Skip navigation

Permissions problem with Time Machine backup

13090 Views 13 Replies Latest reply: Sep 13, 2013 4:26 AM by taradee RSS
zeppocat Level 1 Level 1 (0 points)
Currently Being Moderated
Aug 30, 2011 2:38 PM

I recently had to have my hard drive replaced because the old one was failing. It was failing so badly, much of my data was not restorable from it. I thought it was fortunate that I had just recently backed everything up via Time Machine. But when I went to restore the files, I discovered that most of the folders inside my User folder were locked. My username appears to be the same as the old one, but when I try to go into those folders to find the items I want to restore, I get a message saying that I do not have privileges. My account is an Administrator account, and the pre-replacement account was also.

 

How can I get back my user privileges on my Time Machine folders? Does anyone have any ideas on this?

 

Thanks in advance.

 iMac 2.33GHz Intel Core 2 Duo 17" 3 GB 667 MHz, Mac OS X (10.4.10)
  • BDAqua Level 10 Level 10 (114,825 points)
    Currently Being Moderated
    Aug 30, 2011 3:02 PM (in response to zeppocat)

    OSX uses numbers underneath usernames to give permissions, 1st user will get 501, second one 502 & so on, so I'm thinking perhaps your other User was #5022 or #503.

     

    Can you see the drive & folders in the Finder & do a get info on them to check the rights?

  • BDAqua Level 10 Level 10 (114,825 points)
    Currently Being Moderated
    Aug 30, 2011 7:07 PM (in response to zeppocat)

    In the Finder actually.

  • BDAqua Level 10 Level 10 (114,825 points)
    Currently Being Moderated
    Aug 31, 2011 2:45 AM (in response to zeppocat)

    Hmmm, when changing them, did you use the Apply to Enclosed items box?

     

    Not sure what TM uses or how it sees them.

     

    Might turn off TM & try Migration Assistant.

  • steve626 Level 4 Level 4 (1,395 points)
    Currently Being Moderated
    Aug 31, 2011 9:05 AM (in response to zeppocat)

    For Stickies, try moving this file:

     

    StickiesDatabase

     

    which is located inside your Library folder inside your home folder (user home folder).

     

    There is also a

     

    com.apple.Stickies.plist

     

    file inside the Preferences folder (which is inside your user Library folder as well) but I think you only need the first one above.

  • hhhrespect Level 1 Level 1 (0 points)
    Currently Being Moderated
    Jan 16, 2012 2:24 AM (in response to zeppocat)

    This might be a bit more technical than what you're looking for but here's the deal with Time Machine backups:

     

    Aside from regular UNIX file permissions (user/group/everyone each having their own read/write/execute permissions) Mac OS X also  uses  Access Control Lists (ACLs) that allow much more granular file/folder permissions settings.

     

    Time Machine adds (prepends) the following ACL to all files:

     

    group:everyone deny add_file,delete,add_subdirectory,delete_child,writeattr,writeextattr,chown

     

    (The above ACL is folder-specific but maps to regular files like so: add_file = write, add_subdirectory = append, delete_child = <none>)

     

    This means that all files/folders inside a Time Machine backup are locked for everyone (even the root user).

     

    If you restore your files manually from a Time Machine Backup (i.e. if you do _not_ use the Migration Assistant) then all your files will keep those pesky Time Machine ACLs attached to them.

     

    It is quite easy to remove the Time Machine ACLs. You have three options:

     

    1) Swing the axe and remove  the ACLs from your files/folders entirely (nothing wrong with that but not a very cautious strategy)

    2) Remove  the first entry from the ACLs of your files/folders (more cautious but not a perfect solution)

    3) Remove specific restrictions from the ACLs of your files/folders (probably your best bet if you want to preserve non-Time Machine-imposed ACLs)

     

    For all three options you need the Terminal which you will find in /Applications/Utilities

     

    Option 1: Here's how you swing the axe:

     

    If you know you have only your personal files in a folder called "My Recovered Files" on your Desktop and you know that those files don't have/need any fancy ACLs then you can type the following into your Terminal window:

     

    chmod -R -N ~/Desktop/My\ Recovered\ Files

     

    (if you don't know the Terminal-way of specifying a file/folder simply drag and drop the file/folder you want onto the Terminal window and the Terminal will type the correct file/folder name for you)

     

    Option 2: Here's how you remove the first ACL entry

     

    Same example as above. You have a folder called "My Recovered Files" on your Desktop. But in this case you have a few files with custom ACLs that you want to preserve. Type the following into the Terminal window:

     

    chmod -R  -a# 0 ~/Desktop/My\ Recovered\ Files

     

    What makes the above solution "dangerous" is that it is not idempotent. An idempotent operation is an operation that can be applied over and over without changing the result after it has been applied once. Kind of like multiplying a number by 1. You can keep doing it but the result is always the same.

     

    Why does that matter? Well, let's say that you have a file that already had an ACL before Time Machine prepended its own ACL entry. If you run the above command twice then you will have removed both the Time Machine ACL as well as the ACL that you probably didn't want to lose.

     

    Plus the above solution is also not ideal for Time Machine files that are mixed in with other files. If any of these other (non-Time Machine) files have ACLs then the above command will remove those ACLs.

     

    Option 3: Here's how you remove specific restrictions from  an ACL

     

    Aside from being able to specify which number entry of an ACL you want to remove you can also specify the specific restrictions you want to remove. So you could do this:

     

    chmod -R -a "group:everyone deny add_file,delete,add_subdirectory,delete_child,writeattr,writeextattr,chown" ~

     

    ("~" means "my home directory", i.e. if your username is bob then "~" = "/Users/bob")

     

    The above  command is idempotent which means that you can run it over and over without ill effect. In fact, anybody can run it at any time. If there are no files/folders that have been locked by Time Machine in your home directory nothing will happen.

     

    OK. I hope this was helpful for some people. I had the same problem with Time Machine permissions yesterday so I figured that I'd share what I found out.

     

    By the way, if you want to view the UNIX permissions as well as the ACLs of a particular file/folder you can pop open the Terminal and type

     

    ls -led /path/to/file_or_folder

     

    (again, just drag and drop the file/folder you want onto the Terminal window if you don't know how to specify it the Terminal-way). If you want to learn more you can start by typing:

     

    man ls

    man chmod

     

    into the Terminal window and you'll be on your way to becoming a geek.

     

    (space bar to page forward, q to exit the man[ual] page)

  • Daniel Toman Level 1 Level 1 (0 points)
    Currently Being Moderated
    Feb 22, 2012 10:35 AM (in response to hhhrespect)

    This was super useful, hhhrespect. Thanks for spelling out the exact ACLs that need removing and not just the simpler nuclear option.

  • andrewwynn Level 1 Level 1 (55 points)
    Currently Being Moderated
    Aug 3, 2012 9:00 PM (in response to hhhrespect)

    holy save the DAY batman! it would have taken DAYS to restore my backup; i used a ditto command and copied in minutes but i couldn't modify any files even though i was the OWNER!

     

    removing the ACL looks like 'just the ticket' to expoentially increase the speed of restoration!

     

    -awr

  • taradee Level 1 Level 1 (0 points)
    Currently Being Moderated
    Sep 13, 2013 4:26 AM (in response to hhhrespect)

    hhhrespect - tried option 3 as I understood it, but still no access. wondering what I could have done incorrectly and if you can offer any insight. I went to terminal and added

     

    chmod -R -a "group:everyone deny add_file,delete,add_subdirectory,delete_child,writeattr,writeextattr,chown" "Users/myusername"

     

    I did not share my real username.

     

    I hit enter, watched it run, but still have locked files. Epic geek failure. Thoughts?

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.