Apple Event: May 7th at 7 am PT

Learn more

Add to your calendar 

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: jkbull
jkbull Author
User level: Level 1
86 points

Does 10.9.3 make /Users insecure by setting permissions to 0777?

The 10.9.3 update seems to sometimes change the permissions on /Users from 0755 to 0777, allowing any user to make modifications to the folder. There are reports here and here. I found out about this because Tunnelblick checks permissions of various system folders that it uses (and their parent folders) and refuses to run if they are not secure.


There are conflicting reports about whether or not Disk Utility's "Repair Permissions" will repair this. It may repair the permissions but then the incorrect permissions reappear after a computer restart.


Is anyone else seeing this behavior? It does not happen on a clean install of 10.9.2 followed by the 10.9.3 update, so it probably involves some third-party software. If people list their third-party apps and kexts, especially apps that launch on startup or login and kexts that are loaded when this problem occurs, it might help track down the problem.

OS X Mavericks (10.9.3)

Posted on May 16, 2014 4:00 AM

Reply
Question marked as Best reply
User profile for user: Tim_Doe
Tim_Doe
User level: Level 1
19 points

Posted on May 16, 2014 6:03 AM

Same here. Permissions on /Users are set to 777 after the OS X 10.9.3 upgrade (and I believe the group should also be wheel?!). While "Disk Utility" detects and repairs this, permissions are reset to 777 after each reboot:


drwxrwxrwx@ 7 root admin 238 15 May 20:14 Users


After each and every reboot, "Disk Utility" finds this:


Verifying permissions for “Macintosh HD”

Permissions differ on “Applications/Safari.app/Contents/Resources/Safari.help/Contents/Resources/inde x.html”; should be lrwxr-xr-x ; they are -rwxr-xr-x .

Permissions differ on “Users”; should be drwxr-xr-x ; they are drwxrwxrwx .

Permissions differ on “Users/Shared”; should be drwxrwxrwt ; they are drwxrwxrwx .

Permissions verification complete


I do not think my system is heavily modified:


Tims-MacBook-Pro:~ tim$ kextstat | grep -v com.apple

Index Refs Address Size Wired Name (Version) <Linked Against>

Tims-MacBook-Pro:~ tim$ ls -l /Library/LaunchDaemons/

total 32

-rw-r--r-- 1 root wheel 462 18 Apr 15:46 com.adobe.fpsaud.plist

-rw-r--r-- 1 root wheel 568 2 Apr 2012 com.microsoft.office.licensing.helper.plist

lrwxr-xr-x 1 root wheel 103 18 Feb 20:59 com.oracle.java.Helper-Tool.plist -> /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/com.oracle.java.Helper-Tool .plist

-rw-r--r-- 1 root wheel 486 22 Apr 20:59 com.oracle.java.JavaUpdateHelper.plist

Tims-MacBook-Pro:~ tim$ ls -l /Library/LaunchAgents/

total 8

lrwxr-xr-x 1 root wheel 104 18 Feb 20:59 com.oracle.java.Java-Updater.plist -> /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/com.oracle.java.Java-Update r.plist

Tims-MacBook-Pro:~ tim$ ls -l /Library/LaunchDaemons/

total 32

-rw-r--r-- 1 root wheel 462 18 Apr 15:46 com.adobe.fpsaud.plist

-rw-r--r-- 1 root wheel 568 2 Apr 2012 com.microsoft.office.licensing.helper.plist

lrwxr-xr-x 1 root wheel 103 18 Feb 20:59 com.oracle.java.Helper-Tool.plist -> /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/com.oracle.java.Helper-Tool .plist

-rw-r--r-- 1 root wheel 486 22 Apr 20:59 com.oracle.java.JavaUpdateHelper.plist

Tims-MacBook-Pro:~ tim$

View in context
42 replies
User profile for user: kevin_
kevin_
User level: Level 4
1,561 points

May 16, 2014 2:13 PM in response to jkbull

Whew, what an issue... I think I figured out what is going on.... I havent restarted my MacBook Pro this many times since I got it .


Can some others please test this as well...



Open up your iCloud prefs and turn Find My Mac OFF

Open the Terminal and run the following command


sudo chmod 755 /Users; sudo chmod 755 /Users/Shared; sudo chflags nohidden /Users; sudo chflags nohidden /Users/Shared


Now restart your Mac and see if the Users folder stays visible and maintains the correct permissions.

Reply
User profile for user: lkrupp
lkrupp
User level: Level 6
14,422 points

May 16, 2014 2:16 PM in response to kevin_

kevin_ wrote:


Whew, what an issue... I think I figured out what is going on.... I havent restarted my MacBook Pro this many times since I got it .


Can some others please test this as well...



Open up your iCloud prefs and turn Find My Mac OFF

Open the Terminal and run the following command


sudo chmod 755 /Users; sudo chmod 755 /Users/Shared; sudo chflags nohidden /Users; sudo chflags nohidden /Users/Shared


Now restart your Mac and see if the Users folder stays visible and maintains the correct permissions.


This fix was first reported by MacObserver and then MacWorld. It appears to be an interaction between iTunes 11.2 and the Find my Mac feature. Strange of true.

Reply
User profile for user: gaz_stephens
gaz_stephens
User level: Level 1
5 points

May 16, 2014 3:32 PM in response to Solitary_Satellite

I have tried the disabling Find My Mac and it appears (at the moment) to have fixed the issue. I am sure the article linked above gives full details, but here is what I did:

  1. Go to System Preferences -> iCloud, then scroll down and unselect Find My Mac
  2. Go to Applications -> Utilities then select Disk Utility.
  3. Once Disk Utility is up, click on the main volume (in my case Macintosh HD) and choose Repair Disk Permissions.


Once the repair completes /Users should retain the correct permissions even after a reboot. For steps 2 and 3 you could also simply use the command line and chmod.


This does not resolve the hidden status of /Users, you will have to run that seperately, and I have not tested this yet or if it would survive reboots. If I get the chance I'll try it out.

Reply
User profile for user: jkbull
jkbull Author
User level: Level 1
86 points

May 16, 2014 4:06 PM in response to lkrupp

kevin_ wrote:


Whew, what an issue... I think I figured out what is going on.... I havent restarted my MacBook Pro this many times since I got it .


Can some others please test this as well...



Open up your iCloud prefs and turn Find My Mac OFF

Open the Terminal and run the following command


sudo chmod 755 /Users; sudo chmod 755 /Users/Shared; sudo chflags nohidden /Users; sudo chflags nohidden /Users/Shared


Now restart your Mac and see if the Users folder stays visible and maintains the correct permissions.


No. The "sudo chmod 755 /Users/Shared" part is not correct.


The permissions for /Users/Shared should not be 0755. On a Mavericks that has not had the 10.9.3 or iTunes update, the permissions are


drwxrwxrwt 4 root wheel 136 Aug 22 2013 Shared


which means that they are 1777 (the "1" is the "sticky" bit). That is not the same as 0755. Disk Repair's "Repair Permissions" will reset it correctly.


The way to do this is:

  1. Disable "Find My Mac" in the iCloud System Preferences
  2. Use Disk Utility to "Repair Permissions"
  3. Unhide the files with sudo chflags nohidden /Users; sudo chflags nohidden /Users/Shared


Can anyone roll back the iTunes update and see if that solves the problem, instead of disabling Find My Mac


The reason this is a big deal is that any user of your computer (or malware running as any user) could (with the 0777 permissions on /Users) do anything they/it wants with any other user's home folder.

Reply

Does 10.9.3 make /Users insecure by setting permissions to 0777?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up