Admin permissions, custom access, irregular Everyone account

Question

Level 1

15 points

Admin permissions, custom access, irregular Everyone account

I updated from Tiger.
I did repair permissions from disk utility because of another problem (activity monitor crashes, repairing permissions took ages, but to no avail).

Problem:
I cannot delete any file anymore without entering my admin password.

I'm logged in as admin.
The folders have usual privileges, but the files inside all folders have corrupted privileges.

Get info is telling me (as admin) that I would have custom access.

Sharing & Permissions
You have custom access
Name: Privilege
everyone: custom
myadminname (Me): read & write
everyone: read only

You can see two everyone accounts, the first one having custom privileges.

What I've tried
Reboot
unplugging all cables
reboot
Tried repair permissions again, took ages again
Found another thread where the GroupID was switched to "20". This did not help in this case.

Went to the Home folder:
Get info:
Sharing & Permissions
You have custom access
Name Privilege
myadminname (Me): read & write
everyone: read only

As you can see, this folder still has custom access, and there is no additional everyone with custom access.
Tried: apply to enclosed items.
This took ages. Did not fix the problem. Still the same on all files: you have custom access.

I hope someone can tell me what flying-blind-console-unix-magick I have to enter to fix this. Oh, better tell me how to find the console. Or how to type. Since I've upgraded to Leopard, I feel like 25 years younger: a complete idiot sitting in front of an nonresponding computer.

The problem is, I really need my computer for production. Meaning that I am loosing money with every hour I am sitting in front of this nonresponding computer. Please help.

iMac G5, Mac OS X (10.5)

Posted on Nov 2, 2007 3:48 PM

Reply

Answer 1

jdp79

Level 1

0 points

Nov 3, 2007 12:34 PM in response to acupoftea

I am experiencing the same issue described above.

I had some issues trying to transfer files between a Windows machine and my machine and I ended up sharing folders through System preferences. That was the only thing that I messed with and somehow I ended up with corrupted permissions on all of my files (not folders).

I tried using the chmod command in terminal which does appear to work, but it does not fix the actual file through leopard.

I have also tried propagating permissions down from the user folder, but that does not fix it either.

Any suggestions would be greatly appreciated since all of my files are now pretty much corrupted.

Thank you!

Reply

Answer 2

Hedi ®

Level 1

29 points

Nov 3, 2007 12:57 PM in response to acupoftea

I'm wondering if there's a way to batch change "sharing and permissions" details for a lot of files. (instead of doing that manually file by file via the Get Info menu)

Reply

Answer 3

Nov 3, 2007 1:06 PM in response to acupoftea

Please note these known issues:
http://discussions.apple.com/thread.jspa?threadID=1197971

Reply

Answer 4

jdp79

Level 1

0 points

Nov 3, 2007 1:24 PM in response to acupoftea

I did notice that groups did not have permissions at all.

I ran sudo chown -R <user>:staff ~

I do have staff applied now with rwxrwxrwx on the files through ls, but in Finder, I still have the outstanding issue of not having permissions to edit it.

Reply

Answer 5

acupoftea Author

Level 1

15 points

Nov 3, 2007 1:25 PM in response to djhartman

Thank you. This links to a thread that links to a thread that links to ... and I am nut sure if I really should try all these sulutions because there is a contradiction:
I cannot be extremely careful while not knowing what I am doing with all these unix command lines.

My system already is pretty unusable, since I cannot even copy files to another disk because of the two groups with different permissions. I'm admin, but I cannot move a file to another disk, because I do not have the permission to do so.

So if one of you unix geeks could boil down a solution that has clear steps to follow, I would be immensely thankful.

Reply

Answer 6

Nov 3, 2007 2:19 PM in response to jdp79

OK, Apple really should fix this, but this will get you going.
run:

sudo chmod -R go-w ~

This will remove the write permission for everyone except you. This might "break" your Drop box in Public. This will fix it again (it means set read and write for you, and write only for others)

sudo chmod -R 733 ~/Public/Drop\ Box/

make sure you do not get the ~ and - and all the / and \ correct.
You will now have proper permissions. that the Finder should be able to work with again.

Reply

Answer 7

Hedi ®

Level 1

29 points

Nov 3, 2007 3:51 PM in response to djhartman

All the files (documents) are assigned to "_unknown" (I guess it was my previous account on Tiger) with a Read & Write permission, how can I assign them to "Me" please?

Reply

Answer 8

Chris88

Level 1

4 points

Nov 3, 2007 4:31 PM in response to Hedi ®

I am having the same problem to I know my password and login but it does not work. I have been on the phone with apple and I am getting no help so for I have been on HOLD for about 6 hours off and on now

Reply

Answer 9

Nov 3, 2007 9:05 PM in response to djhartman

I'm having the same problem and would be thankful for a solution. (Curiously, djhartman's solution seems to have solved the problem for some files in home directory folders, but not for others. Folder permissions seem to make no problems - just the files in some of them. Just checking up on it, I find the home directory folders/files I created (like 'job') are fine, the files inside the folders that the system installs like Music, Pictures etc. are affected.)
SO: I upgraded from Tiger and can't delete files in my home directory without authenticating (moving those files also triggers an authenticate action). Get info on those files says that user 'Everybody' has 'custom' permissions.
If I then click the lock to authenticate, and set user Everybody to 'no rights', the problems are gone.
Well, if there was a method to do this on 20.000+ files efficiently!
(As I said, thanks djhartman - however on my system this solution does not seem to fully work? Hmm.)

Reply

Answer 10

Nov 4, 2007 7:29 AM in response to Andreas J. Muhr

My suggestion was meant as a follow up to jdp79's suggestion. Both are needed.
So to summarize you get this to fix ONE (your own) useraccount.
Open the Terminal.app

Type:
whoami<enter>

This will show you your "short username" remember it and use it later where I type "yourshortusername"

To set the owner and group correctly use the following command:
*sudo chown -R yourshortusername:staff ~<enter>*
Now type your administrator password. (and if needed confirm that you know what you are doing)

This will remove the write permission for everyone except you.
*sudo chmod -R go-w ~<enter>*

This might "break" your Drop box in Public. This will fix it again (it means set read and write for you, and write only for others)
*sudo chmod -R 733 ~/Public/Drop\ Box<enter>*

make sure you do not get all the spaces, ~ and - and all the / and \ correct.
You will now have proper owners and permissions.

Reply

Answer 11

jdp79

Level 1

0 points

Nov 4, 2007 8:21 AM in response to acupoftea

I just tried the last posts suggestions, but they still did not correct the issue. My files now show through terminal:
-rwxr-xr-x@ <shortusername> staff

So I removed write accesss to anyone but my user.

Now when I try to edit one of the file in documents, I cannot save it without a warning message saying that the file was locked and requiring a password.

It almost looks like Leopard does not know that I am my user and is treating me as 'everyone' as far as permissions are concerned. My user account does have admin privileges.

Any suggestions would be appreciated.
Thank you!

Reply

Answer 12

Nov 4, 2007 8:32 AM in response to djhartman

Thank you very much djhartman! However the problem on those files still persists. Get info on those files says that user 'Everybody' has 'custom' permissions.

Maybe there is some ACL problem? Would it be safe -or possible- to disable ACL support in Leopard from the command line?

(I have never used or configured ACLs, and File Sharing is not enabled.

On the curious side again, when I use Disk Utility to repair permissions, the following status line appears thousandfold: +Access Control List was found, yet not expected for this file.+

= my own translation from German, example of the original line: "Die Zugriffssteuerungsliste wurde gefunden, jedoch nicht für „Applications/Mail.app/Contents/Resources/TB_CloseNoteEditor.png“ erwartet." )

Reply

Answer 13

Nov 4, 2007 8:38 AM in response to jdp79

That leaves one thing, and that is "ACL" options were set on your files in the homedir that you don't want. 😀

type
*ls -le*

To get a list of your homedir and paste it here. Then we can see what kinds of special permissions are set.

Reply

Answer 14

Nov 4, 2007 8:41 AM in response to djhartman

It is normal to see a
*0: group:everyone deny delete* line there, but any other *deny delete* is probably the cause of your problem. To remove ALL ACLs from your homedir, use:

*chmod -R -N ~*

Reply

Answer 15

acupoftea Author

Level 1

15 points

Nov 4, 2007 8:52 AM in response to djhartman

Thank you very much, djhartman. This does not fix my account problems (file permissions currupted), and my console reported issues like the ones Andreas cited.

I gave up.

I made a clean install of leopard and then migrated my user account from my firewire external harddisk backup (Tiger before upgrade). Now, all the files are more under my control, and I was able to set staff permissions with your tips.

There are still problems with my apache2 that denies access to my own sites despite having a correct user.conf. And file sharing with my windows box is not the same for my migrated account as for my new leopard account. At least my activity monitor and my finder does not crash anymore. The issues are less worse now, but not corected.

Reply