How to restore default user permissions (MacOS 13 Ventura)
Background
I have 3 Macs at home, all running MacOS 13 Ventura. All of these Macs are running on relatively new computers but the systems have been passed on via Migration Assistant/Time Machine backups since the beginning of the ~2010s (OSX Snow Leopard & Lion).
I recently discovered the user permissions on these Macs probably are wrong or messy (i.e they non-conforming; not the default permissions). I'm not sure why that is, but it may be that I changed things due to ignorance far back in the past, or migrations, etc, may have altered things.
Rationale: I'm concerned for security reasons, and additionally while I haven't had much issues with these Macs, one issue is when attempting to use File Sharing over the local network, I can see folders loading on the remote Mac but no files therein will load (I just see a spinning wheel and the text "Loading…") – unless if I specify particular folders and users to share to, which shouldn't be necessary given that I'm authenticating myself with an administrator user on the target Mac – which is why I started to suspect that permissions might be erroneous.
Question
Should I, and if so, how can I restore or apply Apple default user permissions, without having to erase my systems and recreate them entirely from scratch? (Assuming that attempting to fix permissions is a good idea?)
SIP is activated, and as mentioned I am running the latest MacOS version as of February, 2023 – therefore many old forum answers may not apply.
---
Additional info
On one of my Macs, I created a new administrator user (named test) to see what the default POSIX permissions are for common Home folders. WARNING: I can't guarantee that these are correct for an entirely fresh system, this is just what I happen to see on a new user on a non-factory restored Mac – please do not attempt to replicate my settings.
Furthermore, I have not reviewed the ACL settings (which possibly are erroneous), because I just learned about them and have zero previous experience. If you think it's pertinent to add them here, please let me know.
Mac #1
- test (New test user):
- ~ (Home folder for test)
- test (me): Read & Write
- staff: Read only
- everyone: No Access
- ~/Desktop, ~/Documents, ~/Downloads, ~/Library:
- test (me): Read & Write
- everyone: No Access
- ~/Library:
- test (me): Read & Write
- everyone: No Access
- ~/Public:
- test (me): Read & Write
- staff: Read only
- everyone: Read only
- Macintosh HD/Applications
- system: Read & Write
- admin: Read & Write
- everyone: Read only
- NOTE: These Applications groups look strange to me. Since they are shared by all users on the computer it's possible that they aren't the default Apple permissions. My other Mac does instead of system: Read & Write and admin: Read & Write, have user (me): Read & Write and staff: Read only.
- ~ (Home folder for test)
Following are settings on my actively in-use accounts on my Macs.
Noteworthy: in some folders I see peculiar users called: com.apple.sharepoint.group.1 com.apple.sharepoint.group.2, com.apple.sharepoint.group.3, and Fetching… (a spinning wheel that doesn't fully load) – these have "Custom" permissions!
Mac #1
- user (Old user):
- ~ (Home folder user)
- user (me): Read & Write
- staff: Read only
- everyone: Read only (No Access on test)
- ~/Desktop, ~/Documents, ~/Downloads
- user (me): Read & Write
- everyone: Read only (No Access on test)
- ~/Library:
- user (me): Read & Write
- everyone: No Access
- ~/Public:
- user (me): Read & Write
- staff: Does not exist at all (staff: Read only on test)
- everyone: Read only
- Macintosh HD/Applications
- system: Read & Write
- admin: Read & Write
- everyone: Read only
- ~ (Home folder user)
Mac #2
- user (Old user):
- ~ (Home folder user)
- user (me): Read & Write
- staff: Read only
- everyone: Read only (No Access on test)
- ~/Desktop, ~/Documents, ~/Downloads
- user (me): Read & Write
- staff: Read only (staff does not exist here on test)
- everyone: Read only (No Access on test)
- ~/Library:
- user (me): Read & Write
- everyone: No Access
- ~/Public:
- com.apple.sharepoint.group.1: Custom (I don't know what this is!)
- user (me): Read & Write
- staff: Does not exist at all (staff: Read only on test)
- everyone: No Access (Read only on test)
- Macintosh HD/Applications
- system: Read & Write
- admin: Read & Write
- everyone: Read only
- ~ (Home folder user)
Mac #3
- user (Old user):
- ~ (Home folder user)
- com.apple.sharepoint.group.2: Custom (I don't know what this is!)
- Fetching…: Custom (I don't know what this is. Doesn't load properly – shows a spinning wheel!)
- user (me): Read & Write
- staff: Does not exist at all (staff: Read only on test)
- everyone: No Access
- ~/Desktop, ~/Documents, ~/Downloads
- user (me): Read & Write
- everyone: Read only (No Access on test)
- ~/Library:
- user (me): Read & Write
- everyone: No Access
- ~/Public:
- user (me): Read & Write
- staff: Does not exist at all (staff: Read only on test)
- everyone: Read only
- Macintosh HD/Applications
- user (me): Read & Write (Does not exist on test. system: Read only exists instead)
- staff: Read only (Does not exist on test. admin: Read only exists instead)
- everyone: Read only
- ~ (Home folder user)
Mac Studio