+ or @ mark after running 'ls -al'
In Mac OS X, run 'ls -al' offers me something similar to this.
drwxrwxrwx+ 4 smcho staff 136 May 5 09:18 Public drwxr-xr-x+ 6 smcho staff 204 Feb 1 2010 Sites drwxrwxrwx 9 smcho staff 306 Feb 2 2010 backup [email protected] 36 smcho staff 1224 Sep 4 22:51 bin
- What's the + or @ at the end of the first column suggests?
- Is this one-of-a-kind to Mac, or usual in UNIX?
After Michael Mrozek's solution, I ran 'ls -ale' to get the adhering to.
drwx------+ 66 smcho staff 2244 Aug 30 13:40 Library 0: group:com.apple.sharepoint.group.3 allow search 1: group:everyone deny delete drwxr-xr-x 3 smcho staff 102 Sep 4 15:01 Mail drwx------+ 13 smcho staff 442 Aug 28 17:55 Movies 0: group:everyone deny delete drwx------+ 6 smcho staff 204 Jul 9 09:37 Music 0: group:everyone deny delete drwx------+ 11 smcho staff 374 Aug 28 16:55 Pictures 0: group:everyone deny delete drwxr-xr-x 3 smcho staff 102 Mar 18 15:43 Projects drwxrwxrwx+ 4 smcho staff 136 May 5 09:18 Public 0: group:everyone deny delete drwxr-xr-x+ 6 smcho staff 204 Feb 1 2010 Sites 0: group:everyone deny delete
What those added messages suggest? Why do I have them for several of the documents? I do not bear in mind doing anything certain for them.
@ suffix is one-of-a-kind to Mac OS and also is covered by this question, so I replicated this component of my solution from there ; it suggests the documents has extended attributes. You can make use of the
xattr command-line energy to watch and also change them :
xattr --list filename xattr --set propname propvalue filename xattr --delete propname filename
+ suffix suggests the documents has an accessibility control checklist, and also prevails in any kind of *nix that sustains ACLs. Offering
-e flag will certainly make it show the linked ACLs after the documents, and also
chmod can be made use of to change after that. A lot of this is from the
chmod male web page :
You add an ACL with
chmod +a "type:name flag permission,...", and also remove it with
chmod -a. The argument to
chmod is rather difficult :
- type is either
group, to make clear if
nameis describing a username or a team name. If
nameis distinct, you can leave out the type
- name is the username or team the ACL relates to
- flag is
allowif this ACL access is providing an approval, or
denyif it's refuting an approval
- approval is the real approval being changed ; you can detail as several as you like, comma-separated
- delete -- Allow the file/directory to be removed
- readattr -- Read standard features
- writeattr -- Write standard features
- readextattr -- Read expanded features (making use of
xattr, from over)
- writeextattr -- Write extensive features
- readsecurity -- Read ACL details
- writesecurity -- Write ACL details
- chown -- Change proprietor
- Directory-specific approvals
- checklist -- Show the files/folders in the directory site
- search -- Find a file/folder in the directory site by name
- add_file -- Create a new documents in the directory site
- add_subdirectory -- Create a new directory site in the directory site
- delete_child -- Remove a file/directory in the directory site
- file_inherit -- ACLs on the directory site are acquired by documents
- directory_inherit -- ACLs on the directory site are acquired by subdirectories
- limit_inherit -- Stops ACLs acquired by this directory site from being acquired by subdirectories
- only_inherit -- Inherited by all freshly developed things yet overlooked
- File-specific approvals.
- read -- Open the apply for reviewing
- write -- Open the apply for creating
- append -- Open the apply for adding
- execute -- Run the documents
In your certain instance, a lot of the ACL access are
group:everyone deny delete. That is, all users in the
everyone team (which is normally every person) are refuted the approval to delete the folder. I think, although I can not locate any kind of documents concerning it, that these are default ACLs to stop you from getting rid of crucial origin folders-- someone remedy this if that's not the instance. The only various other access is
group:com.apple.sharepoint.group.3 allow search, which permits Directory Services to look for documents by name in the