Tiny Deathstars of Foulness

Someone hands you a USB drive. You put it in your computer and you can’t access anything on it. You are running an imaging lab and you want to backup or troubleshoot a device before you re-image it, but you can’t access certain files. Obviously, you can sudo. But, you can also simply disable permissions on that volume (which, like getting someone to make you a sandwich, requires sudo of course). The command used to enable and disable permissions on a volume is vsdbutil, located at /usr/sbin/vsdbutil. And there’s a LaunchDaemon at /System/Library/LaunchDaemons/ that interacts with diskarbitrationd so that when a volume is mounted, it is marked as having permissions activated or deactivated (which is basically “Ignore Permissions” at the Finder). To use vsdbutil to enable “Ignore Permissions”, use the -d flag followed by the path to the volume: sudo /usr/sbin/vsdbutil -d /Volumes/Myvolume To then enable (or activate, thus the a) permissions again, use the -a flag: sudo /usr/sbin/vsdbutil -a /Volumes/Myvolume You can also run the -c to see the status for a given path: sudo /usr/sbin/vsdbutil -c /Volumes/Myvolume And last but certainly not least if you’re working on a lot of volumes, the -i option will enable permissions on all mounted HFS and HFS+ volumes: sudo /usr/sbin/vsdbutil -i Overall, it’s very easy to send these commands using a positional parameter (e.g. $1) to a script, performing a mount, some operation (backup, reimage, restore, repair some corrupted data, etc). Note: You can’t Ignore Permissions of FAT or FAT32 volumes using the command line or a Finder Get Info screen.

December 1st, 2015

Posted In: Mac OS X, Mac Security, Mass Deployment

Tags: , , , , , ,