Broken permissions in Terminal

Similar Messages

• More broken permissions with 10.5.7.

  Is anyone else concerned about the growing list of broken permissions? Apple tells us to ignore them. I was hoping 10.5.7 would have fixed this, but now there are more that can't be repaired. What is going on?

  I don't know if the problem is in the installer or the Library/Receipts/*.bom files but on my system the "unrepairable" permissions seem to take the following form:
  ... Permissions differ on ".../Contents/CodeResources", should be -rw-rw-r-- , they are lrw-rw-r--
  In this case 'CodeResources' is really a symbolic link to "_CodeResources/CodeResources" and it's the "l" qualifier that's causing the problem. I was willing to devote the time necessary to permanently eliminate these distractions while providing an easy way to track my changes.
  My fix involved the following steps _while in the offending 'Contents/' directory_:
  step #1 - change the symlink name so it's never again checked by Disk Utility
  sudo /bin/mv -iv CodeResources zCodeResorces
  step #2 - copy the real CodeResources into the 'Contents/' directory, note the trailing '.' (dot)
  sudo /bin/cp -vp _CodeResources/CodeResources .
  (it should already have the proper permissions of '-rw-rw-r--')
  I also updated the locate.database
  sudo periodic weekly
  so that I could immediately track my changes with the following:
  locate zCodeResource
  I still consider this one-time investment very worthwhile when weighed against the otherwise disconcerting recurring 'Verify/Repair Disk Permissions' results.

• Add user to permissions through terminal

  This is killing me. Seems like it should be such a simple task in the terminal but I just can't figure it out.
  What I would like to do is to give another user on my computer write permissions to a file that I own.
  I have tried several different things to no avail. Anyone have ideas? I know how to change the owner of the file, change the group or change my permissions but I just can't figure out how to add another user and set their permissions.
  Thanks for help!

  I am not doing this to one file. I know how to do this from the UI but I am trying to write a script to loop through the files in a folder and allow other specific users to read and write the files.
  Here is what I have tried
  chmod -R 775 nameOfFile
  ## This only changes the permissions for me as the admin
  chgrp -f group nameOfFile
  ## this only changes the group that has access
  chown newOwner nameOfFile
  ## this works but just removes me from ownership instead of adding a user that has read capabilities
  Thanks for your help

• Permissions via Terminal

  What command do I need to type in Terminal to give myself access again to the hard drive and all files and applications within. Somehow, I removed all my permissions and cannot get into my desktop.

  Hi-
  I don't know if this suggestion will solve your problem, but it might be worth a shot. Try booting your mini form the *Original Installation CD's* that came with your system and repairing permissions from the disk utility that's on CD #1. To do this, insert CD #1 in your optical drive and either do a restart, or cold start; upon hearing the start up chime, hold down the "C" until the blue screen and greeting appear. Once you have the installer's menubar on your screen, highlight "Utilities" and select the Disk Utility, then proceed, as you normally would, to repair the permissions on your hard drive. When permission repair is completed, restart your system and see if your desktop is intact. Good luck.
  Message was edited by: GCG

• Changing permissions in terminal

  Hi, I'm trying to change the permissions on an app through terminal. The app name is more than one word (Dora's Big Birthday Adventure.app) and I can't seem to do it. I'm trying to use the chmod command, and it says that the file name does not exist. Can anyone help?

  Enclose the name of the file in "quotations marks" to make Terminal ignore the space.
  >Dora's Big Adventure.app
  will return
  Dora: no such file or directory
  you need to type
  >"Dora's Big Adventure.app"

• Repair user folder Permissions using terminal

  Disk utility won't repair ownership & permmisions in the root user folder. I did a transfer of apps from my old Tibook and something went wrong. Some of my folders list "Owner" as unkown etc. I had this issue a few years back when restoring from a cloned drive, and someone on this forum suggested a Terminal command to reset my user folder back to defaults with the proper ownership and that worked! Unfortunately I can't remember the command line ("sudo chown...something like that). Changing permissions on each folder and file using the "get info" command is too tedious. Thanks for any help.
  MBP 17in 2.33ghz Mac OS X (10.4.8)
  TiBook 667 Mac OS X (10.3.7)
  TiBook 667   Mac OS X (10.3.7)  

  Since the cursor advanced to the next line after entering each command, and no error message was returned, it sounds like the commands worked.
  The Get Info panel is sometimes slow to reflect permissions changes. Try control-option-clicking Finder's Dock icon and select Relaunch. See if that kick-starts the Get Info permissions report.
  You can verify that everything changed correctly by typing this into a Terminal window:
  ls -laR ~ > ~/Desktop/list.txt
  That will create a file on your desktop called list.txt. Open it with TextEdit. It will list every file and folder in your home directory. If your username is listed as the owner of everything then it worked correctly.

• @ character after file permissions in terminal ...

  When I list files in terminal using ls -l some files show a @ character after the normal file permissions ...
  Ex : -rw-r--r--@ 1 jussi staff 425393 Dec 25 18:27 ncftp-3.2.3-src.tar.bz2
  What, why, how ?? I can't recall seeing the @ on any linux machine I've had ...
  ?

  I also have the same problem, how to fix it ?
  This is not a problem, and there is nothing to fix. See "man ls"
  ls -leO@
  If you are trying to map your Linux knowledge on top of Mac OS X, you will find that it does not map exactly.
  Also you are better off asking Unix kind of questions in the Mac OS X Technologies > Unix Forum
  <http://discussions.apple.com/forum.jspa?forumID=735>

• Broken Permissions in File Sharing

  Hello -- When I attempt to share files from my Mac Mini (running 10.6.8), the permissions set in the File Sharing settings are not enforced (permissions).
  For testing purposes, I simply created two users and gave user 1 permission to a folder share. But when user 2 authenticates, that user has full read/write permissions to the folder.
  I did a quick screen capture demonstrating this (only 1minute long video). Make sure it is full screen and in a HD setting so you can see the user names and other details.
  http://youtu.be/KbCsiYOU3Dw
  I very much want to comission my old Mac Mini to be a local file server, but if all share permissions are going to be broken, well that's pretty sad. I would use strictly AFP, but I have two clients on the network here that need SMB shares.
  Thanks!

  Anyone with a thought/idea?
  I can't believe the sharing permissions are so broken.
  Thanks!

• Change user permissions in Terminal?

  Hey everyone. The company I work for has decided that we need to switch multiple users from admin accounts to standard accounts. Since there are multiple people across multiple machines, it will take awhile to remote into each machine and manually flip the flag in system preferences.
  Does anyone know if there is a command I can run via ssh in Terminal that will allow me to flip that switch for a specific username?

  It looks like your system may be part of an Active Directory or Open Directory domain, since the only admin accounts listed here are the system "root" account and one called "macadmin" which my guess is a single local administrator account used for binding the system to the domain.
  In this case you will have to consult your domain administrators to see how the organizational units and accounts are managed for whether or not you can assign or revoke administrative privileges for the networked accounts that it manages. These settings changes will need to be done on the domain controller system, and not on each client system that it manages.

• Broken Permissions

  Upon installing Snow Leopard my administrator privileges have been removed. I erased my harddrive and did a full install. I have everything backed up. However, I can no longer install or uninstall programs, make any changes on my computer, or anything of the sort. Permissions were ok for about two hours after install then randomly stopped working while I was re-installing my programs. I am the only user on this computer and under my user account it still says I am an administrator but I cannot click on the lock to make changes.
  How can I reset my permissions without doing another complete system restore?

  I have exactly the same problem!

• HD Not Accessible to Repair Permissions

  Hello. I hope you can help me isolate the error that is keeping my Intel iMac G5 from booting properly. I’m running 10.4.
  It froze after I’d been backing up onto DVD/dumping old data (about 20GB worth). Whenever I tried restarting the screen would freeze on the grey apple logo, sometimes with the swirly icon.
  When I ran Disk Utility off the install disk at first it indicated “error detected” on mass storage, but later said it was fine. But I could not run Repair successfully (I kept getting "repair failed" messages), and the Repair Disk Permissions button was not accessible (greyed out).
  I could not startup in safe mode. And if I tried to restart in DU the only option was a Network (which I'm not hooked up to).
  Once I got a Kernal panic screen but most of the time it was just a grey apple with the fan hitting 900 rpm.
  Finally I ran DiskWarrior and in 15 minutes it had cleaned out and rebuilt my HD. I thought I was home clear.
  However, even though Disk Utility now says my HD is fine, it still does not allow me to Repair Disk Permissions - the option is greyed out. And if I boot up pressing Option to select a Startup Disk, the rebuilt drive is not one of them.
  It appears my /Library/Receipts folder is empty.
  What’s more, if I try to run an admin command in Terminal, like
  sudo diskutil repairPermissions /
  I get the message:
  -bash: sudo: command not found
  In fact, any way I try typing sudo I get a “command not found” message, even if I try to run other command like chmod.
  When I type:
  Users
  I get
  Users: command not found.
  So I typed:
  Echo $PATH
  And get
  /bin:/sbin:/usr/bn:/usr/sbin:/usr/libexec:/System/Library/CoreServices
  I’m not sure at this point whether the fact that the DiskWarrior-rebuilt drive doesn’t show up among Startup options (when I boot with option key) is because of missing/broken permissions; an empty /Library/Receipts folder; missing users; or a missing path.
  Any and all help is appreciated. Thank you.

  Oy. I purchased an external drive and began installing Mac OSX onto it, so that I could then migrate all files from the unbootable hard drive before running an Archive & Install. That part seemed to go smoothly. But a few problems have emerged:
  1. Though I was prompted to keep Disk 2 of the install ready, it never asked me for it, even though I ran the installation 2 or 3 times. Consequently while I can select the external drive when booting up command-S, I can only see Install window, Disk Utility or Terminal windows - never a desktop, preferences drop down, help menu, finder, all the things I'd typically see when launching my machine. Is this normal? Is there a way to force it to install only disk 2 if it has things it needs for full bootable GUI / access?
  2. Booting up with the install disk, in disk utility I can see both drives but still cannot repair permissions on my affected HD. I tried via Terminal (repairPermissions, chmod or chown) commands; I keep getting error messages (command not found).
  3. Switching cd / to my new drive in Terminal, I was able, I think, to change permissions (755) but when I open Disk Utility the drive is still not writable and "Repair Disk Permissions" is still grayed out.
  4. I could not open Migration Assistant on the new drive via Disk Utility, so I copied it from the HD into its own folder on the new one, but am really confused about the whole Disk Image thing. If I create a new disk image and try to open it, convert or checksum it, it still is grayed out, I can never just open it. I tried running commands in Terminal to run that application on the external drive, pointing to the new folder, to the .app, to the contents, .dmg, and no commands seem to work, I keep getting the command not found message.
  If I just run the A&I, I fear I'll lose my data which is why I wanted to migrate everything over before I did so. But if the user / owner permissions are screwed up and the only way to fix them is A&I, I don't know what else to do.
  Is there ANY way to boot from the install, run Migration Assistant from the external drive (either through Disk Utility or Terminal) and copy all files from HD? If not, I guess I'll have to cross fingers and A&I.
  Gee, I used to love my Mac ...

• Aperture requests serial number after every reboot due to improper permissions on ProAppsSystemID

  Background: if Aperture doesn't have write access to /Library/Application Support/ProApps/ProAppsSystemID then it continually prompts for registration information, and stores it in /tmp/ProAppsSystemID. On restart this tmp file is removed, and thus re-requested every time.
  The resolution for this issue is to:
  open Aperture and re-enter your registration / serial number (for the last time)
  close Aperture
  Execute these commands in your terminal:
  mv /tmp/ProAppsSystemID ~/Library/Application\ Support/Aperture
  sudo rm /Library/Application\ Support/ProApps/ProAppsSystemID
  sudo ln -s ~/Library/Application\ Support/Aperture/ProAppsSystemID \
    /Library/Application\ Support/ProApps/ProAppsSystemID
  restart Aperture
  What we are doing here is replacing the actual license file with a link to the same file where we can write to it.
  Question: why is this required? Files like this should be stored in ~/Library/... or created only during registration, with admin prompt, and then read only from then on.

  Thanks Leonie,
  Your replies on this issue elsewhere lead me to the solution.
  The issue is that the *installer* doesn't require write access, but actually Aperture itself, every time it runs. That's crazy given I'm not changing the licence every time. The upgrade to Aperture came via the App Store, so I'm at a loss why it requires these broken unix permissions to run *every* time.
  User differs on “Library/Application Support/ProApps”; should be 0; user is 502.
  If you use disk utility to repair permissions, it will fix these broken permissions, and again Aperture will prompt you for licence information every time. So Apple needs to fix this, and store the licences where everybody else does in /Library/Preferences and fix their application to use read-only permissions on startup.
  This might vary on how the application was installed, maybe the full App Store release doesn't do this any longer.
  I don't have a Library/ProApps folder, and I don't run my mac users with Admin permissions by default, it's a classic security risk. I guess this is why you're not seeing this issue.

• ITunes permissions error when downloading from Store

  When I try to download music or an app from the iTunes Store I get the following error after clicking the button to download the item:
  " *ITunes couldn't download your purchase*
  You don't have write access to your iTunes Media folder or a folder within it. Change permissions (in the Finder) and then choose Store > Check Available Download."
  I checked permissions on my iTunes Media folder and I have Read/Write access. I also applied Read/Write access to all enclosed items. I went into the iTunes Media Folder and manually created files and deleted them without any problem, so it appears I do have write access.
  Unfortunately I hadn't use iTunes for a few weeks , so I'm not sure when it quit allowing downloads. Everything else appears to work fine.
  Any suggestions on where to go from here would be appreciated!
  OSX 10.6.5 and iTunes 10.1.1 (4)

  Thanks so much! I contacted iTunes support and they kept telling me to mess with my permissions in terminal but no one thought to mention the shared folder at all... This ended hours of frustration for me! Glad I found this discussion.

• Issue with permissions to upload files into Apache web server to OS 10.8.2

  Hello everyone;
  I setted up Apache web server and mysql to OS 10.8.2 Mountain Lion. It's working fine except for the permissions. I can't upload files into the web site directory. Doesn't recognize, e.g., the PHP function "move_uploaded".
  One problem for my is that I can't modify the permissions by "Terminal" app since it telling me that the "Process completed" and I can't write any script.
  Any suggestion will be welcome.
  Thanks in advance.

  My only question now would be how to speed up Safari's 6.0.1 performance in 10.8.2 or do I just accept that it's a little slower than it was, which is fine. Are other folks having this issue?
  I was primarily passing along info about my particular download speed and for the Web Confidential 3.8 people: make a backup of your passwords b4 installing 10.8.2 or be prepared to upgrade.

• Permissions

  Here is a summary of the permissions system the way I understand it. I hope it helps save anyone out there some of the time and trouble I've had to endure to understand Permissions.
  I) POSIX:
  Get info
  The 'Get Info' window is a user-friendly way to view and manage permissions on files and directories. But it is a little confusing to understand.
  You can tell if you've really messed around too much with the permissions of a file or directory if the Get Info window lists your Sharing and Permissions as 'custom'. You shouldn't have any 'custom' permissions settings if you are new to managing permissions.
  For all beginners, there should only be three listings in the 'Get Info' window. The reason this confuses people is because everyone wants to see themselves as the owners of their computer's files and directories, and nobody wants to see 'everyone' with access to important files and folders.
  First listed is the file's (or directory's, if you selected a directory) owner. There is only one owner for each file or directory, but the owner can be changed in terminal with chown (provided you have the needed privileges).
  Next listed is the primary group to which the owner of the file or directory belongs. A user can only belong to one primary group, but the primary group of a user can be changed with usermod in terminal.
  Next listed is all other users. This is the account that mostly ruins people as everyone wants 'everyone' to have no access to their computer. The main problem is that the need for 'everyone' to have permissions on some important files is not correctly understood by most people.
  Using File Hierarchies to Manage Permissions
  It is easier to accept the need for 'everyone' to have access to important directories once you realize that the file and directory permissions are also managed via the file and directory hierarchies. So, regardless of who has permissions on a file or directory, if it is copied or moved to a directory to which 'everyone' has no access, and you are the only one with permissions, then the moved or copied file cannot be accessed by anyone until you move it back out of your directory. The role of file hierarchies in managing permissions is a very important part of the system, but most people are not aware of how it works.
  It is similarly easier to understand the need for 'everyone' to have access to important directories with two different examples. Say, for example, you add a new user to your system. The system will automatically copy directories into that user's home folder for that user to use. But if the directories are not accessible by 'everyone', then that user will not have access to any of the copied resources.
  For another example of the need for 'everyone' to have access to important directories, consider what happens when you attempt to assign 'no access' to 'everyone' on your System folder. Now, you yourself cannot access the folder and you have to reboot your system with disks. You cannot simply add yourself as the owner of the System file, because the system needs to access that file at start-up. The System is one important user on your system which you cannot do without! So the System must be the owner of the System directory. The System automatically belongs to a group called 'wheel' which allows for the connection of other 'Systems' to your 'System' through a common group. Is the 'System' did not belong to any group, you could never share resources, files, directories, or executables (like a printer, for example) with other 'System' users. So your computer automatically includes a 'wheel' group and a 'System' (YOUR 'System') that belongs to that group. Now then, you are not your system. Your system is your system. In order to use your system, you have to have a user account. Also, you have to have access to your System folder. Since the System folder necessarily belongs to your system, and the system is necessarily installed as a member of the 'wheel' group (otherwise you would not be able to network), then there is only one more permission through which you can gain access to your system, and that is the 'everyone' group. This is because there are only three reserved places on the permissions bits. There is one place for the file (or directory) owner, one place for the primary group of that owner, and one place for 'everyone' else.
  The three-entry 'limits' to the permissions system (owner, group, everyone) make much more sense when you realize that the directory and file heirarchy permissions are meant to be used as the other half of the permissions assignments. Where the most important owner ('System') of a directory (system) must be the most accessible (to 'everyone'), all other groups and users can impose more restrictions on files and folders (directories) that they create, as well as those which they have imported into their own files and folders, using the file hierarchies to manage permissions.
  Terminal ls -l command
  When in terminal, you use the ls command to see a list of the files in the current directory. However, when you at the -l option to the ls command, you also get to see the file and directory permissions for each file or directory in the current directory.
  The permissions for a file start with a -, and the permissions for a directory start with a 'd'. That is followed by 9 dashes or letters. The letters are for 'read' 'write' and 'execute' (rwx). The first three are for the file or directory owner. The second three are applied to the file or directory owner's primary group. The second three are applied to everyone. However, if a file which 'everyone' can read is in a folder to which 'everyone' has no access, then there will be no access to that particular file, even though the permissions for 'everyone' assign access. That's because the permissions assignments to a file or folder are only half of the permissions management. The other half is the arrangement of the files and folders, through the hierarchical assignment of permissions restrictions. That is the fact about permissions systems that confuses everyone.
  Terminal chmod command
  In terminal, you can change the permissions 'mode' assigned to a particular file or folder (or even an entire hierarchical structure) using the chmod command. There is a numbering system to correspond to the 10-letter (drwxrwxrwx) system. You can learn more about that online or by typing 'man chmod' into the terminal.
  Terminal chgrp command
  In terminal, if the owner of a file or directory belongs to more than one group, you can change the group that has permissions to the file or directory to one of the owners' non-primary groups. You can learn more about that by typing 'man chgrp' into the terminal.
  Terminal, editing  the /launchd-user.conf file
            You can set the 'umask' by editing the configuration file for the user. Editing configuration files is an important part of the system and a valuable skill to learn. Once you learn how to edit the user configuration file, you can easily change the default permissions mode that is assigned by that user to his or her new files and folders by changing the 'umask' variable. The umask variable uses a 4 digit number for permissions, just like the chmod command.
  Who are Users?
  There are several very important users on your system. Your computer itself is a user on your computer, called 'System'. There is a user called 'root' that gives you control over the 'System' (and consequently can destroy your entire system). 'Root' user is also a default member of the 'admin' group. When your system is first installed, it prompts you to add yourself as the first human 'user' and makes you the first human member of the 'admin' group, as well as a member of the 'staff' group. Your primary membership is to the 'staff' group, but you can also function as a member of the 'admin' group by entering your password when prompted or when required in a command. You can add any other users from that point and grant them admin privileges, or not, or membership in some other group with other privileges to access certain directories or files.
  What are the Groups?
  Groups like 'wheel' and 'daemon' are used to connect your system to network users without granting system privileges. Your computer 'System' is a user that belongs to the 'wheel' group. 'Root' user also belongs by default to the 'wheel' group and 'admin' group' and 'staff' group (so that if you, the hardware owner, log in as 'root' user, you can access everything on the hardware). The 'wheel' group is like an empty socket waiting for you to allow other network resources to connect with your system by adding them to the 'wheel' group. A user could be a member of the 'wheel' group without having privileges or permissions to anything on your system. Maybe such a user would only be given permissions to access a printer or a single folder on your system.
  'Everyone' is the group that most people want to eliminate. However, 'everyone' is necessary for the most important system resources, which can subsequently be assigned restricted access (when they are moved or copied to other, more restricted, files and directories) using the hierarchical assignment principle. 'Everyone' is the most misunderstood group identity.
  Apart from such default required groups, you can create any group you like, and many applications will add a group to your system for use with that application and its resources. You can see what groups are on your system (and what users belong to them) by reading the etc/group file.
  If a user is not assigned to any group, the computer assigns them to the default group called 'staff'.
  What is the best way to set up file and directory permissions?
  There is a utility called 'disk utility' which you can use to 'fix' your permissions if you messed around with them too much without knowing what you were doing (learning, obviously!). If you still have access to your system, and it is acting funky, and you have been messing around with permissions, 'disk utility' is likely to solve all of your trouble. If the permissions are too badly ruined (for example, if you assign 'everyone' 'no access' to your system folder, etc), and you have no way to login to the root user (root user can be both enabled and logged in through any terminal window using 'dsrootenable', if you have both an administrator password and a root user password) then you may have to reboot from disk or perform a new installation, since you likely have removed yourself from your own computer.
  Apart from the 'disk utility' defaults for important directories, there is no best way to set up permissions. When you combine the permissions mode of a file or directory with the hierarchical permission structure, there are many ways that intellectual property can be both protected and shared, according to the project and purposes.
  There are many possible arrangements for permissions, and each proposed scheme requires a bit of study to understand how security, privacy, collaboration, and sharing will be affected.
  II) ACL:
  Microsoft WindowsOS manages permissions differently (They use ACL's instead of POSIX). There, you assign each file or directory different permissions for each user or group. In Apple OS it is called 'ACLs' when you create custom permissions by removing or adding permissions for users or groups that are in conflict with the standard three-values permission system. Altering the permissions to create these 'custom' settings shows up with the 'ls -l' command as a '+' appended to the permissions bits (drwxrwx---+). The reason for the '+' (or the exceptions added to the standard security permissions) can be listed using the ls command with the -le switch.

  Mac OS X ACLs are based on a FreeBSD ACL implementation that extends the standard Unix/POSIX file system DAC security model.  The ACLs used in Windows' security model work differently, because the Windows' security model is based on security tokens that interact...well, to be honest, I've always felt that the Windows security model reminds me of the OS X preference domain model more than anything else.
  Otherwise, not bad at all.