1 2 3 Previous Next 31 Replies Latest reply: Jul 1, 2012 7:35 PM by Riccardo Di Roberto Go to original post
  • 15. Re: Permissions not being reset in LION
    BillyRayValentine Level 1 Level 1 (0 points)

    Hi Király,

     

    The new folder will let me move it to the Root of the Macintosh HD... But once there to place it in another folder or move it around requires Authentication.  This is not an expected outcome.

  • 16. Re: Permissions not being reset in LION
    BillyRayValentine Level 1 Level 1 (0 points)

    Hi Király,

     

    A New folder from the desktop will allow me to freely move it to my USER folder... and move it within the my USER folder with complete freedom.

     

    But once it leaves the USER folder moving it around the rest of the HD requires Authentication.

     

    (Also, I want to note that I tried working with my mail application earlier, and because of the permissions not working correctly, MAIL is not allowing me to save any changed preferences -- because of the lack of authorization.)

  • 17. Re: Permissions not being reset in LION
    Alberto Ravasio Level 4 Level 4 (3,175 points)

    BillyRayValentine wrote:

     

    But once it leaves the USER folder moving it around the rest of the HD requires Authentication.

     

    That is what expected.

     

    The root folder (Macintosh HD) has (r)ead (w)rite e(x)ecute permission for root user and

    (r)ead e(x)ecute permission for the group weel and others.

    If you, as a user, want to write something into the root directory, you must authenticate.

     

    Let's make an example with folder ABC you create on your desktop.

    Now you move folder ABC into Macintosh HD.

    The Finder asks you to authenticate because of what I explained earlier.

    The folder ABC is now in Macintosh HD with the following permission rwxr-xr-x, owner your user, group staff.

    You can copy, create, delete whatever you want inside ABC without authenticate.

    Let's say you want to move folder ABC back to your desktop or wherever you want. Even though the folder is yours, and you have full privilegies, you must authenticate once more, because that folder resides inside the root folder that has root user as owner, whose ABC depends on.

  • 18. Re: Permissions not being reset in LION
    Király Level 6 Level 6 (9,475 points)

    As Alberto says, this has changed in Lion and is now normal. Nothing to worry about. The top level of the hard drive is not a place to store data anyway, so there is no need to move files there. Use your home folder, or put files in /Users/Shared if you wish to give other users access to them.

  • 19. Re: Permissions not being reset in LION
    BillyRayValentine Level 1 Level 1 (0 points)

    Hi Alberto, I understand your answer , thank you ...  however, as the the administrator and sole user of this computer, I had full access to Every folder on the Macintosh HD.... I could move, trash, etc. without the need to Authenticate.  Then spontaneously last week I no longer had this unrestricted access.

     

    I have always had access to these kind of expected results for the last 10 years... it seems my Administrator account is being treated as a guest account / or regular user account.

  • 20. Re: Permissions not being reset in LION
    BillyRayValentine Level 1 Level 1 (0 points)

    Hi Király,  are you telling me that this is a New change for 10.7.3 ?

     

    This was not happening in 10.7.2 ... it does not seem logical that this would change for a super user or admin user.

  • 21. Re: Permissions not being reset in LION
    jsd2 Level 5 Level 5 (6,200 points)

    The new user account works fine.... However, the admin account (my original account does not).

     

    Although it is now "normal" in Lion for access outside the home folder to be restricted, you should still have free access within the home folder, and  it sounds like you are having permission issues within the home folder of one user account but not a different user. The Terminal output you posted did not rule out the presence of ACLs on the user-created items there,  and specifically, an "everyone deny delete" ACL could cause the behavior you are observing.

     

    Despite its name the “Reset Home Directory Permissions and ACLs” tool will not remove ACLs from user-created items within the home folder - it corrects the ownership of everything in the home folder, but only corrects the ACLs on the home folder itself and on the main subfolders such as Documents, Desktop, etc. 

     

    I would try a slight modification of the diagnostic Terminal command you ran earlier from the affected account, this time looking for ACLs and flags on the user-created  files and folders that were listed before. Again, this will not change anything. Post back the response:

     

    ls -leO@ ~

     

    If such an ACL is indeed the problem, you could then remove all the ACLs by running  this command:

    chmod -RN ~

    followed by re-running the “Reset Home Directory Permissions and ACLs” tool to put back those ACLs on the main folders that actually belong there.

     

    But first just post back the response you get from

    ls -leO@ ~

  • 22. Re: Permissions not being reset in LION
    Király Level 6 Level 6 (9,475 points)

    You are mistaken about an admin user ever having full and unrestricted access to every folder on the Macintosh HD, with the ability to move, trash, anything without the need to authenticate. Only the root user could ever do that.

     

    Normal (non-admin) users only had write access to their own home folders, and to the /Users/Shared folder. Doing anything else required admin authentication.

     

    Up until Lion, admin users had access to more of the system without the need to authenticate, such as to / (the top level), and /Library. But the /System folder was always off limits even to them, and required authentication (i.o.w. escalation to root privileges) to modify.

     

    In Lion, Apple has locked down even more of the system from users in the admin group. /Library and / now require authentication to modify, similar to how it is for non-admin users.

     

    Why Apple made this change is anyone's guess. But it is true that many users have been ignoring Apple's security configuration guidelines and running all the time as admin users, which you seem to have been doing, and which is a security risk. Apple says to log in to admin accounts only for tasks that cannot be done while logged in to a non-admin account (there are hardly any), and to do all other tasks in a non-admin account. Apple even goes so far as to say to never browse the web or check email while logged in to a non-admin account.

     

    My guess is that Apple has accepted that people are doing it anyway, and as such, they may as well lock down everything to increase the security of people who are running their Macs less securely than they should.

     

    What files are you moving around outside of your home folder that is causing this to become an issue?

  • 23. Re: Permissions not being reset in LION
    BillyRayValentine Level 1 Level 1 (0 points)

    I respectfully disagree with you, Király.

     

    I have always been able to have my own folders in the root of the Macintosh HD... I have always been able to freely move files and folders from the Macintosh HD to the Desktop and anywhere I wish.  It is not logical for Apple to have changed this.   Even Apple support has escalated this to software engineering status because they have stated it is a 'very rare occurance'.

  • 24. Re: Permissions not being reset in LION
    jsd2 Level 5 Level 5 (6,200 points)

    If you download this Apple document:

    http://developer.apple.com/library/mac/releasenotes/MacOSX/WhatsNewInOSX/WhatsNe wInOSX.pdf

     

    You will find these changes for Lion on page 18:

    ------------------------------------------------

    Folder Permissions and Ownership

     

    A number of folders in the System and Local file system domains now have different ownership and permissions.

    Specifically:

     

    Many folders in the System domain that were previously owned by the admin group are now owned by the wheel group.

     

    Permissions for the root directory (/) are now mode 755 (writable only by root) instead of mode 775 (writable by the admin group).

     

    Permissions for /Applications/Utilities are now mode 755 (writable only by root) instead of mode 775 (writable by the admin group).

    .

    .

    --------------------------------------------------

     

    Within your home folder, you should still be able to move, rename, and delete things freely.

  • 25. Re: Permissions not being reset in LION
    Király Level 6 Level 6 (9,475 points)

    All you need to do is stop using the top level of the hard drive for file storage. This has never been a good place for file storage. The top level is a System area; user data should not go there. Keep it inside your home folder and/or inside the /Users/Shared folder if you need to. That's what the Shared folder and your home folder are for, to stash your files.

  • 26. Re: Permissions not being reset in LION
    BillyRayValentine Level 1 Level 1 (0 points)

    Unfortunately, this is not an acceptable solution to me... you are suggesting that I change my workflow, by adding extra steps. My work flow has been unchanged for over 15 years, and a permissions issue changes this spontaneously.

     

    I would like thank you for you diligence in trying to solve this problem.

  • 27. Re: Permissions not being reset in LION
    Király Level 6 Level 6 (9,475 points)

    If you wish to stay with Lion there is no other solution. Sorry.

  • 28. Re: Permissions not being reset in LION
    BillyRayValentine Level 1 Level 1 (0 points)

    I understand what you are saying... But I have been using Lion with my work flow and it was fine... 10.7.0 / 10.7.1 / 10.7.2 all worked in the manner I expected.   Did this permissions issue just change with 10.7.3 ?   Somehow that seems illogical. 

  • 29. Re: Permissions not being reset in LION
    BillyRayValentine Level 1 Level 1 (0 points)

    Hi jsd2;

     

    The response back was:

     

     

    drwx------+   3 trade  staff  -        102 Feb 27 10:33 Applications

    0: group:everyone deny delete

    drwx------+  61 trade  staff  -       2074 May  6 11:42 Desktop

    0: group:everyone deny delete

    drwx------@ 145 trade  staff  -       4930 Apr 20 13:06 Documents

              com.apple.FinderInfo             32

    0: group:everyone deny delete

    drwx------+ 441 trade  staff  -      14994 May  4 08:37 Downloads

    0: group:everyone deny delete

    drwxrwxrwx@   5 trade  staff  -        170 Jul  7  2011 Dropbox

              com.apple.FinderInfo             32

    0: group:everyone deny delete

    drwxrwxrwx+  29 trade  staff  -        986 Jan 25 15:23 off docs

    0: group:everyone deny delete

    -rw-rw-rw-@   1 trade  staff  hidden     0 Nov 29  2005 IDE

              com.apple.FinderInfo             32

              com.apple.ResourceFork            560

    0: group:everyone deny delete

    -rw-rw-rw-@   1 trade  staff  hidden     0 Apr 25  2008 Icon?

              com.apple.FinderInfo             32

              com.apple.ResourceFork          136436

              com.apple.TextEncoding             11

    0: group:everyone deny delete

    -rw-rw-rw-@   1 trade  staff  hidden     0 Nov 28  2005 LXE

              com.apple.FinderInfo             32

              com.apple.ResourceFork            560

    0: group:everyone deny delete

    drwx------@  66 trade  staff  hidden  2244 Oct 14  2011 Library

              com.apple.FinderInfo             32

    0: group:everyone deny delete

    -rw-rw-rw-@   1 trade  staff  hidden     0 Oct  2  2006 MME

              com.apple.FinderInfo             32

              com.apple.ResourceFork            560

    0: group:everyone deny delete

    drwx------+  19 trade  staff  -        646 Aug 25  2011 Movies

    0: group:everyone deny delete

    drwx------+   8 trade  staff  -        272 Sep 26  2010 Music

    0: group:everyone deny delete

    drwxrwxrwx+  63 trade  staff  -       2142 May  4 07:33 family docs

    0: group:everyone deny delete

    drwx------@  16 trade  staff  -        544 May  4 08:42 Pictures

              com.apple.FinderInfo             32

              X7JXJVPw_jcFy1JVweA=LGM3QPQ6DCK82            239

    0: group:everyone deny delete

    drwxr-xr-x+   5 trade  staff  -        170 Nov  1  2005 Public

    0: group:everyone deny delete

    drwxrwxrwx@   6 trade  staff  -        204 May  6 21:51 Sites

              RMRIL0V++b6q6mzVlZA=0PJQIRV7MjE=            248

    0: group:everyone deny delete

    drwxrwxrwx@ 261 trade  staff  -       8874 May  6 21:54 Uniso

              com.apple.FinderInfo             32

    0: group:everyone deny delete

    -rw-rw-rw-@   1 trade  staff  -      25278 Apr 26 13:41 style.css

              com.apple.metadata:kMDItemWhereFroms             92

    0: group:everyone deny delete