Howto Specify a Group Using Access Control Lists

tgunr

Registered
I cannot for the life of me get chmod +a "admin allow read,write,delete" /Applications to refer to the group 'admin' . It only seems to look first in the users and if a user is named 'admin it thinks that is what I want. I want the group not the user, how do I do this?
 

tgunr

Registered
A workaround is to rename the group, I changed the group 'admin' to 'sysadmin' and can now specify the 'sysadmin' as I desired.
 

sourcehound

Registered
tgunr said:
A workaround is to rename the group, I changed the group 'admin' to 'sysadmin' and can now specify the 'sysadmin' as I desired.
The "admin" group is group 80, one of the builtin OS X groups and the group specified in /etc/sudoers, so changing its name is a bad thing. It's better to create a new group, and nest the admin group inside, then specify the new group in the ACL.

However, I do have to say that the ACLs are still pretty immature and have some issues. I get around that by using the nested groups which work well.

So, instead of changing "admin" to "sysadmin" simply create "sysadmin" and nest the admin group inside of it. That way, you won't mess with the built in group structures on OS X.
 

tgunr

Registered
Great idea, I should have remembered that!

FWIW, the name change seems to have caused no problems so far, but I am going to try the subgroup anyway, much cleaner.
 
Top