13 Replies Latest reply: Sep 13, 2013 4:26 AM by taradee
zeppocat Level 1 Level 1 (0 points)

I recently had to have my hard drive replaced because the old one was failing. It was failing so badly, much of my data was not restorable from it. I thought it was fortunate that I had just recently backed everything up via Time Machine. But when I went to restore the files, I discovered that most of the folders inside my User folder were locked. My username appears to be the same as the old one, but when I try to go into those folders to find the items I want to restore, I get a message saying that I do not have privileges. My account is an Administrator account, and the pre-replacement account was also.

 

How can I get back my user privileges on my Time Machine folders? Does anyone have any ideas on this?

 

Thanks in advance.


 iMac 2.33GHz Intel Core 2 Duo 17" 3 GB 667 MHz, Mac OS X (10.4.10)
  • 1. Re: Permissions problem with Time Machine backup
    BDAqua Level 10 Level 10 (116,475 points)

    OSX uses numbers underneath usernames to give permissions, 1st user will get 501, second one 502 & so on, so I'm thinking perhaps your other User was #5022 or #503.

     

    Can you see the drive & folders in the Finder & do a get info on them to check the rights?

  • 2. Re: Permissions problem with Time Machine backup
    zeppocat Level 1 Level 1 (0 points)

    You mean, from within Time Machine? No, it's not possible. I already tried.

  • 3. Re: Permissions problem with Time Machine backup
    BDAqua Level 10 Level 10 (116,475 points)

    In the Finder actually.

  • 4. Re: Permissions problem with Time Machine backup
    zeppocat Level 1 Level 1 (0 points)

    Yes, I can see them in the finder, and even change them, but it doesn't unlock them once I'm inside Time Machine.

  • 5. Re: Permissions problem with Time Machine backup
    BDAqua Level 10 Level 10 (116,475 points)

    Hmmm, when changing them, did you use the Apply to Enclosed items box?

     

    Not sure what TM uses or how it sees them.

     

    Might turn off TM & try Migration Assistant.

  • 6. Re: Permissions problem with Time Machine backup
    zeppocat Level 1 Level 1 (0 points)

    No, I didn't tick the box, but it seems to me that I should at least see the lock disappear from the folder itself. I'm a little afraid to make these changes because, in reading through some other threads about similar problems, I came across this:

     

    Be advised that if you're trying to use the FInder to access your TM backups, that's likely the problem. TM uses special "deny everybody everything" privileges to keep us mere mortals from changing, moving, or deleting the backups, since that can hopelessly corrupt them.

     

    I looked into using Migration Assistant, but it seems that it can only copy the entire root folder for the drive. Since most of my computer seems to be fine, I'm a bit hesitant to re-migrate my entire computer. Not to mention that I would lose all the data that I've added since the backup.

     

    But I might end up doing this if I get desperate. Make a new backup of what I have now, then migrate the backup, then restore any data acquired between the first backup and the second. Does this seem like a reasonable plan?

     

    I have also contacted Apple Support. I will let you know what they advise, but I'm not optimistic, since this all has to be done remotely. I am living in a country that has no Apple Service centers.

  • 7. Re: Permissions problem with Time Machine backup
    zeppocat Level 1 Level 1 (0 points)

    Hmm... I just tried something else. Instead of trying to modify the privileges that were there, I added myself with Read/Write privileges. This allowed me to access and restore the data.

     

    But a new problem has arisen. For an example, I restored my Address Book data from the Application Support folder. Now my Address Book application will not launch.

  • 8. Re: Permissions problem with Time Machine backup
    zeppocat Level 1 Level 1 (0 points)

    Well, I figured out how to fix the problem with the Address Book. I think I can go ahead and restore the rest of my data now. Thanks for your suggestion. Once I took it to the next logical step, it actually worked.

     

    One thing: do you happen to know where Apple stores saved Stickies data? I don't seem to be able to find my old sticky notes. Not a big deal if I lose them, but if possible I'd like to get them back.

     

    Thanks again.

  • 9. Re: Permissions problem with Time Machine backup
    steve626 Level 4 Level 4 (1,405 points)

    For Stickies, try moving this file:

     

    StickiesDatabase

     

    which is located inside your Library folder inside your home folder (user home folder).

     

    There is also a

     

    com.apple.Stickies.plist

     

    file inside the Preferences folder (which is inside your user Library folder as well) but I think you only need the first one above.

  • 10. Re: Permissions problem with Time Machine backup
    hhhrespect Level 1 Level 1 (0 points)

    This might be a bit more technical than what you're looking for but here's the deal with Time Machine backups:

     

    Aside from regular UNIX file permissions (user/group/everyone each having their own read/write/execute permissions) Mac OS X also  uses  Access Control Lists (ACLs) that allow much more granular file/folder permissions settings.

     

    Time Machine adds (prepends) the following ACL to all files:

     

    group:everyone deny add_file,delete,add_subdirectory,delete_child,writeattr,writeextattr,chown

     

    (The above ACL is folder-specific but maps to regular files like so: add_file = write, add_subdirectory = append, delete_child = <none>)

     

    This means that all files/folders inside a Time Machine backup are locked for everyone (even the root user).

     

    If you restore your files manually from a Time Machine Backup (i.e. if you do _not_ use the Migration Assistant) then all your files will keep those pesky Time Machine ACLs attached to them.

     

    It is quite easy to remove the Time Machine ACLs. You have three options:

     

    1) Swing the axe and remove  the ACLs from your files/folders entirely (nothing wrong with that but not a very cautious strategy)

    2) Remove  the first entry from the ACLs of your files/folders (more cautious but not a perfect solution)

    3) Remove specific restrictions from the ACLs of your files/folders (probably your best bet if you want to preserve non-Time Machine-imposed ACLs)

     

    For all three options you need the Terminal which you will find in /Applications/Utilities

     

    Option 1: Here's how you swing the axe:

     

    If you know you have only your personal files in a folder called "My Recovered Files" on your Desktop and you know that those files don't have/need any fancy ACLs then you can type the following into your Terminal window:

     

    chmod -R -N ~/Desktop/My\ Recovered\ Files

     

    (if you don't know the Terminal-way of specifying a file/folder simply drag and drop the file/folder you want onto the Terminal window and the Terminal will type the correct file/folder name for you)

     

    Option 2: Here's how you remove the first ACL entry

     

    Same example as above. You have a folder called "My Recovered Files" on your Desktop. But in this case you have a few files with custom ACLs that you want to preserve. Type the following into the Terminal window:

     

    chmod -R  -a# 0 ~/Desktop/My\ Recovered\ Files

     

    What makes the above solution "dangerous" is that it is not idempotent. An idempotent operation is an operation that can be applied over and over without changing the result after it has been applied once. Kind of like multiplying a number by 1. You can keep doing it but the result is always the same.

     

    Why does that matter? Well, let's say that you have a file that already had an ACL before Time Machine prepended its own ACL entry. If you run the above command twice then you will have removed both the Time Machine ACL as well as the ACL that you probably didn't want to lose.

     

    Plus the above solution is also not ideal for Time Machine files that are mixed in with other files. If any of these other (non-Time Machine) files have ACLs then the above command will remove those ACLs.

     

    Option 3: Here's how you remove specific restrictions from  an ACL

     

    Aside from being able to specify which number entry of an ACL you want to remove you can also specify the specific restrictions you want to remove. So you could do this:

     

    chmod -R -a "group:everyone deny add_file,delete,add_subdirectory,delete_child,writeattr,writeextattr,chown" ~

     

    ("~" means "my home directory", i.e. if your username is bob then "~" = "/Users/bob")

     

    The above  command is idempotent which means that you can run it over and over without ill effect. In fact, anybody can run it at any time. If there are no files/folders that have been locked by Time Machine in your home directory nothing will happen.

     

    OK. I hope this was helpful for some people. I had the same problem with Time Machine permissions yesterday so I figured that I'd share what I found out.

     

    By the way, if you want to view the UNIX permissions as well as the ACLs of a particular file/folder you can pop open the Terminal and type

     

    ls -led /path/to/file_or_folder

     

    (again, just drag and drop the file/folder you want onto the Terminal window if you don't know how to specify it the Terminal-way). If you want to learn more you can start by typing:

     

    man ls

    man chmod

     

    into the Terminal window and you'll be on your way to becoming a geek.

     

    (space bar to page forward, q to exit the man[ual] page)

  • 11. Re: Permissions problem with Time Machine backup
    Daniel Toman Level 1 Level 1 (0 points)

    This was super useful, hhhrespect. Thanks for spelling out the exact ACLs that need removing and not just the simpler nuclear option.

  • 12. Re: Permissions problem with Time Machine backup
    andrewwynn Level 1 Level 1 (55 points)

    holy save the DAY batman! it would have taken DAYS to restore my backup; i used a ditto command and copied in minutes but i couldn't modify any files even though i was the OWNER!

     

    removing the ACL looks like 'just the ticket' to expoentially increase the speed of restoration!

     

    -awr

  • 13. Re: Permissions problem with Time Machine backup
    taradee Level 1 Level 1 (0 points)

    hhhrespect - tried option 3 as I understood it, but still no access. wondering what I could have done incorrectly and if you can offer any insight. I went to terminal and added

     

    chmod -R -a "group:everyone deny add_file,delete,add_subdirectory,delete_child,writeattr,writeextattr,chown" "Users/myusername"

     

    I did not share my real username.

     

    I hit enter, watched it run, but still have locked files. Epic geek failure. Thoughts?