HT203172: Mac OS X: Disk Utility's Repair Disk Permissions messages that you can safely ignore
Learn about Mac OS X: Disk Utility's Repair Disk Permissions messages that you can safely ignore
Q: saying that I can safely ignore these messages?
-
May 14, 2012 7:12 PMby Jeff Kelleher,This is not customer support, It's a bunch of Mac users willing to offer help. I completely understand your frustration, as I'm not an IT professional, but I do IT support on the side where I work. I am constantly faced with problems I have to figure out, and I face similar situations to yours enough to make me scream.
But I'm not sure you asked a question that anyone could asnwer.
As for TS1448, I'm certain that there is no short answer that the average user (like me) could understand that would fully explain the workings of OS X and why these error messages occur.
-
May 15, 2012 3:24 AMby luminarist,First: I appologize for venting my frustrations here. It was just one of those nights where things were not working properly. I didn't mean to act like a jerk. Sorry.
I got frustrated by the explanations I was getting for the error message and figured I would ask. Unfortunately, I didn't do that very well. Let me try again.
I get an error message saying,
"Warning: SUID file "System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAg ent" has been modified and will not be repaired."
When I look this up the only answer I get is to ignore it, but that's hard to do. It sounds rather ominous. So, is this really something to ignore? Is it possible that someone hacked into my computer? It does say that "remote access has been modified" and I know I havn't done anything to modify it.
I appreciate your time in answering my "question" Jeff. Again, sorry for being a blockhead last night.
-
May 15, 2012 6:05 AMby MrHoffman,Log files have always contained scary-looking messages, and always will.
The "fun" is figuring out what parts of the sometimes-blizzard of log file messages indicates a problem, and what parts are normal background chatter.
This particular (and long-standing) scary-looking message indicates that a root-privileged file has been changed, and that the permissions won't be updated. Disk Utility is telling you that the file has changed. Hackers might well look to do that of course, but they need a seriously-privileged toe-hold elsewhere to gain the access to make these changes.
Resolving this diagnostic would require tying Disk Utility into a database of changed files; into the various software installation tools that can be used. (And if you think about it, someone attacking your system might well just use the installer, and thus mask this diagnostic.)
If your system directory protections are correct, there is no mechanism to make these changes, short of either a hole in OS X, or a root-level breach. And if you're rooted, all bets are off; nothing is trusted. Not logs, not SUID images, not configuration files, not the users and passwords in OD, nothing.
Look at what's listed, and use it to learn what's been changed on your system. It looks like there was an ARD update applied in this case. Did you do that? (In all likelihood, you did, as there was a recent ARD update. If you didn't install patches and you see a Frobnitz changed in the Whatchamacallit directories (and you didn't install a Frobnitz update), then you might have an issue.
Use this case not as a burr under your saddle, but rather as a way to begin to learn how the pieces of OS X and OS X Server are interconnected, and what's normal for your system and - just as important - what's not normal.
And if something's "not working properly", post up some symptoms and related details and we might have a solution. Or a work-around. :-)
