Sufficient access privileges?

The behaviour of ownership and permissions is in a state of disaster in "Leopard". There is at least one bug that goes all the way down to the unix level, the "Finder" crashes while attempting to adjust permissions on files that have a group ID corresponding to a group with an incomplete (or absent) group record, "Get Info" prohibits non-admin users from changing the permissions of their own files, and "Get Info" doesn't display enough information to allow users to make an informed decision about the changes they are about to make to their files.

In your case, I suspect that your problem is #4 - the items in your "Sites" folder have probably acquired the standard "group:everyone deny delete" ACE (access control element - another mechanism, in addition to "permissions", affecting a user's access privilegs to files and folders) that is now present by default on users' "home" folders and the standard folders at the top level of "home" folder (i.e. "Desktop", "Documents", "Library", etc., including "Sites"). The rule is likely intended to prevent people from unintentionally messing up their accounts by renaming or deleting the parts of their "home" folder that the system expects to be named a certain way and located in a specific place. However, if you have ever used "Get Info" to modify permissions of one of these folders, then used "Apply to enclosed items", the rule (which does not appear in "Get Info") will have been transferred to every single item within that folder.

The problem should be relatively easy to fix, though some use of the command line is required. For a given "standard" folder and its contents, the steps consist of removing all ACLs, optionally adjusting permissions, then restoring the original ACE just to the top level folder.

For the folders copied from your "Sites" folder to your "Desktop", removing the ACLs by entering the following command (substituting the correct folder name, of course) into "/Applications" > "Utilities" > "Terminal.app" should suffice:<pre>
chmod -RN ~/Desktop/"Name of folder copied from Sites"</pre>

Instead of changing permissions for "everyone", try changing the owner to yourself and give it read/write permissions. Do this on the file itself, not a parent folder.

I am having a similar problem with my old iMac which was not now transferred over to the system settings on my new iMac. I cannot access my Desktop because I "do not have sufficient access privileges." For a newbie, who needs help, how can I fix this?

Thanks,

Peter

OK, after installing the latest security update and updates for my MacBook with Leopard, I was having a terrible time with applications not opening -- Address Book, for example. I applied your method -- get info for Users, setting up a system permission to read and write, applying it to subfolders, and that seemed to work. My question is:

Any security problems this action might bring up? Or is this the way it should be set?

--Chris

Thank you! I recently purchased a new MacBook with Leopard and was having this problem with everything I moved over. It's been driving me crazy, but now it's all working just fine.

biovizier wrote:
The problem should be relatively easy to fix, though some use of the command line is required. For a given "standard" folder and its contents, the steps consist of removing all ACLs, optionally adjusting permissions, then restoring the original ACE just to the top level folder.

You don't want to remove all ACLs from your home directory, that will screw up the permissions (for example) on your Drop Box which has a special ACL on it to setup the owner of the drop box to have Read&Write privs on any file/folder copied into it.

There are two ways to solve this. One is via Terminal and one is via the Reset Password utility on the Leopard Install DVD. For those who aren't very skilled with Terminal, I would recommend the Reset Password utility.

1) boot from your Leopard install CD.
2) Choose your language.
3) When the menubar appears, select Utilities->Reset Password.
4) In the window that appears, select your boot volume from the list at the top.
5) In the popup button below the volume list, select your user from the list.
6) Click the "Reset" button at the bottom of the window. This will reset the privs back to their default settings.
7) Repeat Steps 5 & 6 for every user on your machine who has this problem (except root).

That should clean things up.

Here is how you would do it in Terminal, which (unlike the Reset Password Utility) won't effect any specific changes you may have made to your permissions (like adding another user or giving some other user different privs then the default Read-Only).

*sudo chmod -R +a "everyone deny delete" ~/* +Note: 'sudo' will cause it to ask for your admin password, but when you type it will not show the text. This is normal. Just make sure you type your password correctly. This command will add the 'every deny delete' ACL to everything inside your home directory. This is done so that the next command will succeed. If the next command encounters a file/folder that doesn't have this ACL on it, it will fail and bail out, ultimately leaving your home directory half fixed.+

*sudo chmod -R -a "everyone deny delete" ~/* +Note: This will remove the 'everyone deny delete' ACL from all files and folders in your home directory, the next command will add it back to where it needs to be+

*sudo chmod +a "everyone deny delete" ~/ ~/Desktop ~/Documents ~/Downloads ~/Library ~/Movies ~/Music ~/Pictures ~/Public ~/Sites* +Note: This only applies the 'everyone deny delete' ACE to the folders listed, not their contents. These folders are required by the system, this ACE prevents you (or anyone else) from renaming, moving or deleting them (because they are required by the OS).+

Just copy/paste the bold text, one at a time, into a Terminal window and press return. That should do it. Good luck...

petrock wrote:
There are two ways to solve this. One is via Terminal and one is via the Reset Password utility on the Leopard Install DVD. For those who aren't very skilled with Terminal, I would recommend the Reset Password utility.

1) boot from your Leopard install CD.
2) Choose your language.
3) When the menubar appears, select Utilities->Reset Password.
4) In the window that appears, select your boot volume from the list at the top.
5) In the popup button below the volume list, select your user from the list.
6) Click the "Reset" button at the bottom of the window. This will reset the privs back to their default settings.
7) Repeat Steps 5 & 6 for every user on your machine who has this problem (except root).

That should clean things up.

petrock: where did you get that info? I've been searching around a bit and haven't found anything like that. i thought reset password was only to, well, reset a lost password. (just posting a link would be fine).

joshz wrote:

petrock wrote:
There are two ways to solve this. One is via Terminal and one is via the Reset Password utility on the Leopard Install DVD. For those who aren't very skilled with Terminal, I would recommend the Reset Password utility.

1) boot from your Leopard install CD.
2) Choose your language.
3) When the menubar appears, select Utilities->Reset Password.
4) In the window that appears, select your boot volume from the list at the top.
5) In the popup button below the volume list, select your user from the list.
6) Click the "Reset" button at the bottom of the window. This will reset the privs back to their default settings.
7) Repeat Steps 5 & 6 for every user on your machine who has this problem (except root).

That should clean things up.

petrock: where did you get that info? I've been searching around a bit and haven't found anything like that. i thought reset password was only to, well, reset a lost password. (just posting a link would be fine).

Yes, Reset Password does reset lost passwords, but in Leopard they added the functionality to reset the users permissions in their home directory. Not the best or most obvious place for that feature IMO, but hey at least its available. I get my info from playing around with the OS (and all the different development builds etc), being a software developer for many years, and talking with Apple Engineers at MacWorld and WWDC, as well as friends who work at Apple etc.

Ah, OK. Thanks for the info!

Petrock's fix didn't work for me, but yours did.

As someone else noted, there's got to be some permissions bugs in Leopard. My problems started when I needed to change my user permissions on my iMac in order to get file sharing to work with a Macbook Air.

I'm having this issue as well. Petrock's fix didn't correct the issue (I got access denied on the files) and I'm the owner of the file. I've tried changing access to a test file to "chmod 777" and I still can't rename it.

-rwxrwxrwx@ 1 jeff jeff 26112 Jul 18 2006 Summary.doc

Oddly, I don't see "jeff" as an account in the passwd file. If I sudo the file to rename it, it will work. Doesn't seem to be an issue with folders, just files. I'm a newbie to the mac. I'm not sure how to give system access to the file, I don't see this as a permission. If I do a getinfo, it shows an everyone group with "custom" permission. I changed it to read/write, and I was able to rename it. However, my user account (Labeled "Me" on there) already had read/write. Perhaps this is a system thing..

One thing that may be a cause or part of the problem... I share my home directory with Windows using Parallels. In windows, I can read / write to the files but I can't move them, delete them, or rename them. When I try to move them or delete them in mac, I'm prompted for a password. And of course, I can't rename them in either, unless I drop to a command line and sudo it in the mac.

Please help

Message was edited by: ::jeff::

I seemed to have fixed it, although I'm not entirely sure which part of my tinkering made it happen. The last main thing I did was follow petrock's instructions in the below thread, but I think they're probably the same thing as above. I might have applied a r/w access to the everyone group before hand and applied it through the dir structure. Then reapplied it as read only, then followed the instructions by petrock. Very odd but I got it working.
http://discussions.apple.com/thread.jspa?messageID=6622613

Message was edited by: ::jeff::

Hi guys. I have the same problem...

I would like to try it but, how do you set up a "system permission" ?

Thanks,

Anselmo

I didn't have to do anything regarding the system. I just had to reset the everyone permissions.