Life in the Sandbox World

This chapter will give you an overview of the Sandbox interface.

At Launch

When you launch Sandbox, you will be asked to authenticate.

Enter an administrator's user name and password or simply click Cancel in this dialog. If you're not the computer's administrator, it may not be a good idea to use Sandbox on it without first contacting the administrator and obtaining approval.

Main Menu

Fig. 1-1 — Sandbox main menu

The main menu contains all of the commands for getting around in Sandbox:

The Sandbox menu provides an easy way to make sure you're running the latest version of Sandbox via Check for Update.
The Entries menu contains tools for creating new access control entries (ACEs), making changes to existing ACEs, and removing unwanted ACEs. Under this menu you'll also find commands for making changes to entire folder structures at once.
There are many permissions flags in Mac OS X's access control list (ACL) model, so we've provided some useful shortcuts when editing existing ACEs or creating new ones. You'll find these commands under the Flags menu. (Read: There are a lot of checkboxes for flags, and we've it easier to manipulate them all at once.)
The Tools menu is where to go when you need to enable or disable ACL support on a volume.

You can find information on how to use all of these commands in subsequent sections of the this documentation.

Main Window

Fig. 1-2 — Sandbox main window

The current location will always display a full POSIX path to the folder or volume you're currently working with.
The POSIX info area displays the current folder's owner with user identification number (UID), group with group identification number (GID), and standard POSIX permissions bits.
All of the entries that are explicitly defined for the current folder are listed in the ACL inspector.
When Sandbox alters a folder, the ACL inspector will refresh. In case this doesn't happen, or if you suspect another program has made changes that you need to see reflected in Sandbox, you can use the refresh button to force the main window to update.
The editing controls are located in the bottom-right of the main window. These provide quick access to the three most commonly used functions (from left to right): adding a new ACE, removing the currently selected ACE, and editing the currently selected ACE.

For performance, when an entry is added, removed, or its order is changed, only the ACL inspector will refresh; the POSIX info for the folder will not be updated. Use the main window's refresh button to force a complete update if necessary.
If the file system object is moved, renamed, or deleted during operation, Sandbox will clear the contents of the main window. No file system changes will be made.

The ACL Inspector

The ACL Inspector is where you'll find the entries attached to the object you're currently viewing.

Fig. 1-3 — The ACL inspector

ACL entries are sorted by their assigned ID number, visible in the ID column.
The user and group assignment can be seen in the next column, User/Group Name.
Entry Type will tell you if the permissions for that entry are being denied or allowed. Additionally, inherited entries are denoted with the prefix "(i)".
The flags that are set for each entry are shown in the Entry Behavior column.