How do I copy ACLs on Mac OS X?
Most unix derivates can copy ACLs from one file to another with:
getfacl filename1 | setfacl -f - filename2
Unfortunately Mac OS X does not have the getfacl and setfacl commands, as they have rolled ACL handling into chmod. chmod -E accepts a list of ACLs on stdin, but I haven't found a command that will spit out ACLs in a suitable format on stdout. The best I have come up with is:
ls -led filename1 | tail +2 | sed 's/^ *[0-9][0-9]*: *//' | chmod -E filename2
Is there a more robust solution?
Bonus question: is there a nice way to do it in Python, without using any modules that aren't shipped with 10.6?
Solution 1:
ls -e
Print the Access Control List (ACL) associated with the file, if present, in long (-l) output.
this gives a result such as...
drwxr-xr-x@ 19 localadmin 646B Aug 4 00:21 APPBUNDLE
0: user:localadmin allow add_file,add_subdirectory,writeattr,writeextattr,writesecurity
⬆ ⇧ ⇶ ⬆
Personally, I have "exports" in my ~/.bash_profile
export FILE_ALL="read,write,append,execute,delete,readattr,writeattr,readextattr,writeextattr,readsecurity,writesecurity,chown"
export DIR_ALL="list,search,add_file,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,writesecurity,chown"
that make such a chmod
possible...
sudo chmod +a "allow localadmin $DIR_ALL" /APPBUNDLE
From the chmod
man page, there is this bit of info... that hints that it may indeed be possible to do something like you describe..
"ACLs are manipulated using extensions to the symbolic mode grammar. Each file has one ACL, containing an ordered list of entries. Each entry refers to a user or group, and grants or denies a set of permissions. In cases where a user and a group exist with the same name, the user/group name can be prefixed with "user:" or "group:" in order to specqify the type of name."
chmod -E
Reads the ACL information from stdin, as a sequential list of ACEs, separated by newlines. If the information parses correctly, the existing information is replaced.
Also, I'll give a shout out to BatchMod, an oldie, but a goodie for ACL's, as well as TinkerToolSystem.
Solution 2:
Maybe have a look at https://github.com/jvscode/getfacl.