Solved

Issue with OS X permissions on System Disk

Posted on 2012-04-04
5
357 Views
Last Modified: 2012-04-05
So, I'm looking for an explanation.

Just today I loaded up 10.7.3 on my production Mac. There were no issues during the install. I was working just fine when I had some issue downloading a file and the error that I got led me to believe that either my system disk (Macintosh HD - M HD) was full or there was some permissions issue.  It turned out that the message was really nothing, but I reacted to it as though it was something.

My first thing to do was to look at the permission on M HD; not sure why, but something led me there. I noticed and panicked that the only "user" with read and write was System;wheel and everyone was read only. I thought that this was obviously wrong, so I logged in as the admin and added my specific user in, but even then I was not able to change it to RW and then I set him as owner; still no go. Finally I removed him from the list and then my problems started.  I was unable to access anything, even log in, with my ID. I ended up logging in as the admin and adding my user ID back in and then everything was OK.

I checked on another Mac that I have here and apparently the permissions that I saw when I looked at M HD were really OK... so I screwed myself up.

So, I guess I have some questions. One, is who is supposed to be the owner of M HD?  Should I set that back ?  Second, why did my user lose access to M HD when I removed him when the everyone group still had access?  Can I fix it so that I can have access if my user ID isn't in the list. Was the fact that I made me owner the crux of the issues with my ID's access?

thanx...
0
Comment
Question by:jhyiesla
  • 3
  • 2
5 Comments
 
LVL 39

Accepted Solution

by:
Eoin OSullivan earned 500 total points
ID: 37809915
> One, is who is supposed to be the owner of M HD?  Should I set that back ?  
Owner should be  ... 'root' in group 'admin'  for /Volumes/Macintosh HD
Try running a repair permissions using Disk Utility to see will that resolve permissions otherwise I'd set it back manually.

> Second, why did my user lose access to M HD when I removed him when the everyone group still had access?  
> Can I fix it so that I can have access if my user ID isn't in the list.
Only the 'root' user is supposed to have unlimited access to ALL resources on the system.
A standard Unix user will have restricted rights in order to prevent accidental deletion or damage to critical system files/folders.
The sudo command or administrator password will usually be required to perform any action on system folders that are locked by default

>Was the fact that I made me owner the crux of the issues with my ID's access?
Messing with ownership of system folders and files is always very dangerous.  Adding your user with r/w access is not necessarily a problem but if you then REMOVE that user .. the permissions may not revert to the correct default settings leaving the file or folder in a sort of LIMBO.

When you use the Get Info dialog to look at a file or folder permissions you see the ACL permissions .. these can be a little deceptive as ultimately every file or folder has a single owner and group associated.  This is easier to see when using the Terminal and listing the owner and group for a particular file or folder.
When you add a user with r/w access using the Get Info dialog it can change the Unix owner and group.

You can use Terminal commands like the following to see a list of all users and groups
cat /etc/passwd | awk -F: '{print $1" ---> "$4}'
cat /etc/group | awk -F: '{print $1" ---> "$4}'

Open in new window


If you use the Workgroup Manager that comes with OSX Server (you can download the tools and install in OSX standard) you get a  nice GUI to see all your users and groups.
http://support.apple.com/kb/DL1419

There are things you can do such as add your user to the system groups like 'wheel' and 'admin' which will increase your access rights on the system overall but I'd not recommend it unless you really need to be editing system files and folders on a daily basis.
0
 
LVL 28

Author Comment

by:jhyiesla
ID: 37810476
I checked and it appears that root is still listed as the owner of /volumes/Macintosh HD. Looks like at least that error on my part didn't result in any problem.  I am running a repair permissions right now.

As far as my user losing access when I removed him, from the permissions list for M HD, I don't expect him to have sudo rights.  The issue was that apparently everything was OK originally with me not listed in the permissions list, and it appeared that I was OK when I added me in, although I was still not able to give a RW permission, only RO.  However, when I then removed me from that permissions list I noticed that the folder for M HD had a red minus sign on it and I was unable to log into the Mac with my ID.  After I logged back in as admin and added my user back to that ACL, I was once again able to log into the Mac and all appears OK. It was just confusing to, in my mind, take that list back to what it was originally and by doing so, remove my rights to get to the system disk at all.
0
 
LVL 28

Author Comment

by:jhyiesla
ID: 37810578
The Repair permissions finished and did repair some things. My guy is still in the ACL, but I guess I'm just not going to worry about it. Since he has the same permissions as the Everyone group, nothing should be harmed by that and I'm just going to chalk it up to a learning experience.
0
 
LVL 39

Expert Comment

by:Eoin OSullivan
ID: 37810610
Everything should be fine ... the ACL is less important than the actual owner and group permissions but on a standalone computer it can be difficult to distinguish between the two.

You escaped from the problem unscathed ... this time ;-)
0
 
LVL 28

Author Closing Comment

by:jhyiesla
ID: 37810633
Yeah, I know I was lucky. Normally I am more aware of what's happening before I do something like this, but in a work environment sometimes you get too busy and distracted.

Thanx...
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Reset EFI password on MacBooks 11 56
Receover MAC partician from W8.1 4 44
MAC Management Software 8 76
Apple iMac 4 79
There is a security feature on iOS devices that is nearly impenetrable when it has been activated.  This article will provide some possible solutions as well as necessary steps to take to ensure you do not end up with a locked device.
In this article we have discussed about the OS X EI Capitan and how to fix Wi-Fi issue in OS X El Capitan. We have explained how to delete system level preferences and create a new Wi-Fi location to resolve Wi-Fi issue.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now