I'm on 10.11.6 on a MacPro. For some reason I can no longer create/delete/rename directories at the root level on most of my disks without having to authenticate. Since MacOS permissions are rather complicated (I've hosed myself before) I wanted to be absolutely sure before I make any changes.
Here are my mounted disks:
drwxrwxr-x 14 me staff 544 3/25/17 18:15 Mobius S5 SG 4TB Media Server
drwxr-xr-x 36 root wheel 1292 3/24/17 10:40 Mobius S3 S164 1TB B
drwxrwxr-x 11 root wheel 442 3/19/17 10:04 Mobius S4 W964 4 TB Pictures
drwxrwxr-x 13 root wheel 510 11/14/17 12:41 Mobius S1 TM H640 6 TB
drwxrwxr-x 13 root wheel 510 Novˇ 8 00:59 Mobius S2 TM HGST NAS 6 TB
drwxrwxr-x 36 root wheel 1292 3/25/17 03:18 Mobius S3 S164 1TB A
drwxrwxr-x 56 root wheel 1972 3/24/17 13:55 Drobo 5D
drwxrwxr-x@ 16 root wheel 612 3/19/17 00:52 MyBook 4 MS Master
drwxrwxr-x@ 32 root wheel 1156 3/25/17 18:30 Promise Pegasus
lrwxr-xr-x 1 root admin 1 3/25/17 19:14 Macintosh HD -> /
xattr on the two volumes with extended attributes gives
com.apple.FinderInfo
The only disk that I can make directory changes at the root level without having to authenticate is the one with ownership me:staff, which is logical since I am a member of staff and staff have write privileges on the volume.
dscl . search /Groups GroupMembership me
_appserveradm
_appserverusr
_lpadmin
admin
com.apple.access_screensharing-disabled
com.apple.sharepoint.group.1,14,15,16,2,4 [combined into one line]
staff
So I could change the group ownership of the affected volumes to either admin or staff, since I don't want to mess with wheel which only has the member root:
dscacheutil -q group -a name wheel
name: wheel
password: *
gid: 0
users: root
dscacheutil -q group -a name admin
name: admin
password: *
gid: 80
users: root me Test
dscacheutil -q group -a name staff
name: staff
password: *
gid: 20
users: root me Test _xcsbuildagent _xcscredserver
Running a test by changing group ownership to admin:
sudo chgrp admin "MyBook 4 MS Master"
drwxrwxr-x 14 me staff 544 Mar 25 19:49 Mobius S5 SG 4TB Media Server
seems to work. But I'm not sure if that is the best way to do it ....
Here are my mounted disks:
drwxrwxr-x 14 me staff 544 3/25/17 18:15 Mobius S5 SG 4TB Media Server
drwxr-xr-x 36 root wheel 1292 3/24/17 10:40 Mobius S3 S164 1TB B
drwxrwxr-x 11 root wheel 442 3/19/17 10:04 Mobius S4 W964 4 TB Pictures
drwxrwxr-x 13 root wheel 510 11/14/17 12:41 Mobius S1 TM H640 6 TB
drwxrwxr-x 13 root wheel 510 Novˇ 8 00:59 Mobius S2 TM HGST NAS 6 TB
drwxrwxr-x 36 root wheel 1292 3/25/17 03:18 Mobius S3 S164 1TB A
drwxrwxr-x 56 root wheel 1972 3/24/17 13:55 Drobo 5D
drwxrwxr-x@ 16 root wheel 612 3/19/17 00:52 MyBook 4 MS Master
drwxrwxr-x@ 32 root wheel 1156 3/25/17 18:30 Promise Pegasus
lrwxr-xr-x 1 root admin 1 3/25/17 19:14 Macintosh HD -> /
xattr on the two volumes with extended attributes gives
com.apple.FinderInfo
The only disk that I can make directory changes at the root level without having to authenticate is the one with ownership me:staff, which is logical since I am a member of staff and staff have write privileges on the volume.
dscl . search /Groups GroupMembership me
_appserveradm
_appserverusr
_lpadmin
admin
com.apple.access_screensharing-disabled
com.apple.sharepoint.group.1,14,15,16,2,4 [combined into one line]
staff
So I could change the group ownership of the affected volumes to either admin or staff, since I don't want to mess with wheel which only has the member root:
dscacheutil -q group -a name wheel
name: wheel
password: *
gid: 0
users: root
dscacheutil -q group -a name admin
name: admin
password: *
gid: 80
users: root me Test
dscacheutil -q group -a name staff
name: staff
password: *
gid: 20
users: root me Test _xcsbuildagent _xcscredserver
Running a test by changing group ownership to admin:
sudo chgrp admin "MyBook 4 MS Master"
drwxrwxr-x 14 me staff 544 Mar 25 19:49 Mobius S5 SG 4TB Media Server
seems to work. But I'm not sure if that is the best way to do it ....