:_spotlight allow list,search,file_inherit,directory_inherit
105: user:_spotlight allow list,search,file_inherit,directory_inherit
106: user:_spotlight allow list,search,file_inherit,directory_inherit
107: user:_spotlight allow list,search,file_inherit,directory_inherit
108: user:_spotlight allow list,search,file_inherit,directory_inherit
109: user:_spotlight allow list,search,file_inherit,directory_inherit
110: user:myusername allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit
Ultimately it appears that there are only two assignments here:
user:_spotlight allow list,search,file_inherit,directory_inherituser:myusername allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit
I can rip all of these attributes out with something like this (I use find to make sure I'm not losing my mind since it runs for hours and I want to be sure it's still working vs hanging):
sudo find $PATH -print -exec /bin/chmod -vv -h -N {} \; -exec /bin/chmod -vv -R -L -N {} \;
But this simply removes everything. Since there is sharing going on here, could I simply destroy all of these ACLs and have everything work fine with SMB sharing on macOS or do I need to at least apply some minimal ACL set like chmod -R +a "user:mysuername allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit" $PATH?
ylluminate
Posted 2017-08-01T18:20:43.890
Reputation: 760