Solved

Issue with OS X permissions on System Disk

Posted on 2012-04-04
5
361 Views
Last Modified: 2012-04-05
So, I'm looking for an explanation.

Just today I loaded up 10.7.3 on my production Mac. There were no issues during the install. I was working just fine when I had some issue downloading a file and the error that I got led me to believe that either my system disk (Macintosh HD - M HD) was full or there was some permissions issue.  It turned out that the message was really nothing, but I reacted to it as though it was something.

My first thing to do was to look at the permission on M HD; not sure why, but something led me there. I noticed and panicked that the only "user" with read and write was System;wheel and everyone was read only. I thought that this was obviously wrong, so I logged in as the admin and added my specific user in, but even then I was not able to change it to RW and then I set him as owner; still no go. Finally I removed him from the list and then my problems started.  I was unable to access anything, even log in, with my ID. I ended up logging in as the admin and adding my user ID back in and then everything was OK.

I checked on another Mac that I have here and apparently the permissions that I saw when I looked at M HD were really OK... so I screwed myself up.

So, I guess I have some questions. One, is who is supposed to be the owner of M HD?  Should I set that back ?  Second, why did my user lose access to M HD when I removed him when the everyone group still had access?  Can I fix it so that I can have access if my user ID isn't in the list. Was the fact that I made me owner the crux of the issues with my ID's access?

thanx...
0
Comment
Question by:jhyiesla
  • 3
  • 2
5 Comments
 
LVL 39

Accepted Solution

by:
Eoin OSullivan earned 500 total points
ID: 37809915
> One, is who is supposed to be the owner of M HD?  Should I set that back ?  
Owner should be  ... 'root' in group 'admin'  for /Volumes/Macintosh HD
Try running a repair permissions using Disk Utility to see will that resolve permissions otherwise I'd set it back manually.

> Second, why did my user lose access to M HD when I removed him when the everyone group still had access?  
> Can I fix it so that I can have access if my user ID isn't in the list.
Only the 'root' user is supposed to have unlimited access to ALL resources on the system.
A standard Unix user will have restricted rights in order to prevent accidental deletion or damage to critical system files/folders.
The sudo command or administrator password will usually be required to perform any action on system folders that are locked by default

>Was the fact that I made me owner the crux of the issues with my ID's access?
Messing with ownership of system folders and files is always very dangerous.  Adding your user with r/w access is not necessarily a problem but if you then REMOVE that user .. the permissions may not revert to the correct default settings leaving the file or folder in a sort of LIMBO.

When you use the Get Info dialog to look at a file or folder permissions you see the ACL permissions .. these can be a little deceptive as ultimately every file or folder has a single owner and group associated.  This is easier to see when using the Terminal and listing the owner and group for a particular file or folder.
When you add a user with r/w access using the Get Info dialog it can change the Unix owner and group.

You can use Terminal commands like the following to see a list of all users and groups
cat /etc/passwd | awk -F: '{print $1" ---> "$4}'
cat /etc/group | awk -F: '{print $1" ---> "$4}'

Open in new window


If you use the Workgroup Manager that comes with OSX Server (you can download the tools and install in OSX standard) you get a  nice GUI to see all your users and groups.
http://support.apple.com/kb/DL1419

There are things you can do such as add your user to the system groups like 'wheel' and 'admin' which will increase your access rights on the system overall but I'd not recommend it unless you really need to be editing system files and folders on a daily basis.
0
 
LVL 28

Author Comment

by:jhyiesla
ID: 37810476
I checked and it appears that root is still listed as the owner of /volumes/Macintosh HD. Looks like at least that error on my part didn't result in any problem.  I am running a repair permissions right now.

As far as my user losing access when I removed him, from the permissions list for M HD, I don't expect him to have sudo rights.  The issue was that apparently everything was OK originally with me not listed in the permissions list, and it appeared that I was OK when I added me in, although I was still not able to give a RW permission, only RO.  However, when I then removed me from that permissions list I noticed that the folder for M HD had a red minus sign on it and I was unable to log into the Mac with my ID.  After I logged back in as admin and added my user back to that ACL, I was once again able to log into the Mac and all appears OK. It was just confusing to, in my mind, take that list back to what it was originally and by doing so, remove my rights to get to the system disk at all.
0
 
LVL 28

Author Comment

by:jhyiesla
ID: 37810578
The Repair permissions finished and did repair some things. My guy is still in the ACL, but I guess I'm just not going to worry about it. Since he has the same permissions as the Everyone group, nothing should be harmed by that and I'm just going to chalk it up to a learning experience.
0
 
LVL 39

Expert Comment

by:Eoin OSullivan
ID: 37810610
Everything should be fine ... the ACL is less important than the actual owner and group permissions but on a standalone computer it can be difficult to distinguish between the two.

You escaped from the problem unscathed ... this time ;-)
0
 
LVL 28

Author Closing Comment

by:jhyiesla
ID: 37810633
Yeah, I know I was lucky. Normally I am more aware of what's happening before I do something like this, but in a work environment sometimes you get too busy and distracted.

Thanx...
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Information security is a multi-billion dollar industry. Just as lucrative is the black market industry which trades stolen identities, credit card numbers and software exploits all over the world. Nothing is hack-proof. The best one can do is make …
Set up iPhone and iPad email signatures to always send in high-quality HTML with this step-by step guide.
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…
Need to grow your business through quality cloud solutions? With everything required to build a cloud platform and solution, you may feel like the distance between you and the cloud is quite long. Help is here. Spend some time learning about the Con…

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now