Issue with OS X permissions on System Disk

Posted on 2012-04-04
Medium Priority
Last Modified: 2012-04-05
So, I'm looking for an explanation.

Just today I loaded up 10.7.3 on my production Mac. There were no issues during the install. I was working just fine when I had some issue downloading a file and the error that I got led me to believe that either my system disk (Macintosh HD - M HD) was full or there was some permissions issue.  It turned out that the message was really nothing, but I reacted to it as though it was something.

My first thing to do was to look at the permission on M HD; not sure why, but something led me there. I noticed and panicked that the only "user" with read and write was System;wheel and everyone was read only. I thought that this was obviously wrong, so I logged in as the admin and added my specific user in, but even then I was not able to change it to RW and then I set him as owner; still no go. Finally I removed him from the list and then my problems started.  I was unable to access anything, even log in, with my ID. I ended up logging in as the admin and adding my user ID back in and then everything was OK.

I checked on another Mac that I have here and apparently the permissions that I saw when I looked at M HD were really OK... so I screwed myself up.

So, I guess I have some questions. One, is who is supposed to be the owner of M HD?  Should I set that back ?  Second, why did my user lose access to M HD when I removed him when the everyone group still had access?  Can I fix it so that I can have access if my user ID isn't in the list. Was the fact that I made me owner the crux of the issues with my ID's access?

Question by:jhyiesla
  • 3
  • 2
LVL 41

Accepted Solution

Eoin OSullivan earned 2000 total points
ID: 37809915
> One, is who is supposed to be the owner of M HD?  Should I set that back ?  
Owner should be  ... 'root' in group 'admin'  for /Volumes/Macintosh HD
Try running a repair permissions using Disk Utility to see will that resolve permissions otherwise I'd set it back manually.

> Second, why did my user lose access to M HD when I removed him when the everyone group still had access?  
> Can I fix it so that I can have access if my user ID isn't in the list.
Only the 'root' user is supposed to have unlimited access to ALL resources on the system.
A standard Unix user will have restricted rights in order to prevent accidental deletion or damage to critical system files/folders.
The sudo command or administrator password will usually be required to perform any action on system folders that are locked by default

>Was the fact that I made me owner the crux of the issues with my ID's access?
Messing with ownership of system folders and files is always very dangerous.  Adding your user with r/w access is not necessarily a problem but if you then REMOVE that user .. the permissions may not revert to the correct default settings leaving the file or folder in a sort of LIMBO.

When you use the Get Info dialog to look at a file or folder permissions you see the ACL permissions .. these can be a little deceptive as ultimately every file or folder has a single owner and group associated.  This is easier to see when using the Terminal and listing the owner and group for a particular file or folder.
When you add a user with r/w access using the Get Info dialog it can change the Unix owner and group.

You can use Terminal commands like the following to see a list of all users and groups
cat /etc/passwd | awk -F: '{print $1" ---> "$4}'
cat /etc/group | awk -F: '{print $1" ---> "$4}'

Open in new window

If you use the Workgroup Manager that comes with OSX Server (you can download the tools and install in OSX standard) you get a  nice GUI to see all your users and groups.

There are things you can do such as add your user to the system groups like 'wheel' and 'admin' which will increase your access rights on the system overall but I'd not recommend it unless you really need to be editing system files and folders on a daily basis.
LVL 28

Author Comment

ID: 37810476
I checked and it appears that root is still listed as the owner of /volumes/Macintosh HD. Looks like at least that error on my part didn't result in any problem.  I am running a repair permissions right now.

As far as my user losing access when I removed him, from the permissions list for M HD, I don't expect him to have sudo rights.  The issue was that apparently everything was OK originally with me not listed in the permissions list, and it appeared that I was OK when I added me in, although I was still not able to give a RW permission, only RO.  However, when I then removed me from that permissions list I noticed that the folder for M HD had a red minus sign on it and I was unable to log into the Mac with my ID.  After I logged back in as admin and added my user back to that ACL, I was once again able to log into the Mac and all appears OK. It was just confusing to, in my mind, take that list back to what it was originally and by doing so, remove my rights to get to the system disk at all.
LVL 28

Author Comment

ID: 37810578
The Repair permissions finished and did repair some things. My guy is still in the ACL, but I guess I'm just not going to worry about it. Since he has the same permissions as the Everyone group, nothing should be harmed by that and I'm just going to chalk it up to a learning experience.
LVL 41

Expert Comment

by:Eoin OSullivan
ID: 37810610
Everything should be fine ... the ACL is less important than the actual owner and group permissions but on a standalone computer it can be difficult to distinguish between the two.

You escaped from the problem unscathed ... this time ;-)
LVL 28

Author Closing Comment

ID: 37810633
Yeah, I know I was lucky. Normally I am more aware of what's happening before I do something like this, but in a work environment sometimes you get too busy and distracted.


Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Create a default user profile for Mac OS X 10.7/10.8 Create a user account on OS X that will be a template for every other user of that computer. I usually call it “profile” and make it an administrator account for the time being. 1. Install a…
Article by: Justin
In light of the WannaCry ransomware attack that affected millions of Windows machines, you might wonder if your Mac needs protecting. Yes, it does and here is how to do it.
Look below the covers at a subform control , and the form that is inside it. Explore properties and see how easy it is to aggregate, get statistics, and synchronize results for your data. A Microsoft Access subform is used to show relevant calcul…
This video tutorial shows you the steps to go through to set up what I believe to be the best email app on the android platform to read Exchange mail.  Get the app on your phone: The first step is to make sure you have the Samsung Email app on your …

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question