Admin Permission

launchctlのファイルをロックしてアップデート停止する


#!/bin/bash
#com.cocolog-nifty.quicktimer.icefloe
#
#################################################
USER_WHOAMI=$(/usr/bin/whoami)
/bin/echo "実行ユーザー(whoami): $USER_WHOAMI"
if [ "$USER_WHOAMI" != "root" ]; then
  ###実行しているユーザー名
CONSOLE_USER=$(/bin/echo "show State:/Users/ConsoleUser" | /usr/sbin/scutil | /usr/bin/awk '/Name :/ { print $3 }')
/bin/echo "コンソールユーザー(scutil): $CONSOLE_USER"
  ###管理者インストールしているか?チェック
/bin/echo "このスクリプトを実行するには管理者権限が必要です。"
/bin/echo "sudo で実行してください"
  ### path to me
SCRIPT_PATH="${BASH_SOURCE[0]}"
/bin/echo "/usr/bin/sudo \"$SCRIPT_PATH\""
/bin/echo "↑を実行してください"
exit 1
else
  ###実行しているユーザー名
CONSOLE_USER=$(/bin/echo "show State:/Users/ConsoleUser" | /usr/sbin/scutil | /usr/bin/awk '/Name :/ { print $3 }')
/bin/echo "コンソールユーザー(scutil): $CONSOLE_USER"
  ###実行しているユーザー名
HOME_USER=$(/bin/echo "$HOME" | /usr/bin/awk -F'/' '{print $NF}')
/bin/echo "実行ユーザー(HOME): $HOME_USER"
  ###logname
LOGIN_NAME=$(/usr/bin/logname)
/bin/echo "ログイン名(logname): $LOGIN_NAME"
  ###UID
USER_NAME=$(/usr/bin/id -un)
/bin/echo "ユーザー名(id): $USER_NAME"
  ###STAT
STAT_USR=$(/usr/bin/stat -f%Su /dev/console)
/bin/echo "STAT_USR(console): $STAT_USR"
fi

########################################
##
STR_FILE_PATH_A="/Library/LaunchAgents/com.microsoft.OneDriveStandaloneUpdater.plist"
STR_FILE_PATH_B="/Library/LaunchDaemons/com.microsoft.OneDriveStandaloneUpdaterDaemon.plist"
STR_FILE_PATH_C="/Library/LaunchDaemons/com.microsoft.OneDriveUpdaterDaemon.plist"
##
LIST_FILE_PATH=("$STR_FILE_PATH_A" "$STR_FILE_PATH_B" "$STR_FILE_PATH_C")
##
for ITEM_FILE_PATH in "${LIST_FILE_PATH[@]}"; do
/usr/bin/sudo /bin/ls -ale "$STR_FILE_PATH"
  ##鍵=ロック解除して
/usr/bin/sudo /usr/bin/chflags noschg "$ITEM_FILE_PATH"
/usr/bin/sudo /usr/bin/chflags nosimmutable "$ITEM_FILE_PATH"
/usr/bin/sudo /usr/bin/chflags nouchg "$ITEM_FILE_PATH"
/usr/bin/sudo /usr/bin/chflags nouimmutable "$ITEM_FILE_PATH"
  ##ACLをクリアして
/usr/bin/sudo /bin/chmod -N "$ITEM_FILE_PATH"
/usr/bin/sudo /bin/ls -ale "$ITEM_FILE_PATH"
  ##削除
/usr/bin/sudo /bin/rm -f "$ITEM_FILE_PATH"
/usr/bin/sudo /usr/bin/touch "$ITEM_FILE_PATH"
  ##ACLつけて
/usr/bin/sudo /bin/chmod +a "user:root deny delete" "$ITEM_FILE_PATH"
/usr/bin/sudo /bin/chmod +a "group:wheel deny delete" "$ITEM_FILE_PATH"
  ##鍵つけて 削除できない
/usr/bin/sudo /usr/bin/chflags schg "$ITEM_FILE_PATH"
done

exit 0


|

【まとめ】アクセス権とアトリビュートについて

【まとめ】ファイルのアクセス権とアトリビュートについて
【1】:アクセス権
【2】:オーナー グループ設定
【3】:ACLs
【4】:xattrs

【1】:アクセス権 Permissions
【1−1】コマンドラインから
【1−2】NSFileAttributesを利用する
【1−3】Finderから
【2】:オーナー グループ設定 Owner Group
管理者権限が必要になる事がホトンドなので
基本的にはコマンドラインから変更する事になる
【2−1】:コマンドラインから
【2−2】:NSFileAttributesを利用する
【3】:ACLs
【3−1】:chmodコマンドラインから
【3−2】:chflagsコマンドラインから
【3−3】:NSFileAttributesを利用する
【4】:xattrs
【4−1】:コマンドラインから

【1】:アクセス権Permissions
【1−1】コマンドラインから
[shell script]Permission コマンドで ファイル フォルダのアクセス権を設定変更する
https://quicktimer.cocolog-nifty.com/icefloe/2023/10/post-7194dd.html
【1−2】NSFileAttributesを利用する
[NSFileManager]Permission ファイル フォルダのアクセス権の設定
https://quicktimer.cocolog-nifty.com/icefloe/2023/10/post-b6b9cc.html
【1−3】Finderから
[Finder]Permission ファイル フォルダのアクセス権の設定
https://quicktimer.cocolog-nifty.com/icefloe/2023/10/post-52e6a5.html

【2】:オーナー グループ設定 Owner Group
管理者権限が必要になる事がホトンドなので
基本的にはコマンドラインから変更する事になる
【2−1】:コマンドラインから
[do shell script]ファイル・フォルダの所有者オーナーの変更
https://quicktimer.cocolog-nifty.com/icefloe/2023/10/post-b643b0.html
【2−2】:NSFileAttributesを利用する
[NSFilePosixPermissions]ファイル・フォルダのグループ変更
https://quicktimer.cocolog-nifty.com/icefloe/2023/10/post-b5a2a4.html

【3】:ACLs
【3−1】:chmodコマンドラインから
[chmod]chmodで設定する属性
https://quicktimer.cocolog-nifty.com/icefloe/2023/10/post-b3ce1a.html
【3−2】:chflagsコマンドラインから
[chflas]上手に使ってファイルやフォルダの保護
https://quicktimer.cocolog-nifty.com/icefloe/2023/10/post-fbb3ad.html
【3−3】:NSFileAttributesを利用する
[NSFileAttributeKey]アクセス権(属性)を設定する
https://quicktimer.cocolog-nifty.com/icefloe/2023/10/post-041aea.html

【4】:xattrs 【4−1】:コマンドラインから
[xattr]xattr基本のおさらい
https://quicktimer.cocolog-nifty.com/icefloe/2023/10/post-d41d3e.html

|

[chmod]chmodで設定する属性


【スクリプトエディタで開く】|

#!/bin/bash
#com.cocolog-nifty.quicktimer.icefloe
#################################################
STR_FILE_PATH="$HOME/Desktop/test.sh"
/usr/bin/touch "$STR_FILE_PATH"
/bin/chmod 777 "$STR_FILE_PATH"
/bin/echo '#!/bin/sh' > "$STR_FILE_PATH"
/bin/echo '/bin/echo "こんにちは世界"' >> "$STR_FILE_PATH"

STR_DIR_PATH="$HOME/Desktop/test/"
/bin/mkdir -p "$STR_DIR_PATH"

####現状の確認
/bin/ls -ale "$STR_FILE_PATH"
/bin/ls -ale "$STR_DIR_PATH"
####現在設定されているACLsを削除
/usr/bin/sudo /bin/chmod -N "$STR_FILE_PATH"
/usr/bin/sudo /bin/chmod -N "$STR_DIR_PATH"
####削除後の内容を確認
/bin/ls -ale "$STR_FILE_PATH"
/bin/ls -ale "$STR_DIR_PATH"

exit 0



【スクリプトエディタで開く】|

#!/bin/bash
#com.cocolog-nifty.quicktimer.icefloe
#################################################
STR_FILE_PATH="$HOME/Desktop/test.sh"
/usr/bin/touch "$STR_FILE_PATH"
/bin/chmod 777 "$STR_FILE_PATH"
/bin/echo '#!/bin/sh' > "$STR_FILE_PATH"
/bin/echo '/bin/echo "こんにちは世界"' >> "$STR_FILE_PATH"

STR_DIR_PATH="$HOME/Desktop/test/"
/bin/mkdir -p "$STR_DIR_PATH"

USER_NAME=$(/usr/bin/whoami)

GROUP_ID=$(/usr/bin/id -gn)

#################################################
###ファイル フォルダ 共通

### delete 削除できなくなる 書き込みもできない?
/bin/chmod +a "user:$USER_NAME deny delete" "$STR_FILE_PATH"
/bin/chmod +a "user:$USER_NAME deny delete" "$STR_DIR_PATH"

/bin/chmod -a "user:$USER_NAME deny delete" "$STR_FILE_PATH"
/bin/chmod -a "user:$USER_NAME deny delete" "$STR_DIR_PATH"

### readattr 属性を読み取れなくなる
/bin/chmod +a "user:$USER_NAME deny readattr" "$STR_FILE_PATH"
/bin/chmod +a "user:$USER_NAME deny readattr" "$STR_DIR_PATH"

/bin/chmod -a "user:$USER_NAME deny readattr" "$STR_FILE_PATH"
/bin/chmod -a "user:$USER_NAME deny readattr" "$STR_DIR_PATH"

### writeattr 属性を書き込めなくなる
/bin/chmod +a "user:$USER_NAME deny writeattr" "$STR_FILE_PATH"
/bin/chmod +a "user:$USER_NAME deny writeattr" "$STR_DIR_PATH"

/bin/chmod -a "user:$USER_NAME deny writeattr" "$STR_FILE_PATH"
/bin/chmod -a "user:$USER_NAME deny writeattr" "$STR_DIR_PATH"


### readextattr 拡張属性を読み込めなくなる
/bin/chmod +a "user:$USER_NAME deny readextattr" "$STR_FILE_PATH"
/bin/chmod +a "user:$USER_NAME deny readextattr" "$STR_DIR_PATH"

/bin/chmod -a "user:$USER_NAME deny readextattr" "$STR_FILE_PATH"
/bin/chmod -a "user:$USER_NAME deny readextattr" "$STR_DIR_PATH"

### writeextattr 拡張属性を書き込めなくなる
/bin/chmod +a "user:$USER_NAME deny readextattr" "$STR_FILE_PATH"
/bin/chmod +a "user:$USER_NAME deny readextattr" "$STR_DIR_PATH"

/bin/chmod -a "user:$USER_NAME deny readextattr" "$STR_FILE_PATH"
/bin/chmod -a "user:$USER_NAME deny readextattr" "$STR_DIR_PATH"


### readsecurity ACL セキュリティ属性を読み込めなくなる
## ALC アクセスコントロールリストが設定されていなければエラーになる
/bin/chmod +a "user:$USER_NAME deny readsecurity" "$STR_FILE_PATH"
/bin/chmod +a "user:$USER_NAME deny readsecurity" "$STR_DIR_PATH"

/bin/chmod -a "user:$USER_NAME deny readsecurity" "$STR_FILE_PATH"
/bin/chmod -a "user:$USER_NAME deny readsecurity" "$STR_DIR_PATH"

### writesecurity ACL セキュリティ属性を書き込めなくなる
## ALC アクセスコントロールリストが設定されていなければエラーになる
/bin/chmod +a "user:$USER_NAME deny writesecurity" "$STR_FILE_PATH"
/bin/chmod +a "user:$USER_NAME deny writesecurity" "$STR_DIR_PATH"

/bin/chmod -a "user:$USER_NAME deny writesecurity" "$STR_FILE_PATH"
/bin/chmod -a "user:$USER_NAME deny writesecurity" "$STR_DIR_PATH"

#################################################
###ディレクトリ専用

##list フォルダの中が見れなくなる 中が見えなくなる=ドロップボックス
##Finderでドロップアイコンがつく
/bin/chmod +a "user:$USER_NAME deny list" "$STR_DIR_PATH"
/bin/chmod +a "group:$GROUP_ID deny list" "$STR_DIR_PATH"

/bin/chmod -a "user:$USER_NAME deny list" "$STR_DIR_PATH"
/bin/chmod -a "group:$GROUP_ID deny list" "$STR_DIR_PATH"

##search フォルダの中が見れなくなる 中が見えなくなる=ドロップボックス
##ファイルを入れるのに管理者権限が必要になる=ドロップアイコン無し
/bin/chmod +a "user:$USER_NAME deny search" "$STR_DIR_PATH"
/bin/chmod +a "group:$GROUP_ID deny search" "$STR_DIR_PATH"

/bin/chmod -a "user:$USER_NAME deny search" "$STR_DIR_PATH"
/bin/chmod -a "group:$GROUP_ID deny search" "$STR_DIR_PATH"

##add_file フォルダの中は見える ファイルの追加ができなくなる
##ファイルの追加に 管理者権限が必要 フォルダの追加はできる
##フォルダの移動追加は出来るが コピー追加は出来ない
/bin/chmod +a "user:$USER_NAME deny add_file" "$STR_DIR_PATH"
/bin/chmod +a "group:$GROUP_ID deny add_file" "$STR_DIR_PATH"

/bin/chmod -a "user:$USER_NAME deny add_file" "$STR_DIR_PATH"
/bin/chmod -a "group:$GROUP_ID deny add_file" "$STR_DIR_PATH"

##add_subdirectory フォルダの中は見える フォルダの追加ができなくなる
##フォルダの追加に 管理者権限が必要 ファイルは普通に追加等できる
##ファイルの移動追加は出来るが コピー追加は出来ない
##削除に管理者権限が必要になる
/bin/chmod +a "user:$USER_NAME deny add_subdirectory" "$STR_DIR_PATH"
/bin/chmod +a "group:$GROUP_ID deny add_subdirectory" "$STR_DIR_PATH"

/bin/chmod -a "user:$USER_NAME deny add_subdirectory" "$STR_DIR_PATH"
/bin/chmod -a "group:$GROUP_ID deny add_subdirectory" "$STR_DIR_PATH"

##delete_child ファイル フォルダの追加はできるが 削除変更が出来ない
/bin/chmod +a "user:$USER_NAME deny delete_child" "$STR_DIR_PATH"
/bin/chmod +a "group:$GROUP_ID deny delete_child" "$STR_DIR_PATH"

/bin/chmod -a "user:$USER_NAME deny delete_child" "$STR_DIR_PATH"
/bin/chmod -a "group:$GROUP_ID deny delete_child" "$STR_DIR_PATH"


#################################################
###ファイル専用

## read 読み取り出来なくなる
/bin/chmod +a "user:$USER_NAME deny read" "$STR_FILE_PATH"
/bin/chmod +a "group:$GROUP_ID deny read" "$STR_FILE_PATH"

/bin/chmod -a "user:$USER_NAME deny read" "$STR_FILE_PATH"
/bin/chmod -a "group:$GROUP_ID deny read" "$STR_FILE_PATH"

## write 書き込みできなくなる
/bin/chmod +a "user:$USER_NAME deny write" "$STR_FILE_PATH"
/bin/chmod +a "group:$GROUP_ID deny write" "$STR_FILE_PATH"

/bin/chmod -a "user:$USER_NAME deny write" "$STR_FILE_PATH"
/bin/chmod -a "group:$GROUP_ID deny write" "$STR_FILE_PATH"

## append 追記できなくなる が 書き込みを禁止していない
/bin/chmod +a "user:$USER_NAME deny append" "$STR_FILE_PATH"
/bin/chmod +a "group:$GROUP_ID deny append" "$STR_FILE_PATH"

/bin/chmod -a "user:$USER_NAME deny append" "$STR_FILE_PATH"
/bin/chmod -a "group:$GROUP_ID deny append" "$STR_FILE_PATH"

## execute 対象ファイルがshやcommand等の場合実行できなくなる
/bin/chmod +a "user:$USER_NAME deny execute" "$STR_FILE_PATH"
/bin/chmod +a "group:$GROUP_ID deny execute" "$STR_FILE_PATH"

/bin/chmod -a "user:$USER_NAME deny execute" "$STR_FILE_PATH"
/bin/chmod -a "group:$GROUP_ID deny execute" "$STR_FILE_PATH"


exit 0


|

[chflas]上手に使ってファイルやフォルダの保護


【スクリプトエディタで開く】|

#!/bin/bash
#com.cocolog-nifty.quicktimer.icefloe
#################################################
STR_FILE_PATH="$HOME/Desktop/test.txt"
/usr/bin/touch "$STR_FILE_PATH"

STR_DIR_PATH="$HOME/Desktop/test/"
/bin/mkdir -p "$STR_DIR_PATH"

###アーカイブ済みフラグ archived
/usr/bin/sudo /usr/bin/chflags arch "$STR_FILE_PATH"
/usr/bin/sudo /usr/bin/chflags archived "$STR_DIR_PATH"

/usr/bin/sudo /usr/bin/chflags noarch "$STR_FILE_PATH"
/usr/bin/sudo /usr/bin/chflags noarchived "$STR_DIR_PATH"

###バックアップ等から除外 nodump
/usr/bin/sudo /usr/bin/chflags nodump "$STR_FILE_PATH"
/usr/bin/sudo /usr/bin/chflags nodump "$STR_DIR_PATH"

/usr/bin/sudo /usr/bin/chflags dump "$STR_FILE_PATH"
/usr/bin/sudo /usr/bin/chflags dump "$STR_DIR_PATH"

###不透明ではない=透明=見えない=処理の対象から外れる
/usr/bin/sudo /usr/bin/chflags noopaque "$STR_FILE_PATH"
/usr/bin/sudo /usr/bin/chflags noopaque  "$STR_DIR_PATH"

/usr/bin/sudo /usr/bin/chflags opaque "$STR_FILE_PATH"
/usr/bin/sudo /usr/bin/chflags opaque  "$STR_DIR_PATH"


###上書き禁止 sappend Finder上で鍵マークがつかない
###変更できなくなる ゴミ箱に入れられない
###フォルダの場合:新規フォルダは作れる 変更は出来ない
/usr/bin/sudo /usr/bin/chflags sappnd "$STR_FILE_PATH"
/usr/bin/sudo /usr/bin/chflags sappend "$STR_DIR_PATH"

/usr/bin/sudo /usr/bin/chflags nosappnd "$STR_FILE_PATH"
/usr/bin/sudo /usr/bin/chflags nosappend "$STR_DIR_PATH"

###Finder上で鍵マークはつかない
###ゴミ箱に入れられない
###ファイルの場合追記は可能
###フォルダの場合:ファイルの追加はできるが削除はできない
/usr/bin/sudo /usr/bin/chflags uappnd "$STR_FILE_PATH"
/usr/bin/sudo /usr/bin/chflags uappend "$STR_DIR_PATH"

/usr/bin/sudo /usr/bin/chflags nouappnd "$STR_FILE_PATH"
/usr/bin/sudo /usr/bin/chflags nouappend "$STR_DIR_PATH"

###Finder上で鍵マークがつく
###情報のロックがかかった状態 システムレベル
/usr/bin/sudo /usr/bin/chflags schg "$STR_FILE_PATH"
/usr/bin/sudo /usr/bin/chflags simmutable "$STR_DIR_PATH"

/usr/bin/sudo /usr/bin/chflags noschg "$STR_FILE_PATH"
/usr/bin/sudo /usr/bin/chflags nosimmutable "$STR_DIR_PATH"

###Finder上で鍵マークがつく
###情報のロックがかかった状態 ユーザーレベル
/usr/bin/sudo /usr/bin/chflags uchg "$STR_FILE_PATH"
/usr/bin/sudo /usr/bin/chflags uimmutable "$STR_DIR_PATH"

/usr/bin/sudo /usr/bin/chflags nouchg "$STR_FILE_PATH"
/usr/bin/sudo /usr/bin/chflags nouimmutable "$STR_DIR_PATH"


###Finder上非表示 これだけはユーザー権限で実行できる
###お馴染み非表示フラグ
/usr/bin/chflags hidden "$STR_FILE_PATH"
/usr/bin/chflags hidden "$STR_DIR_PATH"

/usr/bin/chflags nohidden "$STR_FILE_PATH"
/usr/bin/chflags nohidden "$STR_DIR_PATH"
exit 0


|

[do shell script]ファイル・フォルダの所有者オーナーの変更


【スクリプトエディタで開く】|

#!/usr/bin/env osascript
----+----1----+----2----+-----3----+----4----+----5----+----6----+----7
#
(*
指紋認証の利用についてはこちら見てください
/private/etc/pam.d/sudo_local
# sudo_local: local config file which survives system update and is included for sudo
# uncomment following line to enable Touch ID for sudo
#auth sufficient pam_tid.so
この#を取ります
https://quicktimer.cocolog-nifty.com/icefloe/2023/10/post-b3346a.html

*)
#com.cocolog-nifty.quicktimer.icefloe
----+----1----+----2----+-----3----+----4----+----5----+----6----+----7
use AppleScript version "2.8"
use framework "Foundation"
use scripting additions
property refMe : a reference to current application

#####
##MacOS14以降想定のため with administrator privileges は使わない

#### ファイルに対してのアクセス権設定
set strFilePath to ("~/Desktop/OwnerRootFile.txt") as text
set ocidFilePathStr to refMe's NSString's stringWithString:(strFilePath)
set ocidFilePath to ocidFilePathStr's stringByStandardizingPath()
set strFilePath to ocidFilePath as text
###まずはファイル作って
set strCommandText to ("/usr/bin/touch \"" & strFilePath & "\"") as text
set strResponse to (do shell script strCommandText) as text
###アクセス権を700に
set strCommandText to ("/bin/chmod 700 \"" & strFilePath & "\"") as text
set strResponse to (do shell script strCommandText) as text
###オーナーをROOTに
set strCommandText to ("/usr/bin/sudo /usr/sbin/chown root \"" & strFilePath & "\"") as text
set strResponse to (do shell script strCommandText) as text
-->開けない(ROOTユーザー以外は閲覧出来ない)ファイルの出来上がり
###グループも一緒に変更する場合
set strCommandText to ("/usr/bin/sudo /usr/sbin/chown root:wheel \"" & strFilePath & "\"") as text
set strResponse to (do shell script strCommandText) as text



###フォルダに対してのアクセス権設定
set strDirPath to ("~/Desktop/OwnerRootFolder/") as text
set ocidDirPathStr to refMe's NSString's stringWithString:(strDirPath)
set ocidDirPath to ocidDirPathStr's stringByStandardizingPath()
set strDirPath to ocidDirPath as text
###まずはフォルダ作って
set strCommandText to ("/bin/mkdir -p \"" & strDirPath & "\"") as text
set strResponse to (do shell script strCommandText) as text
###アクセス権を700に
set strCommandText to ("/bin/chmod 700 \"" & strDirPath & "\"") as text
set strResponse to (do shell script strCommandText) as text
###オーナーをROOTに
set strCommandText to ("/usr/bin/sudo /usr/sbin/chown root \"" & strDirPath & "\"") as text
set strResponse to (do shell script strCommandText) as text
-->開けない(ROOTユーザー以外は閲覧出来ない)フォルダの出来上がり
###グループも一緒に変更する場合
set strCommandText to ("/usr/bin/sudo /usr/sbin/chown root:wheel \"" & strDirPath & "\"") as text
set strResponse to (do shell script strCommandText) as text


【スクリプトエディタで開く】|

#!/bin/bash
#com.cocolog-nifty.quicktimer.icefloe
#################################################
STR_FILE_APTH="$HOME/Desktop/OwnerRootFile.txt"
###まずはファイル作って
/usr/bin/touch "$STR_FILE_APTH"
###アクセス権を700に
/bin/chmod 700 "$STR_FILE_APTH"
###オーナーをROOTに
/usr/bin/sudo /usr/sbin/chown root "$STR_FILE_APTH"
###グループも一緒に変更する場合
/usr/bin/sudo /usr/sbin/chown root:wheel "$STR_FILE_APTH"
##############
STR_DIR_APTH="$HOME/Desktop/OwnerRootFile"
###まずはフォルダ作って
/bin/mkdir -p  "$STR_DIR_APTH"
###アクセス権を700に
/bin/chmod 700 "$STR_DIR_APTH"
###オーナーをROOTに
/usr/bin/sudo /usr/sbin/chown root "$STR_DIR_APTH"
###グループも一緒に変更する場合
/usr/bin/sudo /usr/sbin/chown root:wheel "$STR_DIR_APTH"

exit 0


|

[NSFilePosixPermissions]ファイル・フォルダのグループ変更


【スクリプトエディタで開く】|

#!/usr/bin/env osascript
----+----1----+----2----+-----3----+----4----+----5----+----6----+----7
#
#com.cocolog-nifty.quicktimer.icefloe
----+----1----+----2----+-----3----+----4----+----5----+----6----+----7
use AppleScript version "2.8"
use framework "Foundation"
use scripting additions
property refMe : a reference to current application


#### ファイルに対してのアクセス権設定
set strFilePath to ("~/Desktop/OwnerRootFile.txt") as text
set ocidFilePathStr to refMe's NSString's stringWithString:(strFilePath)
set ocidFilePath to ocidFilePathStr's stringByStandardizingPath()
set ocidFilePathURL to (refMe's NSURL's alloc()'s initFileURLWithPath:(ocidFilePath) isDirectory:false)

###空のテキスト
set ocidBlankText to refMe's NSString's stringWithString:("")
###ファイルにする
ocidBlankText's writeToURL:(ocidFilePathURL) atomically:(refMe's NSNumber's numberWithBool:true) encoding:(refMe's NSUTF8StringEncoding) |error|:(reference)

##アクセス権を770にする
set appFileManager to refMe's NSFileManager's defaultManager()
set ocidAttrDict to refMe's NSMutableDictionary's alloc()'s initWithCapacity:0
ocidAttrDict's setValue:(504) forKey:(refMe's NSFilePosixPermissions)
set listDone to appFileManager's setAttributes:(ocidAttrDict) ofItemAtPath:(ocidFilePathURL's |path|) |error|:(reference)

###この時点のグループは
set listResponse to appFileManager's attributesOfItemAtPath:(ocidFilePathURL's |path|) |error|:(reference)
set ocidAttarDict to item 1 of listResponse
log (ocidAttarDict's valueForKey:(refMe's NSFileGroupOwnerAccountID)) as text
--> 20
log (ocidAttarDict's valueForKey:(refMe's NSFileGroupOwnerAccountName)) as text
--> staff

###ID 80 NAME adminに変更します
set ocidAttrDict to refMe's NSMutableDictionary's alloc()'s initWithCapacity:0
ocidAttrDict's setValue:(80) forKey:(refMe's NSFileGroupOwnerAccountID)
ocidAttrDict's setValue:("admin") forKey:(refMe's NSFileGroupOwnerAccountName)
set listDone to appFileManager's setAttributes:(ocidAttrDict) ofItemAtPath:(ocidFilePathURL's |path|) |error|:(reference)

###変更後の値
set listResponse to appFileManager's attributesOfItemAtPath:(ocidFilePathURL's |path|) |error|:(reference)
set ocidAttarDict to item 1 of listResponse
log (ocidAttarDict's valueForKey:(refMe's NSFileGroupOwnerAccountID)) as text
--> 80
log (ocidAttarDict's valueForKey:(refMe's NSFileGroupOwnerAccountName)) as text
--> admin

########################
###フォルダに対してのアクセス権設定
set strDirPath to ("~/Desktop/OwnerRootFolder/") as text
set ocidDirPathStr to refMe's NSString's stringWithString:(strDirPath)
set ocidDirPath to ocidDirPathStr's stringByStandardizingPath()
set ocidDirPathURL to (refMe's NSURL's alloc()'s initFileURLWithPath:(ocidDirPath) isDirectory:true)

##アクセス権を770でフォルダを作る
set appFileManager to refMe's NSFileManager's defaultManager()
set ocidAttrDict to refMe's NSMutableDictionary's alloc()'s initWithCapacity:0
ocidAttrDict's setValue:(504) forKey:(refMe's NSFilePosixPermissions)
set listBoolMakeDir to appFileManager's createDirectoryAtURL:(ocidDirPathURL) withIntermediateDirectories:true attributes:(ocidAttrDict) |error|:(reference)


###この時点のグループは
set listResponse to appFileManager's attributesOfItemAtPath:(ocidDirPathURL's |path|) |error|:(reference)
set ocidAttarDict to item 1 of listResponse
log (ocidAttarDict's valueForKey:(refMe's NSFileGroupOwnerAccountID)) as text
--> 20
log (ocidAttarDict's valueForKey:(refMe's NSFileGroupOwnerAccountName)) as text
--> staff

###ID 80 NAME adminに変更します
set ocidAttrDict to refMe's NSMutableDictionary's alloc()'s initWithCapacity:0
ocidAttrDict's setValue:(80) forKey:(refMe's NSFileGroupOwnerAccountID)
ocidAttrDict's setValue:("admin") forKey:(refMe's NSFileGroupOwnerAccountName)
set listDone to appFileManager's setAttributes:(ocidAttrDict) ofItemAtPath:(ocidDirPathURL's |path|) |error|:(reference)

###変更後の値
set listResponse to appFileManager's attributesOfItemAtPath:(ocidDirPathURL's |path|) |error|:(reference)
set ocidAttarDict to item 1 of listResponse
log (ocidAttarDict's valueForKey:(refMe's NSFileGroupOwnerAccountID)) as text
--> 80
log (ocidAttarDict's valueForKey:(refMe's NSFileGroupOwnerAccountName)) as text
--> admin

|

[NSFilePosixPermissions]ファイル・フォルダのグループ変更


【スクリプトエディタで開く】|

#!/usr/bin/env osascript
----+----1----+----2----+-----3----+----4----+----5----+----6----+----7
#
#com.cocolog-nifty.quicktimer.icefloe
----+----1----+----2----+-----3----+----4----+----5----+----6----+----7
use AppleScript version "2.8"
use framework "Foundation"
use scripting additions
property refMe : a reference to current application


#### ファイルに対してのアクセス権設定
set strFilePath to ("~/Desktop/OwnerRootFile.txt") as text
set ocidFilePathStr to refMe's NSString's stringWithString:(strFilePath)
set ocidFilePath to ocidFilePathStr's stringByStandardizingPath()
set ocidFilePathURL to (refMe's NSURL's alloc()'s initFileURLWithPath:(ocidFilePath) isDirectory:false)

###空のテキスト
set ocidBlankText to refMe's NSString's stringWithString:("")
###ファイルにする
ocidBlankText's writeToURL:(ocidFilePathURL) atomically:(refMe's NSNumber's numberWithBool:true) encoding:(refMe's NSUTF8StringEncoding) |error|:(reference)

##アクセス権を770にする
set appFileManager to refMe's NSFileManager's defaultManager()
set ocidAttrDict to refMe's NSMutableDictionary's alloc()'s initWithCapacity:0
ocidAttrDict's setValue:(504) forKey:(refMe's NSFilePosixPermissions)
set listDone to appFileManager's setAttributes:(ocidAttrDict) ofItemAtPath:(ocidFilePathURL's |path|) |error|:(reference)

###この時点のグループは
set listResponse to appFileManager's attributesOfItemAtPath:(ocidFilePathURL's |path|) |error|:(reference)
set ocidAttarDict to item 1 of listResponse
log (ocidAttarDict's valueForKey:(refMe's NSFileGroupOwnerAccountID)) as text
--> 20
log (ocidAttarDict's valueForKey:(refMe's NSFileGroupOwnerAccountName)) as text
--> staff

###ID 80 NAME adminに変更します
set ocidAttrDict to refMe's NSMutableDictionary's alloc()'s initWithCapacity:0
ocidAttrDict's setValue:(80) forKey:(refMe's NSFileGroupOwnerAccountID)
ocidAttrDict's setValue:("admin") forKey:(refMe's NSFileGroupOwnerAccountName)
set listDone to appFileManager's setAttributes:(ocidAttrDict) ofItemAtPath:(ocidFilePathURL's |path|) |error|:(reference)

###変更後の値
set listResponse to appFileManager's attributesOfItemAtPath:(ocidFilePathURL's |path|) |error|:(reference)
set ocidAttarDict to item 1 of listResponse
log (ocidAttarDict's valueForKey:(refMe's NSFileGroupOwnerAccountID)) as text
--> 80
log (ocidAttarDict's valueForKey:(refMe's NSFileGroupOwnerAccountName)) as text
--> admin

########################
###フォルダに対してのアクセス権設定
set strDirPath to ("~/Desktop/OwnerRootFolder/") as text
set ocidDirPathStr to refMe's NSString's stringWithString:(strDirPath)
set ocidDirPath to ocidDirPathStr's stringByStandardizingPath()
set ocidDirPathURL to (refMe's NSURL's alloc()'s initFileURLWithPath:(ocidDirPath) isDirectory:true)

##アクセス権を770でフォルダを作る
set appFileManager to refMe's NSFileManager's defaultManager()
set ocidAttrDict to refMe's NSMutableDictionary's alloc()'s initWithCapacity:0
ocidAttrDict's setValue:(504) forKey:(refMe's NSFilePosixPermissions)
set listBoolMakeDir to appFileManager's createDirectoryAtURL:(ocidDirPathURL) withIntermediateDirectories:true attributes:(ocidAttrDict) |error|:(reference)


###この時点のグループは
set listResponse to appFileManager's attributesOfItemAtPath:(ocidDirPathURL's |path|) |error|:(reference)
set ocidAttarDict to item 1 of listResponse
log (ocidAttarDict's valueForKey:(refMe's NSFileGroupOwnerAccountID)) as text
--> 20
log (ocidAttarDict's valueForKey:(refMe's NSFileGroupOwnerAccountName)) as text
--> staff

###ID 80 NAME adminに変更します
set ocidAttrDict to refMe's NSMutableDictionary's alloc()'s initWithCapacity:0
ocidAttrDict's setValue:(80) forKey:(refMe's NSFileGroupOwnerAccountID)
ocidAttrDict's setValue:("admin") forKey:(refMe's NSFileGroupOwnerAccountName)
set listDone to appFileManager's setAttributes:(ocidAttrDict) ofItemAtPath:(ocidDirPathURL's |path|) |error|:(reference)

###変更後の値
set listResponse to appFileManager's attributesOfItemAtPath:(ocidDirPathURL's |path|) |error|:(reference)
set ocidAttarDict to item 1 of listResponse
log (ocidAttarDict's valueForKey:(refMe's NSFileGroupOwnerAccountID)) as text
--> 80
log (ocidAttarDict's valueForKey:(refMe's NSFileGroupOwnerAccountName)) as text
--> admin

|

[Finder]Permission ファイル フォルダのアクセス権の設定

全てのパターンで設定できるわけでは無いので
可能なら、設定後に確認した方がいい場合もある
設定可能なアクセス権は以下
原則リードオンリーで値は変更出来ない仕様
owner privileges (read only/‌read write/‌write only/‌none)
group privileges (read only/‌read write/‌write only/‌none)
everyones privileges (read only/‌read write/‌write only/‌none)
read write
write only
read only
none


【スクリプトエディタで開く】|

#!/usr/bin/env osascript
----+----1----+----2----+-----3----+----4----+----5----+----6----+----7
#
#com.cocolog-nifty.quicktimer.icefloe
----+----1----+----2----+-----3----+----4----+----5----+----6----+----7
use AppleScript version "2.8"
use framework "Foundation"
use scripting additions
property refMe : a reference to current application


#### ファイルに対してのアクセス権設定
set strFilePath to ("~/Library/Mail/PersistenceInfo.plist") as text
set ocidFilePathStr to refMe's NSString's stringWithString:(strFilePath)
set ocidFilePath to ocidFilePathStr's stringByStandardizingPath()
set aliasFilePath to (POSIX file (ocidFilePath as text)) as alias

tell application "Finder"
  tell file aliasFilePath
    (*
設定可能なアクセス権は以下
原則リードオンリーで値は変更出来ない仕様
owner privileges (read only/‌read write/‌write only/‌none)
group privileges (read only/‌read write/‌write only/‌none)
everyones privileges (read only/‌read write/‌write only/‌none)
read write
write only
read only
none
*)
    set owner privileges to read write
    set group privileges to none
    set everyones privileges to none
  end tell
end tell

###フォルダに対してのアクセス権設定
set strDirPath to ("~/Library/Mail/") as text
set ocidDirPathStr to refMe's NSString's stringWithString:(strDirPath)
set ocidDirPath to ocidDirPathStr's stringByStandardizingPath()
set aliasDirPath to (POSIX file (ocidDirPath as text)) as alias

tell application "Finder"
  tell folder aliasDirPath
    set owner privileges to read write
    set group privileges to none
    set everyones privileges to none
  end tell
end tell



|

パーミンション番号8進数→10進数変換


【スクリプトエディタで開く】|

#!/usr/bin/env osascript
----+----1----+----2----+-----3----+----4----+----5----+----6----+----7
#
#com.cocolog-nifty.quicktimer.icefloe
----+----1----+----2----+-----3----+----4----+----5----+----6----+----7
##自分環境がos12なので2.8にしているだけです
use AppleScript version "2.8"
use framework "Foundation"
use framework "AppKit"
use scripting additions

property refMe : a reference to current application


##############################
###ダイアログを前面に
##############################
tell current application
  set strName to name as text
end tell
####スクリプトメニューから実行したら
if strName is "osascript" then
  tell application "Finder" to activate
else
  tell current application to activate
end if
###アイコン
set aliasIconPath to POSIX file "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/FinderIcon.icns" as alias
###デフォルト値
set strDefaultAnswer to "755" as text
###メッセージ
set strText to "777-->511\n775-->509\n770-->504\n755-->493\n750-->488\n700-->448\n555-->365\n333-->219"
###ダイアログ
try
  set recordResponse to (display dialog strText with title "3桁8進数を入力" default answer strDefaultAnswer buttons {"OK", "キャンセル"} default button "OK" cancel button "キャンセル" with icon aliasIconPath giving up after 20 without hidden answer)
on error
  log "エラーしました"
return "エラーしました"
  error number -128
end try
if true is equal to (gave up of recordResponse) then
return "時間切れですやりなおしてください"
  error number -128
end if
if "OK" is equal to (button returned of recordResponse) then
  set strResponse to (text returned of recordResponse) as text
else
  log "エラーしました"
return "エラーしました"
  error number -128
end if

###テキストに
set ocidResponseText to (refMe's NSString's stringWithString:(strResponse))
####戻り値を半角にする
set ocidNSStringTransform to (refMe's NSStringTransformFullwidthToHalfwidth)
set ocidResponseHalfwidth to (ocidResponseText's stringByApplyingTransform:ocidNSStringTransform |reverse|:false)
###数字以外の値を取る
set ocidDecSet to refMe's NSCharacterSet's decimalDigitCharacterSet
set ocidCharSet to ocidDecSet's invertedSet()
set ocidCharArray to ocidResponseHalfwidth's componentsSeparatedByCharactersInSet:ocidCharSet
set ocidInteger to ocidCharArray's componentsJoinedByString:""
set intResponse to ocidInteger as integer

###本処理
set strDem to doOct2Dem(intResponse)

##############################
###ダイアログを前面に
##############################
tell current application
  set strName to name as text
end tell
####スクリプトメニューから実行したら
if strName is "osascript" then
  tell application "Finder" to activate
else
  tell current application to activate
end if
###ダイアログに戻す
set strMes to "計算結果です\r\r(current application)'s NSNumber's numberWithInteger:(" & strDem & ") \n"
try
  set recordResult to (display dialog strMes with title strMes default answer strDem buttons {"クリップボードにコピー", "キャンセル", "OK"} default button "OK" cancel button "キャンセル" giving up after 20 with icon aliasIconPath without hidden answer) as record
on error
  log "エラーしました"
return
end try
if (gave up of recordResult) is true then
return "時間切れです"
end if
if button returned of recordResult is "クリップボードにコピー" then
  set strText to text returned of recordResult as text
  ####ペーストボード宣言
  set appPasteboard to refMe's NSPasteboard's generalPasteboard()
  set ocidText to (refMe's NSString's stringWithString:(strText))
appPasteboard's clearContents()
appPasteboard's setString:(ocidText) forType:(refMe's NSPasteboardTypeString)
end if
###################################
#####パーミッション 8進→10進
###################################

to doOct2Dem(argOctNo)
  set strOctalText to argOctNo as text
  set num3Line to first item of strOctalText as number
  set num2Line to 2nd item of strOctalText as number
  set num1Line to last item of strOctalText as number
  set numDecimal to (num3Line * 64) + (num2Line * 8) + (num1Line * 1)
return numDecimal
end doOct2Dem



|

[Man] chmod manページ ACL部分


ACL MANIPULATION OPTIONS
ACLs are manipulated using extensions to the symbolic mode grammar.  Each file has one ACL, containing an ordered
list of entries.  Each entry refers to a user or group, and grants or denies a set of permissions.  In cases where
a user and a group exist with the same name, the user/group name can be prefixed with "user:" or "group:" in order
to specify the type of name.

If the user or group name contains spaces you can use ':' as the delimiter between name and permission.

The following permissions are applicable to all filesystem objects:
delete  Delete the item.  Deletion may be granted by either this permission on an object or the delete_child
right on the containing directory.
readattr
Read an object's basic attributes. This is implicitly granted if the object can be looked up and
not explicitly denied.
writeattr
Write an object's basic attributes.
readextattr
Read extended attributes.
writeextattr
Write extended attributes.
readsecurity
Read an object's extended security information (ACL).
writesecurity
Write an object's security information (ownership, mode, ACL).
chown Change an object's ownership.

The following permissions are applicable to directories:
list List entries.
search Look up files by name.
add_file
Add a file.
add_subdirectory
Add a subdirectory.
delete_child
Delete a contained object. See the file delete permission above
The following permissions are applicable to non-directory filesystem objects:
read Open for reading.
write Open for writing.
append Open for writing, but in a fashion that only allows writes into areas of the file not previously
written.
execute
Execute the file as a script or program.

ACL inheritance is controlled with the following permissions words, which may only be applied to directories:
file_inherit
Inherit to files.
directory_inherit
Inherit to directories.
limit_inherit
This flag is only relevant to entries inherited by subdirectories; it causes the directory_inherit
flag to be cleared in the entry that is inherited, preventing further nested subdirectories from
also inheriting the entry.
only_inherit
The entry is inherited by created items but not considered when processing the ACL.

The ACL manipulation options are as follows:

+a The +a mode parses a new ACL entry from the next argument on the commandline and inserts it into the
canonical location in the ACL. If the supplied entry refers to an identity already listed, the two entries
are combined.
+a# When a specific ordering is required, the exact location at which an entry will be inserted is specified
with the +a# mode.

-a The -a mode is used to delete ACL entries. All entries exactly matching the supplied entry will be
deleted. If the entry lists a subset of rights granted by an entry, only the rights listed are removed.
Entries may also be deleted by index using the -a# mode.
=a# Individual entries are rewritten using the =a# mode.

-E Reads the ACL information from stdin, as a sequential list of ACEs, separated by newlines. If the
information parses correctly, the existing information is replaced.

-C Returns false if any of the named files have ACLs in non-canonical order.

-i Removes the 'inherited' bit from all entries in the named file(s) ACLs.

-I Removes all inherited entries from the named file(s) ACL(s).

-N Removes the ACL from the named file(s).

https://developer.apple.com/library/archive/documentation/FileManagement/Conceptual/FileSystemProgrammingGuide/FileSystemDetails/FileSystemDetails.html
Table B-2  File permission bits using ACLs

Bit

File

Directory

read

Open file for read

List directory contents

write

Open file for write

Add a file entry to the directory

execute

Execute file

Search through the directory (to access files or directories within it)

delete

Delete file

Delete directory

append

Append to file

Add subdirectory to directory

delete child

Remove a file or subdirectory entry from the directory

read attributes

Read basic attributes

Read basic attributes

write attributes

Write basic attributes

Write basic attributes

read extended

Read extended (named) attributes

Read extended (named) attributes

write extended

Write extended (named) attributes

Write extended (named) attributes

read permissions

Read file permissions (ACL)

Read directory permissions (ACL)

write permissions

Write file permissions (ACL)

Write directory permissions (ACL)

take ownership

Take ownership

Take ownership

|

その他のカテゴリー

Acrobat Acrobat Annotation Acrobat Dialog Acrobat Form Acrobat JS Acrobat Open Acrobat Plugin Acrobat python Acrobat Reader Acrobat Sequ Acrobat Stamps Admin Admin Account Admin Apachectl Admin configCode Admin Device Management Admin LaunchServices Admin Locationd Admin loginitem Admin Maintenance Admin Permission Admin Pkg Admin Power Management Admin Printer Admin SetUp Admin SMB Admin System Information Admin Tools Admin Users Admin Volumes Adobe Apple AppleScript AppleScript Guide AppleScript Accessibility AppleScript AppKit AppleScript Applications AppleScript AppStore AppleScript Archive AppleScript Attributes AppleScript Automator AppleScript AVAsset AppleScript AVconvert AppleScript AVFoundation AppleScript AVURLAsset AppleScript BackUp AppleScript Barcode AppleScript Bash AppleScript Basic AppleScript Basic Path AppleScript Bluetooth AppleScript BOX AppleScript Browser AppleScript Calendar AppleScript CD/DVD AppleScript Choose AppleScript Chrome AppleScript CIImage AppleScript CloudStorage AppleScript Color AppleScript com.apple.LaunchServices.OpenWith AppleScript Console AppleScript Contacts AppleScript CotEditor AppleScript CURL AppleScript current application AppleScript Date&Time AppleScript delimiters AppleScript Desktop AppleScript Device AppleScript Disk AppleScript do shell script AppleScript Dock AppleScript DropBox AppleScript eMail AppleScript Encode Decode AppleScript Error AppleScript EXIFData AppleScript ffmpeg AppleScript File AppleScript Finder AppleScript Firefox AppleScript Folder AppleScript Fonts AppleScript GIF AppleScript HTML AppleScript Icon AppleScript Illustrator AppleScript Image Events AppleScript Image2PDF AppleScript ImageOptim Applescript iWork AppleScript Javascript AppleScript Jedit AppleScript Json AppleScript Label AppleScript List AppleScript locationd AppleScript LRC AppleScript LSSharedFileList AppleScript m3u8 AppleScript MakePDF AppleScript Map AppleScript Math AppleScript Microsoft AppleScript Microsoft Edge AppleScript Microsoft Excel AppleScript Mobileconfig AppleScript Mouse AppleScript Movie AppleScript Music AppleScript NetWork AppleScript Notes AppleScript NSArray AppleScript NSBitmapImageRep AppleScript NSBundle AppleScript NSCFBoolean AppleScript NSCharacterSet AppleScript NSColor AppleScript NSColorList AppleScript NSData AppleScript NSDictionary AppleScript NSError AppleScript NSEvent AppleScript NSFileAttributes AppleScript NSFileManager AppleScript NSFont AppleScript NSFontManager AppleScript NSImage AppleScript NSIndex AppleScript NSKeyedArchiver AppleScript NSKeyedUnarchiver AppleScript NSLocale AppleScript NSMutableArray AppleScript NSMutableDictionary AppleScript NSMutableString AppleScript NSNotFound AppleScript NSNumber AppleScript NSOpenPanel AppleScript NSPasteboard AppleScript NSPDFImageRep AppleScript NSpoint AppleScript NSPredicate AppleScript NSRange AppleScript NSRegularExpression AppleScript NSRunningApplication AppleScript NSScreen AppleScript NSSize AppleScript NSString AppleScript NSStringCompareOptions AppleScript NSTask AppleScript NSTimeZone AppleScript NSURL AppleScript NSURL File AppleScript NSURLBookmark AppleScript NSURLComponents AppleScript NSURLResourceKey AppleScript NSUserDefaults AppleScript NSUUID AppleScript NSView AppleScript NSWorkspace AppleScript Numbers AppleScript OAuth AppleScript ObjC AppleScript OneDrive AppleScript Osax AppleScript PDF AppleScript PDFAnnotationWidget AppleScript PDFContext AppleScript PDFDisplayBox AppleScript PDFDocumentPermissions AppleScript PDFKit AppleScript PDFnUP AppleScript PDFOutline AppleScript Photos AppleScript Photoshop AppleScript Plist System Events AppleScript PostScript AppleScript prefPane AppleScript Preview AppleScript Python AppleScript QR AppleScript QR Decode AppleScript QuickLook AppleScript QuickTime AppleScript record AppleScript Regular Expression AppleScript Reminders AppleScript ReName AppleScript Repeat AppleScript RTF AppleScript Safari AppleScript SaveFile AppleScript ScreenCapture AppleScript ScreenSaver AppleScript Script Editor AppleScript Script Menu AppleScript Shortcuts AppleScript Shortcuts Events AppleScript Sort AppleScript Sound AppleScript Spotlight AppleScript SRT AppleScript StandardAdditions AppleScript stringByApplyingTransform AppleScript System Events AppleScript System Settings AppleScript TemporaryItems AppleScript Terminal AppleScript Text AppleScript Text CSV AppleScript Text TSV AppleScript TextEdit AppleScript Translate AppleScript Trash AppleScript Twitter AppleScript UI AppleScript Unit Conversion AppleScript UTType AppleScript valueForKeyPath AppleScript Video AppleScript VisionKit AppleScript Visual Studio Code AppleScript webarchive AppleScript webp AppleScript Wifi AppleScript XML AppleScript XML EPUB AppleScript XML OPML AppleScript XML Plist AppleScript XML RSS AppleScript XML SVG AppleScript XML TTML AppleScript XML webloc AppleScript YouTube AppleScript Zero Suppress Applications Barcode OnLine Tools CityCode Design iPhone List Logs lsappinfo Memo Music perl PlistBuddy pluginkit postalcode ReadMe SF Symbols character id SF Symbols Entity sips Skype Slack sqlite TCC Tools Typography Video Wacom zoom