Page 1 of 1

[INFO] Mojave: UF_DATAVAULT / [Q] ACLs [DONE]

Posted: Thu Oct 25, 2018 9:56 pm
by JayB
Some background information:

https://eclecticlight.co/2018/10/23/moj ... erability/
https://eclecticlight.co/2018/10/25/no- ... in-mojave/
https://mjtsai.com/blog/2018/10/25/moja ... datavault/

It seems this UF_DATAVAULT is a new kind of "flag". I'm not on Mojave yet, but I'm pretty sure the `ls` command will not print "datavault" like it prints "restricted", "schg" etc. But maybe there's a place in Nimble Commander's "File Attributes" panel to show the user when a file belongs to the super-protected "Data Vault" category. Maybe it can go between the flags section and the ownership section with an additional separator. (?)

While I'm at it: anything on the horizon regarding incorporating NC functionality to set/change/delete ACLs? I can see this in the File Attributes panel as well, maybe an additional button in the ownership section below "Group" that opens another panel to edit ACLs. Possible? (I believe a file manager should support ACLs, but maybe that's just me. ;) )

Re: [INFO] Mojave: UF_DATAVAULT / [Q] ACLs

Posted: Mon Nov 05, 2018 8:44 am
by mike
Ok, I added this flag into the File Attributes dialog (obviously as a read-only field).
Regarding ACL - nobody really uses them on Mac, so I see no reason to spend time on this functionality.

Re: [INFO] Mojave: UF_DATAVAULT / [Q] ACLs [DONE]

Posted: Mon Nov 05, 2018 9:46 am
by JayB
Thank you! Too bad about ACLs, though. I actually use them, mostly to restrict write access to certain folders, e.g. Desktop. Apple seems to use them a lot to protect default system folders, also in the user's home folder. It's actually an awesome tool to have finetuned control over your system. But if it's too much of a hassle to implement this, I can understand. But maybe a read-only string is possible in the File Attributes window? One additional line per access control entry, e.g.

Code: Select all

0: group:everyone deny add_file,add_subdirectory,directory_inherit,only_inherit
below the flags or below the owner/group section? That way users will at least know if ACLs are used on a file. (Just an idea, though long ACL entries might be too long for a fixed width window.)

EDIT: or instead of printing the actual ACL, just a part-agnostic info like "ACL yes/no".

Re: [INFO] Mojave: UF_DATAVAULT / [Q] ACLs [DONE]

Posted: Mon Nov 05, 2018 9:54 am
by JayB
If you do change your mind at some point in the future, the interface would be straight-forward, something like this.

Image

In the meantime, maybe I can cook up some solution for myself.

Re: [INFO] Mojave: UF_DATAVAULT / [Q] ACLs [DONE]

Posted: Mon Nov 05, 2018 10:46 am
by mike
Well, to be honest I'm very surprised you're actually using ACLs!
Implementing this feature might eat up to a month, there's no such time at disposal.
I also don't think it can be added to the File Attributes dialog, since it supports working with multiple entries and merging ACLs would be a nightmare.

Re: [INFO] Mojave: UF_DATAVAULT / [Q] ACLs [DONE]

Posted: Wed Nov 14, 2018 12:32 am
by JayB
I understand. Would be cool, though. :) And yeah, ACLs are actually pretty great. Apple uses them too for some system locations. I use them a lot on important folders, e.g. in my home directory like ~/Applications, ~/Developer, ~/Developer/Applications, ~/.cache, ~/.local, ~/.local/bin etc. It's a shame so few people use them.

I once had a command line installer that just wiped all contents of my ~/.config directory, so I'm not taking any chances: "everyone deny delete" is mostly my preferred access control entry. It's also good for protecting developers' LaunchDaemons, which I've modified, from being reset to default values by updaters etc. (Though I tend to use the system-immutable Unix flag there too.)