1

I manage a Mac Mini server OS X 10.8.5 Server 2.2.2. used as a file share for assigned partners to upload video files to their respective folder at the very lowest level of the file system (accessed using Filezilla). These users permissions need to stay the same and should not exceed their respective folder and its child folders.

The project leads need to have access to all files, read and write, through Filezilla.

Currently they are able to do this, each user has individual permissions to each folder. I have created a group 'access' that has all the permissions the project leads need and placed it at the highest level of the file system necessary and applied inheritance.

The problem I am having is removing the individual users permissions from highest to lowest. When using the 'propagate permissions' command to apply the new ACL, sometimes the project leads permissions are removed from a child folder, sometimes they are not.

How can I go about recursively removing a specific users permissions down the entire file structure without affecting the rest of the folders permissions?

masegaloeh
  • 18,236
  • 10
  • 57
  • 106
Tom
  • 11
  • 1

1 Answers1

0

Look into chmod -a to remove specific ACLs

From man chmod

-a The -a mode is used to delete ACL entries. All entries exactly matching the supplied entry will be deleted. If the entry lists a subset of rights granted by an entry, only the rights listed are removed. Entries may also be deleted by index using the -a# mode.

-R would make the action recursive

ls -le filename will list the ACLs associated with filename

In theory you could do this UNTESTED (I just wrote it for you now) script to recurse through all files and delete ACLs for the specified user

#!/bin/bash
OLDIFS=$IFS
IFS='
'
while read file
do
  for ACL in $(ls -led $file|tail -n+2|cut -d':' -f2,3)
  do
    if [ $ACL ] && [[ $ACL =~ YourUserName ]]; then
        echo ACL found: $ACL
        echo FILE found: $file
        echo "Removing ACL..."
        chmod -a "$(echo $ACL|cut -d':' -f2)" ${file}
    fi
  done
done < <(find / )
IFS=$OLDIFS

This assumes YourUserName is the name of the employee whose ACL you wish to revoke and that / is the point in the filesystem where you wish to recurse from, which would effectively do the entire filesystem if you use / unless you add a -maxdepth argument to find.

Update, I tested it, and it is working. Just copy the code into a file and save as aclchange.sh then put it in the root of the directory you want to recurse. change the file command to (find .) and YourUserName to the user whose ACLs you want to remove. Open a terminal and cd /directory/where/script_is then type chmod +x ./aclchange.sh . Lastly sudo ./aclchange.sh It will run and list the files and ACLs that are getting removed from those files.

usedTobeaMember
  • 616
  • 15
  • 25