Unix is deceptively simple. It’s file permission structure is a perfect expression of this. Simple to learn, but powerful in use. Unfortunately for some it’s just too much to get their heads around (viz “I keep trying to empty the trash but it tells me that I can’t!!11!”).
Is Apple’s solution to educate the masses about file ownership? Oh no no, if Johnny wants to delete a folder full of files he should just be able to right? Regardless of whether his account created the files right? That’s “it just works” in action right?? So what do they do? They have a helper (hah!) application with admin rights that Finder can kick off to merrily delete files that you don’t have the rights to delete. Neat huh? This aberration’s name? Locum.
A nice analysis here for those of you who grok Unix. The author makes a number of hopeful assumptions that Apple have put in the necessary checks and balances to ensure this little bugger is not misappropriated. Given the greater attention iOS has been receiving in Cupertino for the last few years I’m afraid I don’t share his optimism.
by Johnny Caraveo
15 Jul 2013 at 01:27
Are the files that are being deleted stored in the user’s directory? If so, wouldn’t locus make sense? Most of the time locum is used for deleting files that were deleted from an external device(ex: external hard drive)and are referenced in the local trash bin(not necessarily the local trash directory.)
by admin
15 Jul 2013 at 09:38
The source article doesn’t specify the location of the test, however it is irrelevant – let me explain why. One of the reasons Macintosh to this day suffers fewer malware infections than Windows is due to the simplicity and pervasiveness of Unix file permissions. If you don’t own a file then you can only do to that file what it’s owner has specified. By default, I do not have the rights to edit nor delete a file created by an owner other then I, hence I cannot mess with the system’s own files. If I try, at worst I am presented with a system dialog asking whether the attempt is okay. All this is entirely independent of the file’s location within the directory structure – it would be a weakness in and of itself if the permissions system were to say ‘everything inside this directory belongs to user A and they can do whatever to it regardless of the file permissions’. For the purposes of this discussion, it is that simple.
The presence therefore of a piece of software that runs as my account (and hence has my permissions) that can alter files over which I have no permissions without presenting any system dialog is a security weakness no matter which way you cut it. I am not concerned about how Locum is used “most of the time”, I am concerned about how it is misused some of the time ;o)
by Nicolas B.
24 Nov 2013 at 12:08
“The presence therefore of a piece of software that runs as my account (and hence has my permissions) that can alter files over which I have no permissions without presenting any system dialog is a security weakness no matter which way you cut it.”
This is contradictory. The deed that you describe and fear here cannot happen, hence does not happen.
by admin
24 Nov 2013 at 14:24
The linked article contains proof that this can and does happen. Follow the steps described and you will see. Please provide evidence to the contrary if you disagree.
by Nicolas B.
24 Nov 2013 at 12:10
“Your comment is awaiting moderation.”
Oh yes, some moderation ! Only tepid ideas, please.
Censorship always degrades the one who commits it.
by admin
24 Nov 2013 at 14:28
Indeed so, but moderation is not censorship. I have posted both your comments unedited. The moderation is required merely to put me in the spam filtering loop; this blog receives far too many spam comments to allow postings to go through unseen.
by George N.
27 Jun 2014 at 15:41
Indeed… my Mac cannot delete ( or it takes many many time to finally not delete anything that i deleted from the external hard drive that ia use to take homework from my office pc ( not mac ) with different user credentials. Well, it doesn’t recognise that i am the same person ( even if physically i am ) that is the owner of this Mac and that PC…
The Locum ( when i tried to empty the trash ) had in the trash the previous deleted files of the external hard drive… so it started to try to empty and ended with using the 95% of 16Gb of RAM and of course the system told me that i did not have any RAM available for my applications… when i opened the system monitor and went to the Memory tab i saw this “Locum” using the RAM… i shut it down and all came back to normal… but still can’t empty the trash…
Frustrating… must solve these things…