Go Back   The macosxhints Forums > OS X Help Requests > System



Reply
 
Thread Tools Rate Thread Display Modes
Old 11-12-2010, 04:01 AM   #1
macsolver
Major Leaguer
 
Join Date: Jan 2003
Location: Redhill, Surrey, England
Posts: 497
How to remove ACLs (Access Control Lists)

Hi,

A number of my Macs (G5s OSX 10.5.8) have the following "error" listed when repairing permissions:

ACL found but not expected on "Applications/Utilities".
ACL found but not expected on "Applications".
ACL found but not expected on "Library".


The first 2 will explain why some updates fail to work on items within the Applications and Utilities folder without first changing the permissions on the offending item.

Is there a safe method of removing these unexpected ACLs ?

Regards,

Nick
macsolver is offline   Reply With Quote
Old 11-12-2010, 04:33 AM   #2
benwiggy
League Commissioner
 
Join Date: Aug 2006
Location: London
Posts: 5,703
Just to be more precise about a few points you make:

There is nothing inherently wrong with unexpected ACLs in Repair Permissions. Any ACLs that have been created by the user will be unexpected to RP.
The fact that the ACLs are unexpected to you is more significant.
Some messages about unexpected ACLs (but not in those folders) always occur, due to an Apple error.

I think I'm right in saying that an ACL takes greater precedence than permissions, so changing permissions shouldn't solve an ACL problem.

It's worth checking what the ACL is before jumping to the conclusion that that is the source of your updater trouble.

In the Terminal, type:
cd /
ls -le

to see what the ACLs are.

You can remove them with

chmod -N <filename>

The real problem is how the ACLs got there without your knowing.

Last edited by benwiggy; 11-12-2010 at 04:39 AM.
benwiggy is offline   Reply With Quote
Old 11-12-2010, 05:42 AM   #3
macsolver
Major Leaguer
 
Join Date: Jan 2003
Location: Redhill, Surrey, England
Posts: 497
Your instructions gave the following:

Hi,

Thanks for your input. Your instructions gave the following:

Nick-Harveys-G5:~ nickharvey$ cd /
Nick-Harveys-G5:/ nickharvey$ ls -le
total 41725
drwxrwxr-x+ 119 root admin 4046 10 Nov 17:14 Applications
0: group:everyone deny delete
1: group:admin allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity
-rw-r--r--@ 1 root admin 144384 25 Oct 09:55 Desktop DB
-rw-r--r--@ 1 root admin 2498 12 May 2010 Desktop DF
drwxrwxr-t+ 57 root admin 1938 4 Nov 14:52 Library
0: group:everyone deny delete
drwxr-xr-x@ 2 root wheel 68 23 Sep 2007 Network
drwxr-xr-x 4 root wheel 136 17 Aug 2009 System
drwxr-xr-x 8 root admin 272 26 Oct 14:54 Users
drwxrwxrwt@ 6 root admin 204 12 Nov 08:52 Volumes
drwxr-xr-x@ 40 root wheel 1360 17 Aug 2009 bin
drwxrwxr-t@ 2 root admin 68 23 Sep 2007 cores
dr-xr-xr-x 2 root wheel 512 11 Nov 08:48 dev
lrwxr-xr-x@ 1 root admin 11 4 Oct 16:01 etc -> private/etc
dr-xr-xr-x 2 root wheel 1 11 Nov 08:48 home
-rw-r--r--@ 1 root wheel 10367028 16 Jul 2009 mach_kernel
-rw-r--r--@ 1 root wheel 10822172 16 Jul 2009 mach_kernel.ctfsys
dr-xr-xr-x 2 root wheel 1 11 Nov 08:48 net
drwxr-xr-x@ 6 root wheel 204 14 Jan 2009 private
drwxr-xr-x@ 68 root wheel 2312 25 Aug 08:33 sbin
lrwxr-xr-x@ 1 root admin 11 4 Oct 16:01 tmp -> private/tmp
drwxr-xr-x@ 13 root wheel 442 22 Oct 16:18 usr
lrwxr-xr-x@ 1 root admin 11 4 Oct 16:01 var -> private/var
Nick-Harveys-G5:/ nickharvey$


I assume the ACLs were created at some point by the main users of the Macs concerned at the time (unintentionally given their skill level). Maybe a misbehaving software installer or security update ?

Regards,

Nick
macsolver is offline   Reply With Quote
Old 11-12-2010, 06:00 AM   #4
benwiggy
League Commissioner
 
Join Date: Aug 2006
Location: London
Posts: 5,703
Did the main users at the time have admin rights?
Has there been a major change in the ownership or users of these Macs?

In which case, it's probably best to reinstall the system and apps, and start again with a clean system. You can't be sure what they've done if they had admin rights.

The 0 ACL (group delete deny) is standard for those folders, to stop people from deleting them. (Though I'm on a Mac whose ACLs I can't be sure are standard, so I can't confirm what should be there.)

I don't think there's anything in the #1 ACL that might stop an installer from writing there.
benwiggy is offline   Reply With Quote
Old 11-13-2010, 02:34 AM   #5
benwiggy
League Commissioner
 
Join Date: Aug 2006
Location: London
Posts: 5,703
Note that these are the ACLs and permissions on my Mac, which should be standard:
Code:
drwxrwxr-x+ 93 root  admin      3162 12 Nov 17:51 Applications
 0: group:everyone deny delete
drwxrwxr-x@ 16 root  admin       544  5 Sep 09:47 Developer
drwxrwxr-t+ 66 root  admin      2244 14 Sep 16:46 Library
 0: group:everyone deny delete
drwxr-xr-x@  2 root  wheel        68 23 Jun  2009 Network
drwxr-xr-x   4 root  wheel       136 11 Nov 18:55 System
drwxr-xr-x   7 root  admin       238 27 Feb  2010 Users
drwxrwxrwt@  4 root  admin       136 13 Nov 08:28 Volumes
 0: group:everyone deny add_file,add_subdirectory,directory_inherit,only_inherit
drwxr-xr-x@ 39 root  wheel      1326 11 Nov 18:20 bin
drwxrwxr-t@  2 root  admin        68 23 Jun  2009 cores
dr-xr-xr-x   3 root  wheel      4299 13 Nov 08:27 dev
lrwxr-xr-x@  1 root  wheel        11 14 Sep  2009 etc -> private/etc
dr-xr-xr-x   2 root  wheel         1 13 Nov 08:28 home
-rw-r--r--@  1 root  wheel  18693813  6 Nov 06:22 mach_kernel
dr-xr-xr-x   2 root  wheel         1 13 Nov 08:28 net
drwxr-xr-x@  6 root  wheel       204 14 Sep  2009 private
drwxr-xr-x@ 67 root  wheel      2278 11 Nov 18:21 sbin
lrwxr-xr-x@  1 root  wheel        11 14 Sep  2009 tmp -> private/tmp
drwxr-xr-x@ 17 root  wheel       578 31 May 18:42 usr
lrwxr-xr-x@  1 root  wheel        11 14 Sep  2009 var -> private/var
Bens-Computer:/ Ben$
benwiggy is offline   Reply With Quote
Reply

Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



All times are GMT -5. The time now is 11:36 PM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
Site design © IDG Consumer & SMB; individuals retain copyright of their postings
but consent to the possible use of their material in other areas of IDG Consumer & SMB.