This discussion is archived
4413 Views 39 Replies Latest reply: Jan 22, 2009 2:56 PM by macwiz1220
Is it normal to see this group throughout my system?
How do I restrict wheel access?
Ensure that all administrator accounts on the machine have strong passwords. In most UNIX variants, someone has to be a member of the wheel group to be able to su to root. Mac OS X grants that to all administrator accounts.
(39524)iMac Late 2007 Core 2 Duo, Mac OS X (10.5.6)
Is it normal that all downloaded files have wheel group permissions set?
There are certain files that I cannot remove the wheel group from. This confuses me as to why I'm locked out from my own system. I don't feel the wheel group needs to be on /.vol. Attempting to change the permissions in gui is useless - nothing will budge. Terminal doesn't work either:
ryans-imac-2:~ Ryan$ sudo chmod -RN /.vol
sudo: /private/etc/sudoers is mode 0604, should be 0440
ryans-imac-2:~ Ryan$ postdrop: warning: unable to look up public/pickup: No such file or directory
I know I shouldn't be taking full control of certain files like this. I was just curious to see why and how wheel seems to be so persistent on some of these files. I don't see any reason why wheel needs to be here.
I have a separate system that I keep off the network. On that system I don't have wheel popping up like it does on this system. I assume it's network remote access related.
Message was edited by: pianoman1976iMac 2.4 GHz Intel Core 2 Duo, 4 GB SDRAM, Mac OS X (10.5.6)
wheel is the normal group for most root-level items. Quit mucking with things and you'll be fine. This is what's on my machines:
$ ls -Al /
-rw-r--r-- 1 username staff 21508 Jan 3 11:49 .DS_Store
drwx------ 3 root admin 102 Mar 3 2008 .Spotlight-V100
drwxrwxrwt@ 3 username admin 102 Apr 21 2008 .TemporaryItems
d-wx-wx-wt 2 root admin 68 Dec 19 18:47 .Trashes
-rw-r--r--@ 1 username admin 204565 Jul 9 10:57 .VolumeIcon.icns
-rw-r--r-- 1 root admin 0 Apr 20 2008 .com.apple.timemachine.supported
drwx------@ 30 username staff 1020 Jan 2 15:59 .fseventsd
-rw------- 1 root wheel 262144 Apr 20 2008 .hotfiles.btree
drwxr-xr-x@ 2 root wheel 68 Nov 25 2007 .vol
drwxrwxr-x@ 101 root admin 3434 Dec 15 11:45 Applications
-rw-r--r--@ 1 root admin 4608 Sep 12 15:05 Desktop DB
-rw-r--r--@ 1 root admin 2 Apr 21 2008 Desktop DF
drwxrwxr-x@ 17 root admin 578 Nov 25 21:03 Developer
drwxrwxr-t+ 70 root admin 2380 Dec 15 23:20 Library
drwxr-xr-x@ 2 root wheel 68 Jan 28 2008 Network
drwxr-xr-x 4 root wheel 136 Dec 15 11:48 System
drwxr-xr-x 7 root admin 238 Jan 2 14:04 Users
drwxrwxrwt@ 9 root admin 306 Jan 1 22:19 Volumes
drwxr-xr-x@ 40 root wheel 1360 Dec 15 11:44 bin
drwxrwxr-t@ 2 root admin 68 Jan 28 2008 cores
dr-xr-xr-x 2 root wheel 512 Dec 22 16:22 dev
lrwxr-xr-x@ 1 root admin 11 Apr 21 2008 etc -> private/etc
dr-xr-xr-x 2 root wheel 1 Dec 22 16:22 home
-rw-r--r--@ 1 root wheel 10318880 Nov 24 17:39 mach_kernel
-rw-r--r--@ 1 root wheel 10768480 Nov 24 17:39 mach_kernel.ctfsys
dr-xr-xr-x 2 root wheel 1 Dec 22 16:22 net
drwxr-xr-x@ 6 root wheel 204 Apr 21 2008 private
drwxr-xr-x@ 66 root wheel 2244 Dec 15 11:44 sbin
lrwxr-xr-x@ 1 root admin 11 Apr 21 2008 tmp -> private/tmp
drwxr-xr-x@ 12 root wheel 408 Apr 25 2008 usr
lrwxr-xr-x@ 1 root admin 11 Apr 21 2008 var -> private/var24" iMac 2.8 Core 2 Ext 4 GB RAM/G4 450 MP Gigabit 1.5 GB RAM, Mac OS X (10.5.6), (G4 w/10.5.6/10.4.11/9.2.2)
Your dad's the smart one. Details in http://www.merriam-webster.com/dictionary/muck and it applies to your recent postings to these forums. It's OK to explore, but unless you've schooled yourself, aimless wanderings amongst your computer's innards will ultimately result in a nonfunctioning machine.24" iMac 2.8 Core 2 Ext 4 GB RAM/G4 450 MP Gigabit 1.5 GB RAM, Mac OS X (10.5.6), (G4 w/10.5.6/10.4.11/9.2.2)
I'm not too sure about "smart" as he was using the term incorrectly as to damage something - like scratching the Cobra parked in the garage. Thanks for the clarification!iMac 2.4 GHz Intel Core 2 Duo, 4 GB SDRAM, Mac OS X (10.5.6)
Ah! The link I posted dropped the  portion, which gives you the info for the intransitive verb:
+a: to engage in aimless activity —usually used with about or around+
+b: putter , tinker —usually used with about or around <mucking around with his computer>+
+c: interfere , meddle —usually used with about or around+
BTW, thanks for the feedback and rewards. Now, stop mucking around with the machine' s innards.24" iMac 2.8 Core 2 Ext 4 GB RAM/G4 450 MP Gigabit 1.5 GB RAM, Mac OS X (10.5.6), (G4 w/10.5.6/10.4.11/9.2.2)
Is it normal that all downloaded files have wheel group permissions set?
When a new file is created, the group specified for that file is the same group that is specified in the file's containing folder. The Leopard default is that your home folder and ~/Downloads folders have group:wheel set. So that will propagate down to any new files created therein.eMac (1.25GHz USB 2.0), 768MB, Mac OS X (10.5.6)
The Leopard default is that your home folder and ~/Downloads folders have group:wheel set.
that's wrong. this is most definitely not the leopard default. no regular user even belongs to wheel by default. the default group for the home directory (and the Downloads folder) is equal to the primary group of the user. all users created in leopard have primary group "staff". all users upgraded from Tiger have primary groups inherited from their private primary groups in Tiger.Mac Pro 3.2 GHz, Mac OS X (10.5.6), Mac Pro 2.66GHz, powerbook G4 1.5GHz
As an inveterate mucker about (or should that be muck abouter?), I sympathesize with those who just have to muck about with a computer. But one should really take precautions, all of which I figured out years ago, in Mac OS 7, where you could do a lot of really radical surgery.
The first principle is to always know at least three ways to boot your computer--as in a startup drive, a second bootable drive, the install disk--and try out all of them before you do anything else.
Second principle: always have a way to back out of what you did. These days a current Time Machine backup ought to work. But being a bit distrustful of new things on a mission critical function I also have a bootable clone of my current system. Actually, I also have bootable drives containing Tiger and a fairly pristine Leopard install as well. You can never have too many drives.
Third principle: when tinkering first make a copy of the file/folder you are about to tinker with, and work on the copy. Thus, if you are going to alter a system file, drag it to the Desktop, open that version and edit it. Save your edited version somewhere else (I have a Mods folder where I save such things), then replace the file in the system folder with your edited version and see what happens.... If what happens is unfortunate you can use an alternate boot method, and then put the original version back. Of course, in Leopard things get a bit more complex because of ownership and permissions issues, but it is all still "doable" if one is sufficiently determined. Basic knowledge of UNIX and the Terminal is pretty much essential. A good place to start is here:
And a good place to look for interesting things to do/modify is MacOSXHints:
Mucking about without a safety net can lead to very unhappy outcomes.
Schwieder2x2.66 Dual Core MacPro; iBookG4; iPod, Mac OS X (10.5.5), Cinema Display, Wacom Tablet
In conclusion I've learned that some of these wheel permissions are indeed not standard. Wheel should not be on my downloads folder. When I remove it- my individual downloads still show wheel permissions.
This is not a big deal for me, I just had a hunch about it and it seems my hunch is correct. Why and how this is happening is probably a topic more suited for a different forum.iMac 2.4 GHz Intel Core 2 Duo, 4 GB SDRAM, Mac OS X (10.5.6)
None of the files and folders in your home directory should be root (wheel) owned. User ID should be
your short user name. The group name should be admin, staff or your user name (if upgraded from
Use the chgrp command from terminal.app to change the group. Do NOT use "apply to enclosed"
option from finder as this may unduly propogate unwanted ACLs as well.
example terminal command to change group id:
sudo chgrp -v -R staff ~/
#will change all file and folders group id to "staff" in user home directory#
KjMac Pro, Mac OS X (10.5.6), , Win XP "Did You Back It Up?" "Save your Bacon, Clone it!"
I stopped watching this topic and missed your detailed and concise description. Well stated. Cheers!