kmosx5: "Apply to enclosed items" causes permissions issues on home folder

This tip is ready for consideration.

V.K. wrote:
one comment on this.
The "reset permissions and ACLs" utility on the leopard install DVD is slightly buggy. While it will reset the ownership and the ACLs on your home directory correctly, it will set the group ownership on everything in it to wheel (gid=0).

This is not a huge deal but it certainly is a bug.

to rectify it, run the following terminal command from your account:

*sudo chgrp -R `id -gn` ~*

That won't necessarily work. For example, on my computer, I have a non-admin account I use daily, and a separate admin account for admin tasks. "sudo" can only be run from an admin account, so there is an obvious paradox there-maybe "sudo chgrp -R staff /Users/affectedaccountname/* would work better, or maybe running "id -gn" in the affected account first, then writing down the output.

Just a minor flaw, but I thought I should make you aware of it. that is a good idea in general, though.

Right now, I have work I have to do, and I'll revise this hint soon.

Thanks for the input!

Is sudo even necessary for group changing?

Could they not just run chgrp -R `id -gn` ~/* ?

Message was edited by: joshz

In Leopard, if "Apply to enclosed Items" is used on the home folder, massive permissions issues can be caused on it, requiring you to provide your password when moving things around within it, or when deleting things in it.

The solution is this (courtesy of petrock)

1) Boot from your Leopard install CD/DVD (insert it, shut down, start while holding "C")
2) Choose your language.
3) When the menubar appears, select Utilities>Reset Password.
4) In the window that appears, select your boot volume from the list at the top.
5) In the popup button below the volume list, select your user from the list.
6) Click the "Reset" button at the bottom of the window. This will reset the permissions (and ACLs) back to their default settings.
7) Repeat Steps 5 & 6 for every user on your machine who has this problem (except "System Administrator (Root)").

There is one bug in this process, so you need to take some additional steps to get permissions back to how they should be.

8) Log in to your account.
9) Open Terminal (/Applications/Utilities/Terminal)
10) Copy the blue text in, and press "return". chgrp -R `id -gn` ~/*

11) You won't see anything happen, but you can check that it worked by selecting your home folder, and clicking File>Get Info. You will see either "unknown" or "staff", depending on how you installed Leopard. Either one is fine.
12) Repeat the steps 8-11 for every account that you reset permissions for on your machine.

Right. (That will apply it to ".." too, right? I've forgotten the exact reason to not have the *).

Thanks for the input!

In Leopard, if "Apply to enclosed Items" is used on the home folder, massive permissions issues can be caused on it, requiring you to provide your password when moving things around within it, or when deleting things in it.

The solution is this (first seven steps courtesy of petrock)

1) Boot from your Leopard install CD/DVD (insert it, shut down, start while holding "C")
2) Choose your language.
3) When the menubar appears, select Utilities>Reset Password.
4) In the window that appears, select your boot volume (by default, "Macintosh HD") from the list at the top.
5) In the popup menu below the volume list, select an affected user. (One that you used "Apply to enclosed items" on).
6) Click the "Reset" button at the bottom of the window. This will reset the permissions (and ACLs) back to their default settings.
7) Repeat Steps 5 & 6 for every user on your machine who has this problem (except "System Administrator (Root)").

There is one bug in this process, so you need to take some additional steps to get permissions back to how they should be.

8) Log in to an account you reset the permissions for.
9) Open Terminal (/Applications/Utilities/Terminal)
10) Copy the blue text in, and press "return". chgrp -R `id -gn` ~

11) You won't see anything happen, but you can check that it worked by selecting your home folder, and clicking File>Get Info. You will see either "unknown" or "staff" under "Sharing and Permissions", depending on how you installed Leopard. Either one is fine.
12) Repeat the steps 8-11 for every account that you reset permissions for on your machine. (Remember, NOT "System Administrator (Root)").

V.K. wrote:
* is a unix wild card. used by itself ~/* stands for every file/folder directly in ~ but not for ~ itself. Of course, in our case we want our command to apply to ~ also, so there is no reason to use ~/*.

OK. Thanks for clarifying!

http://discussions.apple.com/messageview.jspa?messageID=7137166#7137166 is ready for consideration.

*chmod +ai "`id -un` allow list,add file,search,delete,add_subdirectory,delete_child,readattr,writeattr,readextattr, writeextattr,readsecurity,writesecurity,chown,file_inherit,directoryinherit" ~/Public/Drop\ Box*

+ai? Why make it inherited?
Why not just use chmod +a ...?