Tuesday, August 21, 2012

Eureka, Mac OS X File Permissions - I did not know that

Ah, well, again I learn something new every day ...

I've been battling against a strange problem with OS X file permissions on an external USB drive.

I was able to create files in a particular directory, but not delete them :-(

From a command prompt, I could do things such as: -

$ cd /Volumes/DaveHay/Software/WP8/Fixes
$ touch foo

but was unable to remove the newly created file: -

rm foo

rm: foo: Operation not permitted

even as the "super user".

$ sudo bash
$ rm foo

rm: foo: Operation not permitted

I'd checked for, and where necessary, removed the Lock bit using Finder


but to no avail.

I'd also experimented with the chown, chmod and chflags commands, but again to no avail: -

chown 1000:1000 foo
$ chmod 777 foo
chflags nouchg foo

I'd also tried changing the higher-level group ownership: -

chgrp -R 1000 Fixes/

but no dice.

The strange thing was that the ls command returned a strange attribute for ownership: -

$ ls -al

total 2461040
drwxrwxr-x  12 1000      1000            408 21 Aug 10:39 .
drwxrwxrwx  10 1000      1000            340 21 Aug 10:02 ..
-rwxrwxrwx@  1 _unknown  _unknown       6148 21 Aug 10:31 .DS_Store
-rw-rw-r--@  1 1000      1000          65328 13 Aug 15:44 8.0.0.0-WP-IFPM64172.zip
-rwxrwxrwx@  1 1000      1000           1523 13 Aug 15:44 8.0.0.0-WP-WCM-Combined-CFPM65285-CF01_Readme.txt
-rwxrwxrwx@  1 1000      1000      629983062 13 Aug 15:44 8.0.0.0-WP-WCM-Combined-CFPM65285-Server-CF01.zip
drwxrwxrwx   6 1000      1000            204 13 Aug 15:44 Combined
-rw-r--r--@  1 1000      1000      629979568 13 Aug 15:44 PM65285_Server.zip
-rwxr-xr-x@  1 1000      1000           2809 13 Aug 15:45 WP8CF01Rollback-Server-sample.xml
-rwxr-xr-x@  1 1000      1000           4004 13 Aug 15:44 WP8CF01Update-Server-sample.xml
-rwxrwxrwx   1 _unknown  _unknown          0 21 Aug 10:04 foo
drwxr-xr-x   2 _unknown  _unknown         68 21 Aug 10:39 untitled folder


The solution ?

To run the chflags command again, but with the nouappnd attribute: -

chflags -R nouappnd Fixes/

This then let me change the ownership: -

$ chown 1000:1000 foo
$ chown 1000:1000 untitled\ folder/

etc. and, more importantly, remove the unwanted objects.

Various websites helped me reach the solution, but this particular one: -


provided the final piece of the jigsaw: -

chflags   - Change a file or folder's flags. These flags are supported:

arch   - the archived flag
opaque   - the opaque flag
nodump   - the nodump flag
sappnd   - the system-controlled append-only flag
schg   - the system-controlled immutable flag
uappnd   - the user append-only flag
uchg   - the user immutable flag (on files, this is equivalent to locking the file in the Finder's Show Info box).

Most flags require root access to set or clear; the uappnd and uchg flags can also be controlled by the file's owner; the sappnd and schg flags cannot be removed (even by root) except in single-user mode. To remove a flag, use "no" in front of the flag's name (this can be a bit confusing - nouchg means the file can be changed, while uchg means it cannot).

So, in conclusion, the problem wasn't with the uchg ( user immutable flag ), it was with the uappnd ( user append-only flag ), which explained why I could create but not delete files and folders.

Simple when you know how :-)

No comments:

Post a Comment