Skip navigation

system appropriate folders & configuration

1434 Views 15 Replies Latest reply: Nov 5, 2012 9:21 AM by Socorro-Mac RSS
1 2 Previous Next
Socorro-Mac Calculating status...
Currently Being Moderated
Oct 14, 2012 8:59 PM

In the system library I found SUDO, SAMBA, a Mobile-me account I couldn't access (I actually never had one) due to password demand.  In the Syst Lib core services I even found 2 finders (one visible the other is apparently unreachable; server scannaer, server agent, and a lot of  executable files.  In the HD library I found 2 Internet plug-ins  and a Java folder with a folder link to Home and one called shared bundle full of links and again another libraries folder (?? ) and JavaVM - I find it all strange; not to say that in my HD I have a suspicious folder called "lost+found, a usr (invisible) with X11 and another bin, full of executables and a tmp folder full od .DM executables and other folders with bizarre names.

I'm lost. And to up it all, I have sometimes my configuration changed. Every time I try to upload from the apple in the bar, I get the same removable Flashback-update, that I never succeed in installing.

How can I get to know the appropriate system folders & the system configuration of a Leopard 5.8 Buil9831a?

 

iMac, Mac OS X (10.5.8)
  • MadMacs0 Level 4 Level 4 (3,320 points)
    Currently Being Moderated
    Oct 14, 2012 10:55 PM (in response to Socorro-Mac)

    Socorro-Mac wrote:

     

     

    In the system library I found SUDO, SAMBA, a Mobile-me account I couldn't access (I actually never had one) due to password demand.  In the Syst Lib core services I even found 2 finders (one visible the other is apparently unreachable; server scannaer, server agent, and a lot of  executable files.  In the HD library I found 2 Internet plug-ins  and a Java folder with a folder link to Home and one called shared bundle full of links and again another libraries folder (?? ) and JavaVM - I find it all strange; not to say that in my HD I have a suspicious folder called "lost+found, a usr (invisible) with X11 and another bin, full of executables and a tmp folder full od .DM executables and other folders with bizarre names.

    Nothing you have listed sounds unusual to me. Without knowing the exact path to some of what you have listed, I can't really confirm that I have the same files, but I can confirm two Finder files (one an application), ServerScanner and several executables in Core Services (are you sure it's server agent and not SecurityAgent?). Everything about /Library/Java/ is correct. lost+found, urs and X11 are correct as well as the tmp folder.

    I'm lost. And to up it all, I have sometimes my configuration changed. Every time I try to upload from the apple in the bar, I get the same removable Flashback-update, that I never succeed in installing.

    upload from the apple in the bar? Do you mean Software Update? And is it the Flashback Removal Security Update described at http://support.apple.com/kb/DL1534? What error do you get when you try to install it? Note that it only tells you if it needed to remove Flashback malware, otherwise it just disables your Java plugin and deletes itself, leaving nothing behind. Try starting up in "Safe Mode" (shift key down) and run Software Update. If that doesn't work, download the update from the link I gave you and see if it will install that way.

    How can I get to know the appropriate system folders & the system configuration of a Leopard 5.8 Buil9831a?

     

    That's a very tall order. I suspect you are talking about tens of thousands of files. You could install a clean copy on an external hard drive and compare it against what you have, but based on what you have found so far it doesn't seem to be worth the effort.

     

    All that being said, you are running an almost obsolete system. It's still technically supported by Apple, but they haven't updated the OS since Aug 2009 and the last real Security and Java Updates were in June 2011. You need to be running at least OS X 10.6.8 to have sufficient protection against currently circulating malware.

  • MadMacs0 Level 4 Level 4 (3,320 points)
    Currently Being Moderated
    Oct 15, 2012 10:15 AM (in response to Socorro-Mac)

    Socorro-Mac wrote:

     

    I keep getting similar msgs:

     

     

     

    The Installer could not create the folder “/private/tmp/FlashbackRemovalUpdate.pkg.226EnwOHo”.

    That's a pretty sure sign that your permissions are incorrect, at least for /private/tmp/.

     

    If you haven't run Disk Utility to repair permissions recently, you need to do that. If that fails, then you will have to replace OS X (hopefully with at least Snow Leopard).

  • MadMacs0 Level 4 Level 4 (3,320 points)
    Currently Being Moderated
    Oct 15, 2012 10:25 PM (in response to Socorro-Mac)

    Socorro-Mac wrote:

     

    I DID; in July, and it also fixed the HD. You helped me at that time too.

    Yes, I remembered helping, but the details are only now coming back to me.

  • MadMacs0 Level 4 Level 4 (3,320 points)
    Currently Being Moderated
    Oct 15, 2012 10:57 PM (in response to Socorro-Mac)

    Socorro-Mac wrote:

     

    Hi Mac Macs!

     

    I've just finished trying to fix the permissions and got a long log file, among it, I got:

     

     

    2012-10-15 21:41:42 -0300: Permissions differ on "private/tmp", should be drwxrwxrwt , they are drwxr-xr-x .

    That should take care of your Software Update problem. I suspect several of the other ones will help you out, as well. Others should be ignored and Apple has provided a list of many of them at Mac OS X: Disk Utility's Repair Disk Permissions messages that you can safely ignore.

     

    The only other thing that could be a problem are the one's that mention ACL's.

    2012-10-15 21:41:42 -0300: ACL found but not expected on "private/var/root/Library/Preferences".

    2012-10-15 21:41:42 -0300: ACL found but not expected on "private/var/root/Library".

    2012-10-15 21:41:43 -0300: ACL found but not expected on "private/var/root".

    2012-10-15 21:41:45 -0300: ACL found but not expected on "System/Library/CoreServices/Finder.app/Contents/Resources/CannedSearches/All Documents.cannedSearch/Resources/Documents.icns".

    2012-10-15 21:41:45 -0300: ACL found but not expected on "System/Library/CoreServices/Finder.app/Contents/Resources/CannedSearches/All Documents.cannedSearch/Resources/English.lproj/InfoPlist.strings".

    2012-10-15 21:41:45 -0300: ACL found but not expected on "System/Library/CoreServices/Finder.app/Contents/Resources/CannedSearches/All Documents.cannedSearch/Resources/English.lproj".

    2012-10-15 21:41:45 -0300: ACL found but not expected on "System/Library/CoreServices/Finder.app/Contents/Resources/CannedSearches/All Documents.cannedSearch/search.savedSearch".

    2012-10-15 21:41:46 -0300: ACL found but not expected on "Users/Shared".

    2012-10-15 21:43:47 -0300: ACL found but not expected on "System/Library/CoreServices/Finder.app/Contents/Resources/CannedSearches/All Documents.cannedSearch/Resources/Info.plist".

    2012-10-15 21:43:47 -0300: ACL found but not expected on "System/Library/CoreServices/Finder.app/Contents/Resources/CannedSearches/All Documents.cannedSearch/Resources/version.plist".

    2012-10-15 21:43:47 -0300: ACL found but not expected on "System/Library/CoreServices/Finder.app/Contents/Resources/CannedSearches/All Documents.cannedSearch/Resources".

    2012-10-15 21:43:47 -0300: ACL found but not expected on "System/Library/CoreServices/Finder.app/Contents/Resources/CannedSearches/All Documents.cannedSearch".

    There's a note at the bottom of the reference above. These are files who's permissions have been augmented in some manner. It's normally done by doing a "Get Info..." on a file, then clicking the lock at the bottom of the "Sharing & Permissions:" section, entering admin password, then changing permissions or clicking the "+" to add a user or group. It's not unusual to find these in a user folder, but two of these are system areas:

    • private/var/root
    • System/Library/CoreServices/Finder.app/Contents/Resources/CannedSearches/All Documents.cannedSearch
    • Users/Shared

     

    First I would do a get info on each of these to see what has been changed. If you are sure there is something wrong with an entry you can unlock it, highlight the bad entry and click the "-" to remove it. If there this is a directory (folder) then also click on the gear symbol and choose "Apply to enclosed items" then approve the "are you sure" dialog.

  • MadMacs0 Level 4 Level 4 (3,320 points)
    Currently Being Moderated
    Oct 24, 2012 1:36 PM (in response to Socorro-Mac)

    Socorro-Mac wrote:

     

    I'd like to know what/who is "Wheel" ?

    wheel is the Group equivalent of root and normally root is the only memeber of that group. When OS X first came out I used to add myself to the wheel group for convenience in poking around various directories, but that was probably as bad an idea as is running all the time, in that you can do lots of damage to your system if you don't know exactly what you are doing. Now adding anybody to wheel has been made much more difficult.

    But why then, there's another one called System plus the Administrators.

    System is an owner, not a group and is actually just used to denote root. Administrators is a group to which all users who have been granted admin privileges belongs. So all files are "owned" by somebody and have their own set of permissions for that file, then there is normally a group involved with a separate set of permissions and finally there is "everybody" which represents any user or group that is not directly associated with that file that is granted the third set of permissions. Permissions being primarily some combination of Execute, Write and/or Read or none of those.  Normally wheel is used for files owned by system/root and admin is used for files owned by one of the admin users. The former should not normally be used or modified by and admin.

    by the way,  just to protect me and my docs more, I have disabled administration rights for my account - the one I use. And have created one with administrator rights.

    Excellent idea. I wish Apple would follow that model as default, especially with new Mac users.

  • MadMacs0 Level 4 Level 4 (3,320 points)
    Currently Being Moderated
    Oct 28, 2012 9:46 PM (in response to Socorro-Mac)

    Socorro-Mac wrote:

     

    I'm trying to understand the HD folders, so I can give them the right permissions or even get rid of some.

    Hmmm. Dangerous territory. Disk Utilities "Repair Disk Permissions" does some of it's best work re-setting System permissions, to include the Unix sub-system. Beyond that I have only changed a hand-full that make it easier to view a few key files.

    In much concerned with the 'Private' folder > where there's: "etc; tftboot; tmp; var" folders. In the last one  ('var') I found another folder called "folders" with 3 very strange 2 digits folders:"9i"; "p8", "zz" within which there are strange folders. " zz " is the most bizarre one with 8 folders called zzzivhrRNAmviuee++++++ with a combination of letters, numbers and more ++++

    "folder" is where the majority of the "temp" files end up. Each user and the system has a sub-folder here. There's probably only one where you can see all the contents and that's yours.

    There's another "cups" folder with a protected folder called certs ? 4 executable files one being cupsd.

    "cups" is the guts of the printing system.  I have several, but assume you are talking about the one in /private/var/run/? Mine has a total of seven executables, three put there by Sophos.

    2) Besides wheel, there's "daemon" -  why does it have writing permissions? Who/what is it?

    A group with an ID of 1 used only by root.

    3) What's an " _xgridagent " ?    "_amavisd " ? ; 

    _gridagent is a user with an ID of 86. _amavisd is a user with an ID of 83. I'm sure you can find out what they are used for with Google.

    4) in the  private > most of the folders have "write permission to everybody"? why toeverybody?

    Only "tmp" on mine:

    drwxr-xr-x+ 98 root  wheel  3332 Oct 12 18:21 etc

    drwxr-xr-x   2 root  wheel    68 Apr  6  2011 tftpboot

    drwxrwxrwt  24 root  wheel   816 Oct 28 21:20 tmp

    drwxr-xr-x  28 root  wheel   952 Apr  6  2011 var

  • Neville Hillyer Level 4 Level 4 (1,845 points)
    Currently Being Moderated
    Oct 29, 2012 2:36 AM (in response to Socorro-Mac)

    Socorro-Mac wrote:


    I restored again. Then I erased lots of things suspicious and Apps. But the finder stopped working. I had then to restore it again.  Now I want a solution for keeps.

     

    All of you troubles look self-inflicted. In future please never remove anything you don't fully understand.

     

    I advise backing up the whole disk to an external disk with Carbon Copy Cloner - use default settings.

     

    Erase your internal disk and do a clean OS install followed by Software Update until it finds no more updates.

     

    If you do a restore from earlier backups you can expect your problems to return - please don't do this. Only manually copy your data (no system files) from the Carbon Copy Cloner backup once you have a fully working OS.

1 2 Previous Next

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.