This discussion is locked
Close
Q: Sharing & Permissions: who is "(unknown)" ???
Page
1
Next
-
Apr 7, 2008 8:56 AMby V.K.,this usually happens when a file was created by a user not currently present on your computer. Maybe you deleted a user or the file was created on another computer.
when this happens the permissions to the "unknown" user usually become ACLs which are sometimes tricky to remove from the "get info" panel.
they can be summarily removed by a terminal command but first i want to make sure it's safe to do so.
How are the drives in question mounted? Is any of them a bootable drive? a network share? -
Apr 8, 2008 2:57 PMby Peter Wadsack,You seem to be headed where I thought the problem might lie.
This MacPro has 2 physical hard drives, one of which was moved from a PowerMac. However, the drives were both wiped clean. The drives are partitioned into 3 and 5 partitions, resp. The contents were restored from a NAS, containing the relevant dmgs. The boot partitions are ok. One partition on the smaller drive, and 3 on the larger, show "(unknown)". And yes, in this moving process a user was deleted.
So how come DiskUtility didn't clean up the ACLs? -
Apr 8, 2008 3:06 PMby V.K.,disk utility only takes care of permissions on systems files and applications which are in its receipts database. It doesn't touch user files (it wouldn't know what to do with them).
Since none of the partitions involved are bootable it's safe to kill all ACLs on them.
to do that run the following command in terminal for each affected partition:
*sudo chmod -R -N /Volumes/"partitionname"*
substitute the name of the partition in question for "partitionname" in the above (keep the quotation marks).
Once you enter the command, you'll be asked for your admin password which you won't see. That's normal. -
Apr 8, 2008 3:29 PMby V.K.,you can use "apply to enclosed items" option in the get info window but be very careful with it. It propagates permissions and ownership settings but also ACLs which might not be visible in the "get info" window. This is a major oversight in my opinion and a lot of people unknowingly get caught by using that button on system folders. In particular, never use it on system created folders in your home directory such as the home directory itself or the Documents folder. By doing so you'll propagate the "deny delete" ACE on that folder to everything inside which means you'll have to authenticate every time you want to move or delete something.
To see if a partition has any ACLs or other hidden things like sticky bits or extended attributes run this in terminal
*ls -aldeO@ /Volumes/"partitionname"*
post the results.
Message was edited by: V.K. -
Apr 9, 2008 1:39 PMby Peter Wadsack,Well, I went ahead and tried it on one of the "partition"s:
-1-
computer:~ user$ ls -aldeO@ /Volumes/"partition"
drwxrwxr-x 34 user user - 1224 Apr 2 16:16 /Volumes/"partition"
-2-
computer:~ user$ sudo chmod -R -N /Volumes/"partition"
-3-
computer:~ user$ ls -aldeO@R /Volumes/"partition"
drwxrwxr-x 34 user user - 1224 Apr 2 16:16 /Volumes/"partition"
and Command-I still shows that for this "partition" there is an (unknown) user with Read & Write. -
Apr 9, 2008 5:36 PMby V.K.,this is very strange. In fact your first command shows that there were no ACLs on the drive itself to begin with. and yet you say it still shows unknown in the "get info" panel. Apart from something silly like restarting Finder, i can only think of trying to change the ownership of everything on the drive.
Run
sudo chown -R `id -un`:`id -gn` /Volumes/"partitionname"
and see if this makes any difference.
BTw, the partitions we are doing it on are formatted Mac OS extended journaled, right? None of this would have any effect on FAT32 formatted drives. -
Apr 10, 2008 9:50 AMby Peter Wadsack,Very strange, indeed, V.K.
computer:~ user$ sudo chown -R `id -un`:`id -gn` /Volumes/"partition"
Password:
computer:~ user$ ls -aldeO@R /Volumes/"partition"
drwxrwx--- 34 user user - 1224 Apr 2 16:16 /Volumes/"partition"
that cleared the last three, but to no avail, in that Command-I on "partition" still shows (unknown) user with Read & Write.
And yes, all the disks are GUID partitioned, and all the partitions are Mac OS Extended (Journaled). -
Apr 10, 2008 10:02 AMby V.K.,Peter Wadsack wrote:
Very strange, indeed, V.K.
computer:~ user$ sudo chown -R `id -un`:`id -gn` /Volumes/"partition"
Password:
computer:~ user$ ls -aldeO@R /Volumes/"partition"
you don't need R in this command. simply *ls -aldeO@ /Volumes/"partition"* will do. However, it doesn't affect anything.drwxrwx--- 34 user user - 1224 Apr 2 16:16 /Volumes/"partition"
that cleared the last three, but to no avail, in that Command-I on "partition" still shows (unknown) user with Read & Write.
hmm, i don't know what's going on here. The only thing i see is that your gid is the same as your username. This is some remnant of Tiger to leopard upgrade.
(in leopard your group should be "staff") but it shouldn't affect things. Just in case, run
id
in terminal and post the results. -
Apr 10, 2008 10:28 AMby Francine Schwieder,computer:~ user$ ls -aldeO@R /Volumes/"partition"
drwxrwx--- 34 user user - 1224 Apr 2 16:16 /Volumes/"partition"
That second entry (in bold and underlined above), is not a user, it is a group. As V.K. mentioned, in Tiger every user was a member of the private group, with the same name as the user. In Leopard Apple went back to the UNIX standard of users being members of the staff group. If you did an upgrade install however you are still a member of the old private group, and the Finder doesn't understand that any more and so displays the private group as unknown.
The only odd thing, in terms of permissions on the partition, is that the private group has write permissions. Generally I think it should have only read permissions.
If everything is working to your satisfaction don't worry about it.
Francine
Francine
Schwieder -
Apr 10, 2008 11:19 AMby V.K.,the proposed solution looks kind of strange to me. Also, I don't think it's needed here because the OP is not seeing the Finder crashes and "_unknown" group in his case. At least the underscore was never mentioned in his posts.
The proper way to fix this would be to add the user to the staff group, change his gid to 20 and rerun the command changing the group ownership on everything. However, I agree with Francine, if everything is working, there is no reason to mess with it. -
Apr 10, 2008 2:03 PMby Peter Wadsack,V.K. wrote:
the OP is not seeing the Finder crashes and "_unknown" group in his case.
correct. the info window on the partitions shows the user "(unknown)".
as to the id suggestion:
+computer:~ user$ id+
+uid=501(user) gid=501(user) groups=501(user),98(_lpadmin),80(admin)+
which apparently is the result of the move from Tiger.
As to the suggestion of leaving things as they are, if there are no problems ...
I find it very disconcerting to have this mysterious "(unknown)" user on my system, with full Read & Write privileges, and with no ability on my part to change those privileges, nor to remove the user. If one were attacking a system, having such a user seems to me to be a big foot through the door!
As to problems, this all started when I was trying to determine [and so far, I have not] why Spotlight is not indexing some of the partitions or certain folders on another. Running +sudo mdutil -as+ shows indexing enabled where it isn't happening. But that's off topic.
I just looked at the info windows for all 8 partitions. *_1 is on drive 1, *_2 on drive 2. The three on drive 1 are ultimately going to be cloned to drive 2. This is just the Sharing & Permissions.
boot_1:
You can only read _+*What? I'm the admin user!!*+_
system R&W
admin RO
everyone RO
second_1
You can read and write
system R&W
admin R&W
everyone RO
third_1
You can read and write
admin R&W
user (Me) R&W
(unknown) R&W
everyone WO
boot_2
you have custom access
system R&W
admin RO
everyone RO
second_2
You can read and write
user (Me) R&W
(unknown) R&W
everyone RO
third_2
You can read and write
user (Me) R&W
(unknown) R&W
everyone RO
fourth_2
You can read and write
user (Me) R&W
(unknown) R&W
everyone no access
fifth_2
You can read and write
user (Me) R&W
(unknown) R&W
everyone RO
Looks like a mess to me. Thanks for looking at this!
