How to make File Provider folders/files readonly?

App & System Services Core OS
centea OP
Created Jun ’21
Replies 1
Boosts 1
Views 1.4k
Participants 2

I work on a cloud sharing solution and I am trying to make some directories read only. I have used "fileSystemFlags" and "capabilities" properties in the NSFileProviderItemProtocol to enforce read only behaviour but it only works when the user is drag and dropping in finder.

How can I really make a folder readonly using the file provider extension? I tried to create file/folder from Finder or Terminal it gives permission denied(as expected). However, sudo mkdir created a folder from terminal either way 😦 . I noticed this is the same behaviour in iCloud Drive unfortunately. Since these are folders/files shared by someone else even with sudo rights user should not be allowed to create or modify files.

Can read onlyness be achieved with extended attributes or some other ways?

Thank you

Replies  1
Boosts  1
Views  1.4k
Participants  2
Engineer OP
Apple
Jan ’22

Great question. Indeed, FileProvider does not protect against super-user intervention.

If you encounter this situation, you are able to move the item into another folder on behalf of the user. Perhaps the root folder of the domain, or a “lost and found” folder.

On the completion handler to createItem/modifyItem, return an NSFileProviderItem whose parentItemIdentifier is different than the one which was passed in the itemTemplate. The system will then sync that diff back to disk, moving the item to the new parent directory.

3
How to make File Provider folders/files readonly?
First post date Last post date
 
 
Q