magnusviri

Removing Mac OS X ACLs and Extended Attributes, and deleting Time Machine backups

[Update 2017-10-27: Added information about chflags norestricted

[Update 2017-10-07: Added a little more information about ACL's and Extended Attributes]

2014-04-15

This is just a collection of commands to get around Mac OS X's extra file stuff that keep getting in my way.

Recursively Removing ACLs

When you run ls -al and you see a "+" at the end of the permissions that means there are ACLs (Access Control List).

drwx------+ 32530 root  wheel   1106020 Oct  6 12:25 .

You can see the ACL with ls -ale

drwx------+ 32530 root  wheel   1106020 Oct  6 12:25 .
 0: group:everyone deny add_file,delete,add_subdirectory,delete_child,writeattr,writeextattr,chown

You can recursively remove these ACL's with this command.

chmod -RN /path/to/directory

Recursively Removing Extended Attributes

When you run ls -al and you see a "@" at the end of the permissions that means there are extended attributes.

drwx------@ 32530 root  wheel   1106020 Oct  6 12:25 .

You can see the extended attributes with ls -ale

drwx------@ 32530 root  wheel   1106020 Oct  6 12:25 .
    com.apple.metadata:_kTimeMachineNewestSnapshot      50
    com.apple.metadata:_kTimeMachineOldestSnapshot      50

You can remove all extended attributes with this command.

xattr -rc /path/to/directory

Or you can remove specific attributes with this command.

xattr -rd com.apple.NAME /path/to/directory

I usually remove extended attributes (and ACLs) for files I copy from TimeMachine or from files I download from the internet.

Here are the types of files that depend on extended attributes. So if you delete these extended attributes, you basically are deleting the contents of the file.

Recursively Removing Files in Time Machine backups

You can delete files using the Time Machine app, but if you want to do more then that, there are ways to do it with the Terminal. To delete some files in a Time Machine backup.

tmutil delete /Volumes/[disk]/Backups.backupdb/HOST/DATE_FOLDER

To completely delete all backups use bypass. Note, you should not use this to delete some files because using bypass + rm will delete files in other backups, so if you want to delete only some, use the tmutil option.

10.7

sudo /System/Library/Extensions/TMSafetyNet.kext/Contents/MacOS/bypass rm -rfv /Volumes/[disk]/Backups.backupdb

10.8+

sudo /System/Library/Extensions/TMSafetyNet.kext/Helpers/bypass rm -rfv /Volumes/[disk]/Backups.backupdb

Restore Time Machine backup

Single file.

sudo /usr/bin/tmutil restore /Volumes/[disk]/Backups.backupdb/HOST/DATE_FOLDER/HardDisk/Users/james/Desktop/file /Users/james/Desktop/file2

Folder.

sudo /usr/bin/tmutil restore /Volumes/[disk]/Backups.backupdb/HOST/DATE_FOLDER/HardDisk/Users/james/Desktop /Users/james/Desktop2

Whole disk (WARNING: will replace contents of /Volumes/HardDisk with the backup).

sudo /usr/bin/tmutil restore -v "/Volumes/[disk]/Backups.backupdb/HOST/Latest/HardDisk" "/Volumes/HardDisk"

Don't trust Time Machine.

Disabling SIPs (System Integrity Protection)

Starting in 10.11 Apple added a feature called System Integrity Protection that prevents users from removing certain files, mainly system files. Among the protected directories are: /System, /bin, /sbin, /usr (but not /usr/local) and others.

This is a fun one to get around. To run this command you must reboot your computer. that's right, boot to the Recovery HD partition. See this document if you don't know how. Then open Terminal and run these commands.

Turn off SIPs for a specific file

chflags norestricted /path

Turn off SIPs for a path

chflags -R norestricted /path

Turn off SIPs completely (I do not recommend this)

csrutil disable

There is far more information on Stackexchange

Published: 2014-04-15, last edited: 2020-05-11

Copyright © 2024 James Reynolds