Ho una situazione in cui Server.app funziona per molte ore, senza sembrare finire, quando si applicano le autorizzazioni su una grande condivisione.
Qual è l'incantesimo della shell che applicherebbe l'accesso in lettura + scrittura a un utente specifico per un'intera condivisione?
ls -le
mostra le seguenti autorizzazioni:
0: user:admin allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity
1: group:admin allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity
2: user:_spotlight allow list,search,file_inherit,directory_inherit
3: user:myusername allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit
4: user:_spotlight allow list,search,file_inherit,directory_inherit
5: user:myusername allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit
6: user:_spotlight allow list,search,file_inherit,directory_inherit
7: user:myusername allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit
8: user:_spotlight allow list,search,file_inherit,directory_inherit
9: user:myusername allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit
10: user:_spotlight allow list,search,file_inherit,directory_inherit
11: user:myusername allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit
12: user:_spotlight allow list,search,file_inherit,directory_inherit
13: user:myusername allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit
14: user:_spotlight allow list,search,file_inherit,directory_inherit
15: user:myusername allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit
16: user:_spotlight allow list,search,file_inherit,directory_inherit
17: user:_spotlight allow list,search,file_inherit,directory_inherit
18: user:_spotlight allow list,search,file_inherit,directory_inherit
19: user:myusername allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit
Ma non sono del tutto sicuro se dovrei assemblare uno script che imita questo tipo di permessi o se c'è un modo più semplice e più preferibile per farlo.
Aggiornamento: ho trovato un interessante incantesimo in corso sullo sfondo che è stato eseguito da Server.app:
/Applications/Server.app/Contents/ServerRoot/usr/share/servermgrd/bundles/server mgr_sharing.bundle/Contents/copyprivs -p /Volumes/path_to_share -f 32 -s /tmp/CopyPrivsTemp.B251lF
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>parentPath</key>
<string>/Volumes/path_to_share</string>
<key>status</key>
<string>running</string>
</dict>
</plist>
Aiuto per copyprivs
:
Usage:
must be run as root
Deprecated Panther copy function:
-o <owner> : Owner name
-g <group> : Group name
-p <path> : Path name
-m <mode> : permissions mode in octal
Tiger propagate function:
-p <path> : Path name
-f <flags> : flag:
propagate UID 1 << 0
propagate GID 1 << 1
propagate ModeOwner 1 << 2
propagate ModeGroup 1 << 3
propagate ModeWorld 1 << 4
propagate ACL 1 << 5