Odd Sharing & Permissions Problem

running OSX Lion 10.7.2 and i'm having the exact same problem. if i click get info on the "Macintosh HD", i had the users Eveyrone, Wheel, and System. but my username was not there. i removed wheel and was able to add adiminstrator, which is me, but i can't add my username. if i try and click the "+" button to do it, it will not add my name.

were you able to figure this out?

if i click get info on the "Macintosh HD", i had the users Eveyrone, Wheel, and System. but my username was not there.

Those ownerships and permissions were as they should be in Lion - you shouldn't try to change them. The startup drive permissions were deliberately made more restrictive in Lion, such that only the root user can write to the top level.

In my dual-boot setup, the startup-drive permissions look like this:

Snow Leopard:

-----------

Lion:

There were also number of similar changes to other folders that Apple feels should not be written to by ordinary users.

From this Developer document:

http://developer.apple.com/library/mac/releasenotes/MacOSX/WhatsNewInOSX/WhatsNe wInOSX.pdf

------------------

Folder Permissions and Ownership

A number of folders in the System and Local file system domains now have different ownership and permissions. Specifically:

● Many folders in the System domain that were previously owned by the admin group are now owned by the wheel group.

● Permissions for the root directory (/) are now mode 755 (writable only by root) instead of mode 775 (writable by the admin group).

● Permissions for /Applications/Utilities are now mode 755 (writable only by root) instead of mode 775 (writable by the admin group).

● Permissions for /Library are now mode 755 (writable only by root) instead of mode 775 (writable by the admin group), no longer sticky.

All subdirectories within /Library now have mode 755 (writable only by root)permissions instead of mode 775 (writable by the admin group) except:

● /Library/Caches ● /Library/Fonts ● /Library/Java ● /Library/QuickTimeStreaming ● /Library/Receipts

● /Library/Tomcat

---------------------------------------------

Glad you got things fixed!

I was actually responding to Steel Dragon, and was trying to discourage any tinkering with the startup disk permissions.

The permissions you see for the HD when you do a Get Info on it reflect only its root directory, not the permissions of its contained folders. You don't need write-permission for the top level of the HD in order to write to folders within your Home folder, and likewise you shouldn't try to fix a permission problem within your Home folder by tinkering with the HD permissions. Even worse would be to use the "Apply to Enclosed Items" feature on the boot HD permissions.

Speaking of tinkering with permissions, I have 3 accounts on my Powerbook under Leopard 10.5.8: Admin, Normal Standard User, and Anonymous Standard User.

For most logins and usage, I use Normal Standard User.

But when I log in as Anonymous Standard User, I can see and read everything that Normal Standard User has...all documents, including financial and other 'sensitive' files!

When log in as Anonymous Standard User, doing a 'get info' on Normal Standard User, reveals:

Sharing & Permissions:

You can only read.

Name Privilege

Normal Standard User Read & Write

staff Read only

everyone Read & Write

This is not good; I don't want Anonymous Standard User to be able to read Normal Standard User's files!

I also don't know who "staff" is....i never created that group, and I don't want any group that I did not create, to exist on my computer and have ability to 'read' anything.

And, what about 'everyone'? If I set 'everyone' to "no access", will that also prevent Admin from having access to Normal Standard User's files? I certainly don't want "everyone" to have read & write access to Normal Standard User's files, but I also don't want to render Admin unable to manage Normal Standard User and his files.

Has anyone written a good, user friendly in-depth book or tutorial on managing Leopard permissions? This whole subject seems like a black art! I need to learn more about this.

--------------------------

Name Privilege

Normal Standard User Read & Write

staff Read only

everyone Read & Write

-------------------

The Home folder permissions on the above example that you gave would normally have "everyone" as Read only, not Read and Write. Did you change something?

The top level items of the Home folder of one user can normally be seen by a different user, but not the system-supplied subfolders within that Home folder, such as Documents, Desktop, Movies, etc. Those subfolders are normally "no access" for all except for the user that owns them. If Normal Standard User puts his sensitive files inside his Documents folder, then no other user should be able to see them, including the Admin user.

I didn't set Normal Standard User's home folder to "everyone read and write" - that's a mystery!

Per your suggestion, I just changed Normal Standard User (Me) to 'Read&Write' and set 'Everyone' to Read Only.

Does Everyone include the Admin? Seems like they should have used the term "everyone else", since they add a "Me" onto the end of my current login name in the getinfo panel of Normal Standard User's Home Folder.

In that case, when I log in as Admin I won't have any access to Normal Standard User's files.

That seems illogical, since I'd expect an Admin to be able to access everything.

However, I think I've noticed that even Root can't necessarily access other users' files....

Anyhow, thanks for the info - i still wish to find a good tutorial some day on permissions!

thanks for the info :-) unfortunately, i did tinker with the Startup DIsk Permissions a little bit, by deleting "wheel," and adding "admin", but i won't mess with it anymore. the reason i tinkered with it in the first place was because a program i was running claimed i did not have permission to access my Macintosh HD, and when i saw that my username wasn't a user in the Sharing and Permissions area, i got concerned and tried to make some changes. fortunately, i don't think i harmed anything cause everything is running ok, no problems.