You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: cmoy1
cmoy1 Author
User level: Level 1
18 points

Wheel group in permissions for an app installed from Mac App Store - Big Sur

While searching for answers on this subject for macOS Big Sur, I found Q&A's on this subject in at least 2 versions of Mac OS, 2 years or 6 years ago.


A useful answer warns me that if I download an app into some protected area (not sure if that's the term used) of macOS storage, macOS will automatically insert the group 'wheel' into the permission of that app. I also learned from these Q&A's that administrative users are part of the wheel group.


What I want to highlight here is that somewhere in the update to Big Sur, I notice that:

  1. Download of an app from the Mac App store still starts with clicking the GET button
  2. There's no downloading of a DMG file to your default download folder. User is also NOT given a choice of where to direct the download.
  3. Installation of the app starts automatically after the download to temporary memory space or some hidden location and the app shows up in you Applications folder. Download and Install are combined into one operation.
  4. macOS create a group permission entry for the app with the Name 'wheel'; Privilege 'Read only'. Some macOS updates back, I believe macOS creates a user permission entry for the name of the admin user who installed the app.


As far as I can remember, download of an app from any place else besides Apple App Store still goes to my default download folder, because I always run a download check if a checksum is provided, or run my antivirus on the DMG file before I execute it.


If anyone knows more about what's going on behind the scene, I'd love to hear it. Thanks!







Posted on Sep 8, 2021 8:25 AM

Reply

Similar questions

1 reply
User profile for user: Barney-15E
Barney-15E
User level: Level 10
116,464 points

Sep 8, 2021 10:48 AM in response to cmoy1

There is no "installer" for an App Store app. That would violate the App Store requirements for the app.

Last I knew, App Store apps and OS installers were temp downloaded into somewhere in /var/folders/ (I think zz).

Once the complete app is downloaded, it is moved into /Applications by the system (root).

And, yes, you do not have an option as to where it goes. It will always go into /Applications (on Big Sur and Catalina, it actually isn't really in /Applications, but that is what the Finder wants you to see).


I can't remember what permissions App Store apps had (I don't think I ever cared).

Drag and Drop apps are normally owned by the user that put them in the Applications folder.

Installer packages are usually owned by root:wheel as the only reason you need to run an installer is to elevate privileges to install parts of the app in system privileged locations, so the installer is running as root.


What is the concern with the wheel group? Almost everything created by the OS is in the wheel group. It has existed since the beginning of (Unix) time.

Reply

Wheel group in permissions for an app installed from Mac App Store - Big Sur

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up