Latest in Hackinations

Image credit:

Hackinations: Figuring out "Duplicate Exactly"


Today, the TUAW backchannels were having a fine old time exploring all the new options built into Finder. Most of the features are pretty obvious in what they do.

For example, hold down the Shift key while opening the Go menu to discover the Select Startup Disk on Desktop option. Hold down the Option key to force the Library folder to appear.

Pretty straightforward, right?

So what was option shown below all about? In Finder, when you select a file and view Option-Shift-File Menu, about halfway down the menu is a curious choice. Duplicate exactly.

It took quite a bit of work to track down what it did. Whatever it was, it required you to authenticate as an administrator to use it.

At first, the TUAW hive mind thought it might have something to do with copying pre-existing versions along with files. So we created a simple file and started versioning it. Then we duplicated it and duplicated it exactly. In neither case did the version information transfer.

So then we turned to Dtrace at the suggestion of @rylin on Twitter. It turns out that although the duplicate option is executed by Finder, the duplicate exactly version uses Locum to perform file writes.

If you're not familiar with Locum, it's a built-in part of OS X (has been around for a few years) that handles privilege escalation. You use it whenever you try to delete items that are owned by other users or by the system.

That led to some new tests. While we had originally discounted Emanuele Vulcano's hypothesis that the option "kept permissions intact", his guess was far more right than wrong. Simple duplication did retain permissions in our tests, just as they did with duplicate exactly.

What we didn't find out for a while is that duplicate exactly also retains file ownership, in addition to permissions.

We went ahead and created two files at the command line. We used chown to change the owner of the first file to root.

Then we went ahead and used first duplicate and then duplicate exactly from the finder on both these files. The copy version for each file is from duplicate, and the copy 2 version from duplicate exactly.

What you can see here is this. While the permissions remain for each copy, what changed was the owner. A simple copy of foo changed the ownership from root to me. An exact copy using the authenticated Locum process preserved the ownership as well.

There you have it. One mystery solved.

From around the web