Suggestions Please for a permissions changing script

Hi everyone,

I’m not sure if/how this might be possible with Applescript,
or if Applescript is the way to go to achieve something like this,
but I’d certainly appreciate ANY advice you can offer.

I have a folder in which I have department folders, in which
subfolders are created by users in that department.

Smith, Bob
Thomas, Sally
Park, George

Every so often (maybe every five minutes), I’d like to go through the contents of each department folder, and turn the contents of everything WITHIN the department folder to read-only, so that the contents cannot be moved, deleted or renamed.
I want people to still be able to create folders within the department folders.

The contents of the folders will get quite large.

The reason for doing this is that the material in those department folders is referenced by a shared database. If someone deletes something or renames the file, the link to the database will be broken because the path has changed, so I’d like to minimize the chances that they will do this.

Any suggestions or advice ???
thanks. :slight_smile:

This is untested, but shouldn’t take more than a little tweaking to make work:

on idle
    set FolderList to contents of folder "insert:path:to:shared:folder:here"
    for each Folder in FolderList
        do shell script "chmod -R a-w " & quoted form of ((POSIX path of (TheFile as alias)) as string) & "*"

idle 300

What it will do is: every five minutes, it will get a list of the department folders within the shared folder, and remove the “write” permission for all files within those folders. Any folders within the department folders will be set as unwritable, which means that no files can be added or removed from those folders. It will not prevent users from deleting files from the department folders, as doing so would also prevent them from adding files.

WOW. thank you sooo much for helping with this.

Where would this script be placed so that it runs every five minutes ?
I’m a beginner at mac scripting… (are there any books you might recommend I read that could educate me (a non-programmer) on this topic???)

Could you give me an example of what this line might actually look like ?:

do shell script "chmod -R a-w " & quoted form of ((POSIX path of (TheFile as alias)) as string) & “*”

(i don’t know what & quoted form of0 ((POSIX pagh of (TheFile as alias)) as string & “*” will actually look like in the AppleScript

In reality, I just realized that I actually would want to leave the folders within the department folders writeable as well! but make all the files IN those folders read only… so that people could still add to those subfolders, but just couldn’t rename or delete documents that have already added to those subfolders. WOULD this change the script much ???

thanks again!!

The problem is that the “create”, “rename” and “delete” permissions are tied together, so you can only enable or disable them as a group. If you need to make sure that files are not modified, renamed, or deleted, then probably the best way to do this is to create two copies of the directory tree, one that anyone can modify, and one that only you can modify. Then, create a script to copy the contents of the modifiable tree to the read-only tree. In Applescript, it would look something like this untested script:

set SourceTree to "path:to:directory:that:anyone:can:modify"
set DestTree to "path:to:readonly:directory"

on idle
    do shell script "cp -Rn " & quoted form of ((POSIX path of (SourceTree as alias)) as string) & " " & quoted form of ((POSIX path of (DestTree as alias)) as string)

idle 300

Save it as a compiled script with the “stay open” option checked, and run it. It will activate every five minutes and copy all new files from the “live” tree to the read-only one.

If you’ve got a local Unix/MacOSX geek, you can get them to set it up as a cron job rather than an Applescript, and they can make sure the directory permissions are set properly.