Geek Answers Handbook

Is there a better way to read ACLs in Ruby than parsing ls output?

On Mac OS X, lsand chmodhave some additional features for handling ACL permissions so that OS levels are on top of posix permissions by default. I have some resolution problems that need fixing , and I wrote a script to help fix these problems until Apple fixes this error. Here is the code that parses lsto get the ACL :

result = `#{Escape.shell_command(["ls", "-led", file])}`
if result.empty?
    # ls error...
else
    @acl = result.split("\n")[1..-1].collect do |ace|
        ace = ace.split(": ", 2)
        ace[0] = ace[0].to_i
        ace
    end
    # acl processing code...
end

I added escape gem, but it is still pretty much the same code.

But I know this is a bad idea to parse lsin a script altogether , so is there a better way to read ACL permissions from a file?

I need ACEs and their indices for use chmodlater in the script:

system("chmod -a# #{index} \"#{file}\"")
+5
source share
6 answers

I am looking at the Ruby 1.8.7 File class . If my one-minute reading is correct, I understand that the permissions of the process will determine what you can see from the file, exactly what it will do ls.

, Ruby script root, , , , , , script .

, script , Ruby 1.8.7 chmod , no

0

IRB. ( irb ). , IRB, Ruby / rails console, Ruby on Rails. Rails, IRB ( ) , Rails-.

: "file_1.txt" "file_2.txt". "charlie", IRB , , Ruby File :

-rw-r--r--  1 root     staff  30 Mar 22 09:06 file_1.txt
-rwxrwxrwx  1 charlie  staff  16 Mar 22 09:06 file_2.txt

charlie:stackoverflow charlie$ man ls
charlie:stackoverflow charlie$ irb
ruby-1.8.7-p330 :001 > File.writable?("file_1.txt")
=> false

, root:

irb(main):002:0> File.writable?("file_1.txt")
=> true
irb(main):003:0> File.writable?("file_2.txt")
=> true
irb(main):004:0>

modus operandi, , , , .

0

, ?

File.chmod(0644, path)              # Sets the file to 0644
printf("%o", File.stat(path).mode)  # Returns the mode as an 
                                    # integer and is converted to octal
100644 => nil
0

lstat?

>> File.lstat('file')
=> #<File::Stat dev=0x803, ino=3365, mode=0100644, nlink=1, uid=0, gid=0, rdev=0x0, size=1328, blksize=4096, blocks=8, atime=2011-03-30 08:39:30 +0800, mtime=2011-03-30 08:36:34 +0800, ctime=2011-03-30 08:36:34 +0800>
>> print "%o" % ( File.lstat('file').mode & 0777  )
644

, "" 644.

0

As far as I can tell, there really is no better option. ACLs do not seem to be affected by OSA using Finder or System Events, so appscript will not help. You can use the FFI and POSIX ACL functions, but the API at this level is extremely annoying.

0
source

I created a gem to read and modify ACLs:

>> require 'acl'
=> true
>> acl = OSX::ACL.of("tmp")
=> #<OSX::ACL:0x007f92eaabc578 @path="tmp">
>> acl.entries
=> [#<OSX::ACL::Entry:0x007f92eaaf7510 @components=["user", "FFFFEEEE-DDDD-CCCC-BBBB-AAAA00000046", "_www", "70", "allow", "read"]>]
>> ace = acl.entries.first
=> #<OSX::ACL::Entry:0x007f92eaaf7510 @components=["user", "FFFFEEEE-DDDD-CCCC-BBBB-AAAA00000046", "_www", "70", "allow", "read"]>
>> ace.assignment
=> #<OSX::ACL::Assignment:0x007f92ea2a0060 @type="user", @uuid="FFFFEEEE-DDDD-CCCC-BBBB-AAAA00000046", @name="_www", @id="70">
>> ace.assignment.type
=> "user"
>> ace.assignment.name
=> "_www"
>> ace.rules
=> ["allow"]
>> ace.permissions
=> ["read"]
>> acl.remove_entry_at_index(0)
chmod -a# 0 tmp # user:FFFFEEEE-DDDD-CCCC-BBBB-AAAA00000046:_www:70:allow:read
=> true
0
source

More articles:


All Articles