Adding New Entries
Choose a Target Folder
To add an ACL entry to a file system object, you first need to open that object in the main window:- In the main Sandbox window, click Inspect Folder... to open the file system browser. Alternatively, this command is also available under the File menu.
- When the browser panel appears, navigate to the folder you want to add entries to and click Inspect.
- You can't edit the extended security attributes of an object that isn't a folder or volume.
- You can't add entries to a folder on a read-only volume.
Sandbox will refresh the contents of its main window reflect the newly chosen folder. If the ACL inspector doesn't show any entries, that means that there are no entries set.
Configure the New Entry
Click the add button (as indicated by a +) below the ACL inspector, or choose Add New Entry under the Entries menu. The Add Entry panel will open, where you can define the attributes of your new entry.
Fig. 3-1 — Add Entry panel
The settings available in the new entry panel should be familiar to you, but there are a few things worth noting.
User or Group
This menu contains a list of all user and group names for the default local node, with their respective ID numbers in parentheses. If you're in an environment that provides additional Directory Service nodes, such as an Open Directory setup, you may see users and groups found in those nodes, as well.
- If a collision exists between a user and a group, the user record will take precedence.
- To update the list when a new user or group is added, altered, or removed, you must relaunch Sandbox.
Assigning an ID Number
Sandbox can create new entries with IDs automatically assigned, when Default is selected in this menu. Canonical ACL order is as follows:
- deny
- allow
- (inherited) deny
- (inherited) allow
Sandbox also lets you determine the ordering of the entry when you create it. When an entry is created with a specific ID number, existing entries are given new ID numbers automatically. This presents a problem under some circumstances:
If an entry is created that breaks canonical ACL order, it is not possible to determine what the "default" ID should be until the out-of-order entries are returned to canon; an object with entries in non-canonical must have new entries created with pre-chosen ID numbers.
For information on how to reorder entries, see: "Changing the Order of Entries".
Adding the New Entry
When you've finished configuring your entry, click Add Entry. The panel will close and the ACL inspector will refresh to display the new entry alongside any existing entries.
More Useful Information
The Add Entry panel uses human-readable permissions flags. A list of corresponding raw ACL flags can be found in the FAQ: "What ACL flags do the human-readable permissions correspond to?"
When you're working in the new entry panel, you'll find a few helpful commands for manipulating the settings switches under the Flags menu:
- Reset Flags to Defaults will set the state of all flags to their default values.
- Clear Every Flag will uncheck every switch, turning all flags off.
- Enable Every Flag will set every switch to checked, turning all flags on.