By default, it shows the standard POSIX permissions entries:
If you have used the Finder Get Info command on a file or directory, most likely you have noticed the Sharing & Permissions pane at the bottom. With standard POSIX permissions, this would not be easily possible. You would then use ACLs to apply read-only permissions to certain files for the “sales” group, and could also use ACLs to apply read-only access to the explicit users that are interns (as opposed to creating a new group for interns). In this scenario, you might make the directory owned by one particular user, or the root (administrator) user, and group-owned by the “developers” group, with the files and directories writable by both the owner and group. You might also want to give interns access to some of the files, but you don’t want to make them a part of the developer or sales group because those two groups have access to too many other files. For instance, if you had a directory that contained developer manuals, you might make the directory writable to developers and read-only to sales people. Another nice feature of ACLs is called “inheritance,” where you can set an inheritance permission so that a directory’s file contents can inherit one set of ACLs, while directories inherit another set.Īs you can see, ACLs are very powerful. Some capabilities for directories include listing entries, searching entries, adding a file, adding a sub-directory, or deleting contents. For instance, some of the capabilities that ACLs provide for files include read, write, execute, and append permissions ( append only allows you to add to an existing file, not change existing contents or remove it). ACLs provide a lot more flexibility and fine-grained control over permissions of files and directories than standard POSIX permissions. Using these ACLs on OS X are quite simple you may even be using them without knowing it.ĪCLs are made up of ACEs (Access Control Entries) and each ACL can contain more than one ACE.
#Mac os list user groups mac os x#
Mac OS X is no different and, as of OS X 10.4, it has supported NFSv4 ACLs when used with the HFS+ file system.
Often times this is also dependent upon which filesystem is in use, or which implementation can be used on which file system (the two primary ACL types are POSIX.1e ACLs and NFSv4 ACLs). Most operating systems also support some form of Access Control Lists (or ACLs). For directories, these permissions mean that the user can read the contents of a directory (but not necessarily the contents of the files in the directory), can write to the directory (create and delete files), or execute (allows the user to traverse that directory tree in order to access files or subdirectories, although it does not on its own allow permission to see the contents of the directory).
With a file, these permissions mean that the user can read the file, write to it, change or delete it, or execute it as a program.
You can further define whether or not each of these has read, write, or execute permission to the file or directory. Standard POSIX permissions are independent of which file system they are used on (provided the system supports them), and anyone familiar with Linux or UNIX will be familiar with them as they are the standard way to set very basic access control on files and directories.Įssentially, you can define the owner of a file or directory, the group that owns it, and “other” (everyone who is not the owning user or a member of the owning group). Most UNIX systems use the standard POSIX (Portable Operating System Interface) permissions when managing access to files. Vincent Danen gives you a basic overview of how ACLs can be managed in OS X with Finder. Introduction to OS X Access Control Lists (ACLs)