Back in 2013, I hacked together (and silently released to GitHub) a set of command line utilities for working with OS X file ACLs (Access Control Lists) and ACEs (Access Control Entries), collectively named acl-tools-osx. Included are three utilities written in bash:

• findacl – This is the main tool, a wrapper for the powerful find command which ads “primaries” for working with OS X file ACLs.
• chgrpacl – Built atop findacl, this allows changing group ACEs in an OS X file’s ACL from one group to another.
• chusracl – The same as above, but for changing user ACEs from one user to another.

While probably well written for a bash script, findacl is still a bit of a hack: it relies on find to build the initial file list, then it reads & matches against all ACEs for each file. Unfortunately, for the ACL/ACE matching, it’s not smart enough to handle any operators other the AND. As mentioned above, chgrpacl & chusracl are powered by findacl and reduce a task that would require a minimum of three commands (one to list a file’s ACL, one to delete the required ACE, and one to re-add the ACE with the new user/group name) to a single easy command.

I wrote these for Small Dog Electronics to resolve some user & group name conflicts by changing group names. With thousands upon thousands of files with ACEs for the group names being changed, I could either leave orphaned group ACEs around (they show up as raw UUIDs) and re-apply the ACEs manually, I remove all ACLs and manually re-apply all ACLs (yeah, right!), or—if there was a way—I could just find files with ACEs for specific user/group names, delete them, and re-add them in the new user/group name. The last option made the most sense, but few utilities other that ls and chmod can handle OS X ACLs, certainly not my beloved find. So, I put together something that worked, automated the process—which worked quite well—and only used them a couple of times afterwards.

Well, someone happened across them recently and reported an issue with parsing ACEs containing certain special characters (including spaces), so I’ve fixed that and now present the world with acl-tools-osx 0.1.1. You can now find the download in the development section as well as on GitHub. Hopefully someone else will find them useful as I and at least one other person have.