overrides.plist denied write access by ACLs
Hello all, My product installs an agent in /Library/LaunchAgents/ and my application allows the user to enable/disable it. To do that, I'm calling "launchctl load/unload -w" which stores the disabled state in its per-user overrides.plist file. However I'm getting several reports from users for which it doesn't work. It turns out their overrides.plist is denied write access by ACLs.
# cd /var/db/launchd.db/com.apple.launchd.peruser.501 # ls -ale@ total 8 drwx------@ 3 sparker wheel 102 Sep 5 2009 . com.apple.metadata:_kTimeMachineNewestSnapshot 50 com.apple.metadata:_kTimeMachineOldestSnapshot 50 0: group:everyone deny add_file,delete,add_subdirectory,delete_child,writeattr,writeextattr,chown drwxr-xr-x 12 root wheel 408 Feb 25 2010 .. -rw-------@ 1 sparker wheel 376 Feb 13 2010 overrides.plist com.apple.metadata:_kTimeMachineNewestSnapshot 50 com.apple.metadata:_kTimeMachineOldestSnapshot 50 0: group:everyone deny write,delete,append,writeattr,writeextattr,chown
They are also Time Machine extended attributes which may be related to the whole thing. Have you guys seen this before? Any idea how these ACLs got here? Thanks, Thomas
On 14 janv. 2011, at 22:10, Thomas Clément wrote:
Hello all,
My product installs an agent in /Library/LaunchAgents/ and my application allows the user to enable/disable it. To do that, I'm calling "launchctl load/unload -w" which stores the disabled state in its per-user overrides.plist file.
However I'm getting several reports from users for which it doesn't work. It turns out their overrides.plist is denied write access by ACLs.
# cd /var/db/launchd.db/com.apple.launchd.peruser.501 # ls -ale@ total 8 drwx------@ 3 sparker wheel 102 Sep 5 2009 . com.apple.metadata:_kTimeMachineNewestSnapshot 50 com.apple.metadata:_kTimeMachineOldestSnapshot 50 0: group:everyone deny add_file,delete,add_subdirectory,delete_child,writeattr,writeextattr,chown drwxr-xr-x 12 root wheel 408 Feb 25 2010 .. -rw-------@ 1 sparker wheel 376 Feb 13 2010 overrides.plist com.apple.metadata:_kTimeMachineNewestSnapshot 50 com.apple.metadata:_kTimeMachineOldestSnapshot 50 0: group:everyone deny write,delete,append,writeattr,writeextattr,chown
They are also Time Machine extended attributes which may be related to the whole thing.
Have you guys seen this before? Any idea how these ACLs got here?
It seems these users have restored their system from a Time Machine backup which failed to remove the ACLs that were imposed on the backup drive. So this might a bug in Time Machine (already fixed?). Pretty bad. Thomas
On 15 Jan 2011, at 14:27, Thomas Clément wrote:
It seems these users have restored their system from a Time Machine backup which failed to remove the ACLs that were imposed on the backup drive.
In general both Time Machine and the Finder will remove these ACLs (and EAs) when they restore from a backup. My guess is that the user's restored from the backup via some other means. Regardless, this isn't an issue specific to launchd. S+E -- Quinn "The Eskimo!" <http://www.apple.com/developer/> Apple Developer Relations, Developer Technical Support, Core OS/Hardware
participants (2)
-
Quinn "The Eskimo!"
-
Thomas Clément