Issue with OS X permissions on System Disk

So, I'm looking for an explanation.

Just today I loaded up 10.7.3 on my production Mac. There were no issues during the install. I was working just fine when I had some issue downloading a file and the error that I got led me to believe that either my system disk (Macintosh HD - M HD) was full or there was some permissions issue.  It turned out that the message was really nothing, but I reacted to it as though it was something.

My first thing to do was to look at the permission on M HD; not sure why, but something led me there. I noticed and panicked that the only "user" with read and write was System;wheel and everyone was read only. I thought that this was obviously wrong, so I logged in as the admin and added my specific user in, but even then I was not able to change it to RW and then I set him as owner; still no go. Finally I removed him from the list and then my problems started.  I was unable to access anything, even log in, with my ID. I ended up logging in as the admin and adding my user ID back in and then everything was OK.

I checked on another Mac that I have here and apparently the permissions that I saw when I looked at M HD were really OK... so I screwed myself up.

So, I guess I have some questions. One, is who is supposed to be the owner of M HD?  Should I set that back ?  Second, why did my user lose access to M HD when I removed him when the everyone group still had access?  Can I fix it so that I can have access if my user ID isn't in the list. Was the fact that I made me owner the crux of the issues with my ID's access?

thanx...
LVL 28
jhyieslaAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Eoin OSullivanConsultantCommented:
> One, is who is supposed to be the owner of M HD?  Should I set that back ?  
Owner should be  ... 'root' in group 'admin'  for /Volumes/Macintosh HD
Try running a repair permissions using Disk Utility to see will that resolve permissions otherwise I'd set it back manually.

> Second, why did my user lose access to M HD when I removed him when the everyone group still had access?  
> Can I fix it so that I can have access if my user ID isn't in the list.
Only the 'root' user is supposed to have unlimited access to ALL resources on the system.
A standard Unix user will have restricted rights in order to prevent accidental deletion or damage to critical system files/folders.
The sudo command or administrator password will usually be required to perform any action on system folders that are locked by default

>Was the fact that I made me owner the crux of the issues with my ID's access?
Messing with ownership of system folders and files is always very dangerous.  Adding your user with r/w access is not necessarily a problem but if you then REMOVE that user .. the permissions may not revert to the correct default settings leaving the file or folder in a sort of LIMBO.

When you use the Get Info dialog to look at a file or folder permissions you see the ACL permissions .. these can be a little deceptive as ultimately every file or folder has a single owner and group associated.  This is easier to see when using the Terminal and listing the owner and group for a particular file or folder.
When you add a user with r/w access using the Get Info dialog it can change the Unix owner and group.

You can use Terminal commands like the following to see a list of all users and groups
cat /etc/passwd | awk -F: '{print $1" ---> "$4}'
cat /etc/group | awk -F: '{print $1" ---> "$4}'

Open in new window


If you use the Workgroup Manager that comes with OSX Server (you can download the tools and install in OSX standard) you get a  nice GUI to see all your users and groups.
http://support.apple.com/kb/DL1419

There are things you can do such as add your user to the system groups like 'wheel' and 'admin' which will increase your access rights on the system overall but I'd not recommend it unless you really need to be editing system files and folders on a daily basis.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jhyieslaAuthor Commented:
I checked and it appears that root is still listed as the owner of /volumes/Macintosh HD. Looks like at least that error on my part didn't result in any problem.  I am running a repair permissions right now.

As far as my user losing access when I removed him, from the permissions list for M HD, I don't expect him to have sudo rights.  The issue was that apparently everything was OK originally with me not listed in the permissions list, and it appeared that I was OK when I added me in, although I was still not able to give a RW permission, only RO.  However, when I then removed me from that permissions list I noticed that the folder for M HD had a red minus sign on it and I was unable to log into the Mac with my ID.  After I logged back in as admin and added my user back to that ACL, I was once again able to log into the Mac and all appears OK. It was just confusing to, in my mind, take that list back to what it was originally and by doing so, remove my rights to get to the system disk at all.
0
jhyieslaAuthor Commented:
The Repair permissions finished and did repair some things. My guy is still in the ACL, but I guess I'm just not going to worry about it. Since he has the same permissions as the Everyone group, nothing should be harmed by that and I'm just going to chalk it up to a learning experience.
0
Eoin OSullivanConsultantCommented:
Everything should be fine ... the ACL is less important than the actual owner and group permissions but on a standalone computer it can be difficult to distinguish between the two.

You escaped from the problem unscathed ... this time ;-)
0
jhyieslaAuthor Commented:
Yeah, I know I was lucky. Normally I am more aware of what's happening before I do something like this, but in a work environment sometimes you get too busy and distracted.

Thanx...
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Apple OS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.