osx-acl 1.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 125c0e75690ae256728513e5372e43e98b51fc20
+  data.tar.gz: 853389a6f082a954d68e17f748f31b736b1652f5
+SHA512:
+  metadata.gz: 95bb8e5dcb64bdc878f842112685d09ed66734b8bccce8a0738d9e0bb16e037c97f2171c488dfcfb33a7856f036dbcf13cb5d58e0ef6fa9c19595f13d7c2b9b9
+  data.tar.gz: 585d3768458692b8c54637fa3e116b63807f773bf778fd870ec5b18387b74540c19ab19b848a92a8d3f41256b4abf18253d356d1f87aedaf534cbc5c934e8972

data/.gitignore

@@ -0,0 +1,15 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+*.bundle
+*.so
+*.o
+*.a
+mkmf.log
+*.pkg

data/.rspec

@@ -0,0 +1,2 @@
+--format documentation
+--color

data/.travis.yml

@@ -0,0 +1,3 @@
+language: ruby
+rvm:
+  - 2.0.0

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in osx-acl.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2014 Kyle Crawford
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,78 @@
+# osx-acl
+
+Tool and Ruby Library for managing ACLs on OS X
+
+The acl_tool can be used to report on and remove orphaned or user-level entries.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'osx-acl'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install osx-acl
+
+## Building
+
+`
+rake build
+fpm -s gem -t osxpkg --osxpkg-identifier-prefix org.rubygems.kcrawford
+pkg/osx-acl-1.x.gem`
+
+## Usage
+
+From the acl_tool
+
+```
+Usage: /usr/bin/acl_tool [OPTIONS] path
+
+Options
+        --dry-run                    outputs what would be done without modifying ACLs
+        --exclude x,y,z              users to exclude from --remove-user-entries
+        --remove-orphans             removes orphaned acl entries
+        --remove-user-entries        removes user acl entries
+        --report                     report existing ACLs
+        --version                    outputs version information for this tool
+        --help                       outputs help information for this tool
+```
+
+From ruby
+```
+>> require 'acl'
+=> true
+>> acl = OSX::ACL.of("tmp")
+=> #<OSX::ACL:0x007f92eaabc578 @path="tmp">
+>> acl.entries
+=> [#<OSX::ACL::Entry:0x007f92eaaf7510 @components=["user", "FFFFEEEE-DDDD-CCCC-BBBB-AAAA00000046", "_www", "70", "allow", "read"]>]
+>> ace = acl.entries.first
+=> #<OSX::ACL::Entry:0x007f92eaaf7510 @components=["user", "FFFFEEEE-DDDD-CCCC-BBBB-AAAA00000046", "_www", "70", "allow", "read"]>
+>> ace.assignment
+=> #<OSX::ACL::Assignment:0x007f92ea2a0060 @type="user", @uuid="FFFFEEEE-DDDD-CCCC-BBBB-AAAA00000046", @name="_www", @id="70">
+>> ace.assignment.type
+=> "user"
+>> ace.assignment.name
+=> "_www"
+>> ace.rules
+=> ["allow"]
+>> ace.permissions
+=> ["read"]
+>> acl.remove_entry_at_index(0)
+chmod -a# 0 tmp # user:FFFFEEEE-DDDD-CCCC-BBBB-AAAA00000046:_www:70:allow:read
+=> true
+```
+
+## Contributing
+
+1. Fork it ( https://github.com/[my-github-username]/osx-acl/fork )
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create a new Pull Request

data/Rakefile

@@ -0,0 +1,7 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec
+

data/bin/acl_tool

@@ -0,0 +1,145 @@
+#!/usr/bin/env ruby
+
+require 'optparse'
+require 'acl'
+require 'set'
+
+def process_recursive(entry, &block)
+  yield(entry)
+  process_directory(entry) {|next_entry| process_recursive(next_entry,&block) } if File.directory?(entry)
+end
+
+def process_directory(entry)
+  Dir.entries(entry).each do |sub_entry|
+    next if [".",".."].include?(sub_entry)
+    yield(File.join(entry, sub_entry))
+  end
+end
+
+def main
+  options = {:exclude => []}
+
+  opt_parser = OptionParser.new do |opt|
+    opt.banner = "Usage: #{$0} [OPTIONS] path"
+
+    opt.separator ""
+    opt.separator "Options"
+
+    opt.on("--dry-run", "outputs what would be done without modifying ACLs") do
+      ENV['OSX_ACL_NOOP'] = "yes"
+    end
+
+    opt.on("--exclude x,y,z", Array, "users to exclude from --remove-user-entries") do |exclusions|
+      options[:exclude] = exclusions.map(&:downcase)
+    end
+
+    opt.on("--remove-orphans", "removes orphaned acl entries") do
+      options[:action] = "remove_orphans"
+    end
+
+    opt.on("--remove-user-entries", "removes user acl entries") do
+      options[:action] = "remove_user_entries"
+    end
+
+    opt.on("--report", "report existing ACLs") do
+      options[:action] = "report"
+    end
+
+    opt.on("--version", "outputs version information for this tool") do 
+      options[:action] = "version"
+    end
+
+    opt.on("--help", "outputs help information for this tool") do 
+      options[:action] = "help"
+    end
+
+  end
+
+  opt_parser.parse!
+
+  if ARGV[0] && !File.exist?(ARGV[0])
+    puts opt_parser
+    exit 0
+  end
+  case options[:action]
+  when "version"
+    puts OSX::ACL::VERSION
+  when "help"
+    puts opt_parser
+  when "remove_orphans"
+    process_recursive(ARGV[0]) do |entry|
+      number_of_aces_removed = OSX::ACL.of(entry).remove_orphans!
+      if number_of_aces_removed > 0
+        puts "-#{number_of_aces_removed}: #{File.absolute_path(entry)}"
+      end
+    end
+  when "remove_user_entries"
+    process_recursive(ARGV[0]) do |entry|
+      begin
+        OSX::ACL.of(entry).entries.remove_if do |ace|
+          assignment = ace.assignment
+          assignment.type == "user" && !options[:exclude].include?(assignment.name.downcase)
+        end
+      rescue
+        $stderr.puts "### Failed to remove ace for #{entry}"
+      end
+    end
+  when "report"
+    path_count = 0
+    ace_count = 0
+    orphan_count = 0
+    explicit_paths = Set.new
+    user_acl_paths = Set.new
+    no_acl_paths = Set.new
+    process_recursive(ARGV[0]) do |path|
+      path_count += 1
+      acl = OSX::ACL.of(path)
+      entries = acl.entries
+      ace_count += entries.length
+      orphan_count += acl.orphans.length
+      if acl.entries.empty?
+        no_acl_paths << path
+      else
+        entries.each do |entry|
+          if entry.assignment.type == 'user'
+            user_acl_paths << path
+          end
+          if !entry.inherited?
+            explicit_paths << path
+          end
+        end
+      end
+
+    end
+    # It should output stats:
+    #   total files
+    #   total aces
+    #   total orphans
+    #   total explicit
+    #   total without acl
+    #   list of explicit
+    #   list of paths without an acl
+
+    output = %{
+Total paths: #{path_count}
+Total aces: #{ace_count}
+Total orphans: #{orphan_count}
+Total explicit: #{explicit_paths.length}
+Total without acl: #{no_acl_paths.length}
+Total with user level: #{user_acl_paths.length}
+List of explicit:
+#{explicit_paths.to_a.join("\n")}
+List of paths without an acl:
+#{no_acl_paths.to_a.join("\n")}
+List of user aces:
+#{user_acl_paths.to_a.join("\n")}
+}
+    puts output
+
+  else
+    puts opt_parser
+  end
+end
+
+main()
+

data/lib/acl/assignment.rb

@@ -0,0 +1,16 @@
+module OSX
+  class ACL
+    class Assignment
+      attr_accessor :type, :uuid, :name, :id
+
+      def initialize(components)
+        @type, @uuid, @name, @id = components
+      end
+
+      def orphan?
+        name.to_s == ""
+      end
+
+    end
+  end
+end

data/lib/acl/entry.rb

@@ -0,0 +1,53 @@
+require 'acl/assignment'
+module OSX
+  class ACL
+    class Entry
+      include Comparable
+      attr_accessor :components
+
+      def self.from_text(text)
+        new.tap {|entry| entry.components = text.split(":") }
+      end
+
+      def <=>(other)
+        components <=> other.components
+      end
+
+      def to_s
+        components.join(":")
+      end
+
+      def inherited=(should_inherit)
+        if should_inherit && !inherited?
+          rules << "inherited"
+        elsif inherited? && !should_inherit
+          rules.delete("inherited")
+        end
+      end
+
+      def inherited?
+        rules.include? "inherited"
+      end
+
+      def orphaned?
+        assignment.orphan?
+      end
+
+      def assignment
+        ACL::Assignment.new(assignment_components)
+      end
+
+      def assignment_components
+        components[0..-3]
+      end
+
+      def permissions
+        components.last.split(",")
+      end
+
+      def rules
+        components[-2].split(",")
+      end
+    end
+  end
+end

data/lib/acl/version.rb

@@ -0,0 +1,5 @@
+module OSX
+  class ACL
+    VERSION = "1.0.1"
+  end
+end

data/lib/acl.rb

@@ -0,0 +1,137 @@
+require "acl/version"
+require "acl/entry"
+require 'open3'
+require 'delegate'
+require 'shellwords'
+
+module OSX
+
+  require 'ffi'
+  module API
+    extend FFI::Library
+    ffi_lib FFI::Library::LIBC
+    attach_function :acl_get_fd, [:int], :pointer
+    attach_function :acl_to_text, [:pointer, :pointer], :pointer
+    attach_function :acl_valid, [:pointer], :int
+    attach_function :acl_free, [:pointer], :int
+  end
+
+  class ACL
+
+    attr_accessor :path, :entries
+
+    def self.of(path)
+      new.tap {|acl| acl.path = path }
+    end
+
+    def entries
+      @entries ||= make_entries
+    end
+
+    def make_entries
+      Entries.new(self, entry_lines.map {|line| ACL::Entry.from_text(line) })
+    end
+
+    class Entries < SimpleDelegator
+      attr_reader :acl
+      def initialize(acl, entries)
+        @acl = acl
+        super(entries)
+      end
+      def as_inherited
+        map {|entry| entry.inherited = true }
+      end
+
+      def remove_if
+        removal_count = 0
+        # we reverse the order of the entries so we can remove entries without affecting the index of other entries
+        reverse.each_with_index do |entry,index|
+          if yield(entry)
+            # since entries are reversed, we calculate the actual index
+            actual_index = (length - 1) - index
+            if acl.remove_entry_at_index(actual_index)
+              removal_count += 1
+            else
+              raise "Failed to remove #{entry} from #{acl.path}"
+            end
+          end
+        end
+        removal_count
+      end
+    end
+
+    def entry_lines
+      file_descriptor, acl_text_ptr, acl_ptr = nil
+      begin
+        file_descriptor = File.open(path, "r")
+      rescue Errno::ELOOP
+        return []
+      rescue Errno::EOPNOTSUPP
+        return []
+      rescue Errno::ENOENT
+        return []
+      end
+      acl_ptr = api.acl_get_fd(file_descriptor.fileno)
+      acl_text_ptr = api.acl_to_text(acl_ptr, nil)
+      return [] if acl_text_ptr.null?
+      ace_lines = acl_text_ptr.read_string.split("\n")[1..-1]
+      ace_lines
+    ensure
+      api.acl_free(acl_text_ptr)
+      api.acl_free(acl_ptr)
+      file_descriptor.close if file_descriptor
+    end
+
+    def remove_orphans!
+      entries.remove_if {|entry| entry.orphaned? }
+    end
+
+    def orphans
+      entries.select {|e| e.orphaned? }
+    end
+
+    def file_flags
+      flags = ""
+      Open3.popen3("stat", "-f", "%f", path) do |stdin,stdout,stderr,thread|
+        flags = stdout.read
+      end
+      flags.to_i.to_s(8)
+    end
+
+    # Wraps a file action
+    #   first removes file flags that would cause the action to fail
+    #   then yields to the block to perform the action
+    #   then restores the flags
+    def preserving_flags
+      original_file_flags = file_flags
+      if original_file_flags == "0"
+        yield
+      else
+        begin
+          system("chflags", "0", path)
+          yield
+        ensure
+          system("chflags", original_file_flags, path)
+        end
+      end
+    end
+
+    def remove_entry_at_index(index)
+      args = ["chmod", "-a#", index.to_s, path]
+      puts "#{args[0]} #{args[1]} #{args[2]} #{Shellwords.escape(args[3])} # #{entries[index].to_s}"
+      if ENV['OSX_ACL_NOOP'] == "yes"
+        true
+      else
+        preserving_flags do
+          system(*args)
+        end
+      end
+    end
+
+    def api
+      API
+    end
+
+  end
+
+end

data/osx-acl.gemspec

@@ -0,0 +1,27 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'acl/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "osx-acl"
+  spec.version       = OSX::ACL::VERSION
+  spec.authors       = ["Kyle Crawford"]
+  spec.email         = ["kcrwfrd@gmail.com"]
+  spec.summary       = %q{OS X ACL reading and manipulation}
+  spec.description   = %q{OS X ACL reading and munipluation using ffi and C acl API}
+  spec.homepage      = ""
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files -z`.split("\x0")
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency "ffi"
+
+  spec.add_development_dependency "bundler", "~> 1.7"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "rspec"
+  spec.add_development_dependency "pry"
+end

data/spec/acl/assignment_spec.rb

@@ -0,0 +1,43 @@
+require 'spec_helper.rb'
+
+include OSX
+require 'acl/assignment'
+
+def sample_assignment
+  ACL::Assignment.new(["group", "ABCDEFAB-CDEF-ABCD-EFAB-CDEF00000046", "_www", "70"])
+end
+
+describe ACL::Assignment do
+  describe '.new' do
+    it "instantiates with array of string components" do
+      sample_assignment
+    end
+  end
+
+  it "has a type" do
+    expect(sample_assignment.type).to eq("group")
+  end
+
+  it "has a uuid" do
+    expect(sample_assignment.uuid).to eq("ABCDEFAB-CDEF-ABCD-EFAB-CDEF00000046")
+  end
+
+  it "has a name" do
+    expect(sample_assignment.name).to eq("_www")
+  end
+
+  it "has an id" do
+    expect(sample_assignment.id).to eq("70")
+  end
+
+  describe "#orphan?" do
+    it "is true when name is blank" do
+      orphaned_assignment = sample_assignment
+      orphaned_assignment.name = ""
+      expect(orphaned_assignment.orphan?).to eq(true)
+    end
+    it "is false when name is not blank" do
+      expect(sample_assignment.orphan?).to eq(false)
+    end
+  end
+end

data/spec/acl/entry_spec.rb

@@ -0,0 +1,28 @@
+require 'spec_helper.rb'
+
+include OSX
+require 'acl/entry'
+
+def valid_acl
+  ACL::Entry.from_text("group:ABCDEFAB-CDEF-ABCD-EFAB-CDEF00000046:_www:70:allow,inherited:read,write")
+end
+
+describe ACL::Entry do
+  describe '.from_text' do
+    it "instantiates with text" do
+      expect(ACL::Entry.from_text("doh")).to be_kind_of(ACL::Entry)
+    end
+  end
+
+  it "has an assignment" do
+    expect(valid_acl).to respond_to(:assignment)
+  end
+
+  it "has rules" do
+    expect(valid_acl.rules).to eq(["allow", "inherited"])
+  end
+
+  it "has permissions" do
+    expect(valid_acl.permissions).to eq(["read","write"])
+  end
+end

data/spec/acl_spec.rb

@@ -0,0 +1,126 @@
+require 'spec_helper'
+
+include OSX
+DIR_WITH_VALID_ACES = 'tmp/dir_with_two_aces'
+DIR_WITH_ORPHAN_ACES = 'tmp/dir_with_orphan_aces'
+LOCKED_DIR_WITH_ORPHANS = '/tmp/locked_dir_with_orphans'
+
+def make_dir_with_two_aces
+  puts "creating dir with two aces..."
+  system(
+    "
+      rm -Rf 'tmp/dir_with_two_aces';
+      mkdir -p 'tmp/dir_with_two_aces';
+      chmod +a 'group:staff allow read' 'tmp/dir_with_two_aces';
+      chmod +a 'group:_www allow read' 'tmp/dir_with_two_aces';
+    "
+  )
+end
+
+def make_locked_dir_with_orphans
+  create_acl_with_orphans
+  puts "creating locked dir with orphans..."
+  system(
+    "
+      chflags -R 0 '#{LOCKED_DIR_WITH_ORPHANS}';
+      rm -Rf '#{LOCKED_DIR_WITH_ORPHANS}';
+      mv '#{DIR_WITH_ORPHAN_ACES}' '#{LOCKED_DIR_WITH_ORPHANS}';
+      chflags uchg '#{LOCKED_DIR_WITH_ORPHANS}';
+    "
+  )
+end
+
+def create_acl_with_orphans
+  make_dir_with_two_aces
+  puts "creating invalid aces..."
+  system(
+    "
+      rm -Rf '#{DIR_WITH_ORPHAN_ACES}';
+      mv 'tmp/dir_with_two_aces' 'tmp/dir_with_orphan_aces';
+      sudo dscl . -create /Users/_acl_orphan_user;
+      sudo dscl . -create /Users/_acl_orphan_user PrimaryGroupID 20;
+      sudo dscl . -create /Users/_acl_orphan_user UserShell /bin/false;
+      sudo dscl . -create /Users/_acl_orphan_user NFSHomeDirectory /dev/null;
+      sudo dscl . -create /Users/_acl_orphan_user RealName acl_orphan_user;
+      sudo dscl . -create /Users/_acl_orphan_user UniqueID 1020;
+      chmod +a 'user:_acl_orphan_user allow read' 'tmp/dir_with_orphan_aces';
+      chmod +a# 3 'user:_acl_orphan_user deny write' 'tmp/dir_with_orphan_aces';
+      sudo dscl . -delete /Users/_acl_orphan_user;
+    "
+  )
+end
+
+describe ACL do
+  it 'has a version number' do
+    expect(ACL::VERSION).not_to be nil
+  end
+
+  it 'can be intantiated from a path' do
+    expect(ACL.of("/")).to be_kind_of(ACL)
+    expect(ACL.of("/tmp").path).to eq("/tmp")
+  end
+
+  it "can read lines of acl entries" do
+    expect(ACL.of("/").entry_lines).to respond_to(:each)
+    make_dir_with_two_aces
+    expect(ACL.of("tmp/dir_with_two_aces").entry_lines.length).to eq(2)
+    expect(ACL.of("tmp/dir_with_two_aces").entry_lines.first).to eq("group:ABCDEFAB-CDEF-ABCD-EFAB-CDEF00000046:_www:70:allow:read")
+    expect(ACL.of("tmp/dir_with_two_aces").entry_lines.last).to eq("group:ABCDEFAB-CDEF-ABCD-EFAB-CDEF00000014:staff:20:allow:read")
+  end
+
+  describe "its entries" do
+    it 'is an array' do
+      expect(ACL.of("/").entries).to respond_to(:each)
+    end
+
+    it 'returns entry instances' do
+      make_dir_with_two_aces
+      entries = ACL.of("tmp/dir_with_two_aces").entries
+      expect(entries.length).to eq(2)
+      expect(entries.first).to be_kind_of(ACL::Entry)
+    end
+
+    it "handles symlinks" do
+      # create a symlink that points nowhere so File.open fails
+      system("ln", "-sf", "/tmp/.would_not_exist_ever_ever", "tmp/symlink")
+      expect(ACL.of("tmp/symlink").entries.length).to eq(0)
+    end
+  end
+
+  describe "#remove_orphans!" do
+    it "returns number of orphans removed" do
+      create_acl_with_orphans
+      expect(ACL.of(DIR_WITH_ORPHAN_ACES).remove_orphans!).to eq(2)
+      make_dir_with_two_aces
+      expect(ACL.of(DIR_WITH_VALID_ACES).remove_orphans!).to eq(0)
+    end
+    it "only removes orphans" do
+      create_acl_with_orphans
+      ACL.of(DIR_WITH_ORPHAN_ACES).remove_orphans!
+      expect(ACL.of(DIR_WITH_ORPHAN_ACES).entries.length).to eq(2)
+      expect(ACL.of(DIR_WITH_ORPHAN_ACES).orphans.length).to eq(0)
+    end
+    it "preserves the order of remaining aces" do
+      create_acl_with_orphans
+      ACL.of(DIR_WITH_ORPHAN_ACES).remove_orphans!
+      expect(ACL.of(DIR_WITH_ORPHAN_ACES).entries.first.assignment.name).to eq("_www")
+      expect(ACL.of(DIR_WITH_ORPHAN_ACES).entries.last.assignment.name).to eq("staff")
+    end
+    it "does nothing if environment variable is set to NOOP" do
+      create_acl_with_orphans
+      ENV['OSX_ACL_NOOP'] = 'yes'
+      acl_with_orphans = ACL.of(DIR_WITH_ORPHAN_ACES)
+      acl_with_orphans.remove_orphans!
+      expect(acl_with_orphans.remove_orphans!).to eq(2)
+      ENV['OSX_ACL_NOOP'] = nil
+    end
+    it "handles locked files" do
+      make_locked_dir_with_orphans
+      expect(`stat -f %f #{LOCKED_DIR_WITH_ORPHANS}`.chomp).to eq("2")
+      acl = ACL.of(LOCKED_DIR_WITH_ORPHANS)
+      expect(acl.remove_orphans!).to eq(2)
+      expect(`stat -f %f #{LOCKED_DIR_WITH_ORPHANS}`.chomp).to eq("2")
+    end
+  end
+end
+

data/spec/spec_helper.rb

@@ -0,0 +1,2 @@
+$LOAD_PATH.unshift File.expand_path('../../lib', __FILE__)
+require 'acl'

metadata

@@ -0,0 +1,136 @@
+--- !ruby/object:Gem::Specification
+name: osx-acl
+version: !ruby/object:Gem::Version
+  version: 1.0.1
+platform: ruby
+authors:
+- Kyle Crawford
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2015-01-10 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: ffi
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.7'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.7'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: OS X ACL reading and munipluation using ffi and C acl API
+email:
+- kcrwfrd@gmail.com
+executables:
+- acl_tool
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- .rspec
+- .travis.yml
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/acl_tool
+- lib/acl.rb
+- lib/acl/assignment.rb
+- lib/acl/entry.rb
+- lib/acl/version.rb
+- osx-acl.gemspec
+- spec/acl/assignment_spec.rb
+- spec/acl/entry_spec.rb
+- spec/acl_spec.rb
+- spec/spec_helper.rb
+homepage: ''
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.0.14
+signing_key: 
+specification_version: 4
+summary: OS X ACL reading and manipulation
+test_files:
+- spec/acl/assignment_spec.rb
+- spec/acl/entry_spec.rb
+- spec/acl_spec.rb
+- spec/spec_helper.rb