Fixing permissions on user's separate drive

Discussion in 'OS X Mavericks (10.9)' started by macstatic, Apr 6, 2015.

  1. macstatic macrumors 6502a

    Joined:
    Oct 21, 2005
    #1
    I seem to have some permission issues which I don't understand how to fix.

    My Mac Pro has several drives where one is a boot drive with OSX, all my apps and the administrator user.
    Another drive contains my home folder with all my files, settings etc. and is not an administrator. Having recently upgraded (clean install) from OSX 10.6 to 10.9 I also decided to change my username, so I guess that's where I did something wrong as I had to change permissions (using "get info" for the home folder and affecting everything within) when moving all my files/settings back to the new user).

    I've used Disk Utility's "Fix permissions" feature, but I understand it only applies to the boot drive. I've also tried resetting the ACLs but I'm not sure if that affects my separate home-folder drive either.

    So is there a terminal command I can use to correct my permissions everywhere on my Mac?
     
  2. Taz Mangus, Apr 6, 2015
    Last edited: Apr 6, 2015

    Taz Mangus macrumors 68040

    Taz Mangus

    Joined:
    Mar 10, 2011
    #2
    Open the terminal application:
    • Enter: id
      The output will show information about you. Make note of the uid and gid, what is specified in parenthesis.
    • Enter: cd <folder where Users is located>
      Replace the text after "cd" with the location that "Users" is located on each hard drive. You can open a finder window and browse to where "Users" folder is and drag it to the command line.
    • Enter: sudo chown -R <short username shown in "id"> <short username folder>
      Replace both text in <> with short username.
    • Enter: sudo chgrp -R <group name shown in "id"> <short username folder>

    So for instance, let's say that you have a Users folder on hard drive A. And let's further say that when you run the id command in terminal it shows "uid=501(bob) gid=20(staff)". In the terminal you would enter the following commands:
    • cd "/Volumes/hard drive A/Users"
    • sudo chown -R bob bob
    • sudo chgrp -R staff bob
    So the above commands changed the ownership of the user account folder "bob" to now only belong to user bob. It also changed the group ownership to staff for the user folder belonging to user bob. Take note of the double quotes I used on the cd command, that is intentional as paths with spaces need to be quoted.

    Any particular reason why you split the user accounts across 2 hard drives? The reason I put all my users on a separate hard drive from the boot hard drive is because if I ever needed to do a clean install I could erase the boot hard drive, install OS X and the users on the other hard drive are not touched. Also, I have a SSD installed and the OS runs from the SSD and the users are on the spinning hard drive.
     
  3. macstatic, Apr 7, 2015
    Last edited: Apr 7, 2015

    macstatic thread starter macrumors 6502a

    Joined:
    Oct 21, 2005
    #3
    Thanks for your help.
    Is there a way I can check if the permissions are correct now?
    How about the permissions on the boot drive -what should they be?

    I use two separate drives for much the same reasons as you; because I have an SSD for my apps/OSX, because it's easier to upgrade OSX with a setup like this and because not logging in as an administrator for normal day to day use should make things more secure.
    I first read about this kind of setup at the Mac Performance guide site here and here.
     
  4. Taz Mangus macrumors 68040

    Taz Mangus

    Joined:
    Mar 10, 2011
    #4
    Maybe I misunderstood what you posted. It sounded like you put the admin user on the hard drive where the OS is installed and the standard user on a separate hard drive. If that is the case, then I suggest you move the admin user to the same hard drive where you have the standard user account.

    This can fix the user account permissions: http://osxdaily.com/2011/11/15/repair-user-permissions-in-mac-os-x-lion/

    If the permissions are incorrect on the boot hard drive then I suspect things will start to not work correctly and you should be able to tell that pretty quickly.
     
  5. macstatic thread starter macrumors 6502a

    Joined:
    Oct 21, 2005
    #5
    You understood correctly.
    After installing OSX on the SSD drive I created an administrator user and a normal (non-admin) user. I then logged in as the admin, copied the "normal username" home folder over to the other hard drive. Having done that I opened the "Users & groups" system preference, then right-clicked on the "normal username" to access "Advanced options" where I chose a new path (the second hard drive) for where I had that account's home folder to.

    I always assumed that since the administrator had to do with OSX and everything else related to running/guarding the computer it would make sense to keep it on the same physical drive, so I never gave the physical placement of its home folder more of a thought, but you're saying I should move that account as well over to the other hard drive, alongside my normal user? I believe there's also a "guest user" which OSX has created by default but I've never understood the need for, but might need moving over as well.


    That's the ACL reset procedure. Already tried that, but understood it'll only touch the boot drive. So in my case this would "repair" all the boot-drive's permissions?


    Yeah, I do have some strange problems, hence this posting before looking into that any further (not being able to make drives invisible on the desktop whereas I could do that before upgrading and messing around with permissions)..
    So, I'm not sure I entirely understand who should have permission and where. I notice that my home-folder drive has me (normal user) with read/write priveledges, and likewise "staff". Lastly there's "Everyone" who has read only access (this is by doing a "get info" on the drive itself. The results are the same if I check out any sub-folder within my home folder.
    Do the terminal commands you told me about do the same thing as a "get info" of the drive in question, then changing the ownership by selecting "Make login_name the owner" along with "Apply to enclosed items"?
     
  6. Taz Mangus, Apr 7, 2015
    Last edited: Apr 7, 2015

    Taz Mangus macrumors 68040

    Taz Mangus

    Joined:
    Mar 10, 2011
    #6
    If you are going to move the users to another hard drive then it makes sense to move all users to the same hard drive including the guest account. By the way, not sure how you are copying over the user account data but I always use the ditto command from the terminal.

    If you look at the link it states:
    It's item #5, Reset Home Directory Permissions and ACLs that is suppose to fix the user account permissions not the boot hard drive. Don't confuse this with the Disk Utility Repair Permissions function.

    The terminal commands I gave you will make sure the user account has the correct ownership. The link I posted will fix the permissions. Every file on the system, include user account files, has ownership and permissions. Both have to be correct.

    Here is my suggestion, move all the user accounts to the separate hard drive. Repair the user account permissions after that and then do a clean install on the boot hard drive. This is the only way to make sure the OS system files have the correct ownership and permissions. Plus you will probably spend far less time doing an clean install than trying to figure where the permissions could be wrong.

    EDIT: Scratch what I was saying about using the "chown" and "chgrp" terminal commands I gave you because the link I posted, to correct the user account permissions, will probably also correct the ownership.
     
  7. macstatic thread starter macrumors 6502a

    Joined:
    Oct 21, 2005
    #7
    I'm going to try that out, but for now I'm having trouble copying over the administrator account from the SSD. It was suggested somewhere that you copy (as opposed to move) the home folder, then delete the original home folder later once everything is working from the new location.
    I'm not sure if I'm doing it right, but had expected the following to do it:

    1) open up the Terminal

    2) log in as the administrator user:
    $ login ADMIN_USERNAME

    3) copy the admin home folder to the new drive:
    $ cp -r /Users/ADMIN_USERNAME /Volumes/DRIVE_NAME/Users/

    However, although this copied the admin home folder it also skipped many files. I also tried "sudo" as in:
    $ sudo cp -r /Users/ADMIN_USERNAME /Volumes/DRIVE_NAME/Users/
    .. same result.

    What's the correct way to copy this folder?
     
  8. Taz Mangus, Apr 8, 2015
    Last edited: Apr 8, 2015

    Taz Mangus macrumors 68040

    Taz Mangus

    Joined:
    Mar 10, 2011
    #8
    Use the ditto command instead:
    For instance you have the user bob on the boot hard drive and want to copy the user to harddriveB. Both hard drives have a Users directory:
    The ditto command will also create the folder on the destination for you if it does not exist. Which means you don't have to create the folder first. So in the example, you would not have to mkdir /Volumes/harddriveB/Users/bob first.

    Before you use the ditto command I would suggest that you drag /Volumes/DRIVE_NAME/Users/ADMIN_USERNAME to the trash and then do the copy again using the ditto command.

    By the way, after you copy over the admin user and change its location in advanced options make sure to reboot and reset PRAM. OS X seems to store some information about the admin user in PRAM which needs to be reset when you change its location.
     
  9. macstatic thread starter macrumors 6502a

    Joined:
    Oct 21, 2005
    #9
    That all worked out fine in the terminal except I had to log in as the administrator like this:

    Code:
    $ login ADMIN_USERNAME
    $ sudo ditto /Users/USERNAME /Volumes/Files/Users/USERNAME
    Prior to this I created a second admin account so I wouldn't be locked out just in case something went wrong.
    I renamed the ADMIN_USERNAME home-folder on the SSD so as to distinguish it from the active one (now on the other HDD). It'll be deleted after testing everything for a few days.

    Oh, there's a "Shared" folder within the /Users/ folder as well, not a guest account as I had stated before. Should I move it over to the new ~/Users/ folder as well, or can I just delete the whole /Users/ folder on the SSD (after testing that everything is OK and deleting the additional admin user account from the "User & groups" system preference panel)?


    So permissions and ownerships are two different things in OSX? and the ACL reset fixes both to their correct, default settings for all accounts?
    I did a "Get info" of both user accounts on my HDD and noticed that the admin account had the following priveledges:

    ADMIN_USERNAME: Read & write
    staff: Read only
    everyone: Read only

    while my regilar (non-admin) account had the following:

    USERNAME: Read & write
    staff: Read & write
    everyone: Read only

    So I first ran the ACL reset procedure and checked the above again. Same settings, so nothing had been reset (or my settings were correct to begin with)
    Next I changed my regular account's staff status to "Read only" using the Finder's "Get info", so it would match the admin account's priveledge's (only with a different owner of course) and ran another ACL reset and finally checked it again using "Get info". Naturally I expected the "staff" priveledges to have been reverted, but they were just as I had changed them in "Get info" last time. So has something gone wrong here, or have I misunderstood what ACL reset and changing the priveledges in "Get info" do?
    My big question is how I should reset the priveledges of all my accounts and files to their default and correct values since that's where I messed things up to begin with.
     
  10. Taz Mangus, Apr 9, 2015
    Last edited: Apr 9, 2015
  11. macstatic, Apr 9, 2015
    Last edited: Apr 9, 2015

    macstatic thread starter macrumors 6502a

    Joined:
    Oct 21, 2005
    #11
    Not sure if I've got it right, but my permissions are now as follows:

    on the boot SSD:
    First, doing a "get info" on the drive itself:
    system: Read & write
    wheel: Read only
    everyone: Read only


    ... now for some of the folders on that drive:

    Users folder (/Users/)
    system: Read & write
    admin: Read only
    everyone: Read only

    Admin_Username home folder (/Users/ADMIN_USERNAME/)
    ADMIN_USERNAME: Read & write
    staff: Read only
    everyone: Read only

    "Shared" home folder (/Users/Shared/)
    system: Read & write
    wheel: Read & write
    everyone: Read & write


    Now for the other hard drive where I now have the user accounts/home folders after logging in as the normal user.
    First, "Get info" on the HDD itself (/Volumes/DRIVE_NAME):
    NORMAL_USERNAME (Me): Read & write
    staff: Read & write
    everyone: Read only

    Now the new ~/Users/ folder which should match /Users/ as I understand it:
    Users folder (/Volumes/DRIVE_NAME/Users/)
    system: Read & write
    NORMAL_USERNAME (Me): Read & write
    admin: Read only
    everyone: Read only

    Here I was first unable to remove myself ("NORMAL_USERNAME"), probably because I need to change ownership, but I didn't know the ownership of /Users/ though I guessed it was "system" as "Make system the owner" was greyed out, so I did that (taking care NOT to press the cogwheel again and selecting "Apply to enclosed items"). That seemed to work, I could delete "NORMAL_USERNAME" and I now have the same ownership as /Users/:

    system: Read & write
    admin: Read only
    everyone: Read only



    Admin_Username home folder (/Volumes/DRIVE_NAME/Users/ADMIN_USERNAME/)
    ADMIN_USERNAME: Read & write
    staff: Read only
    everyone: Read only

    "Shared" home folder (/Volumes/DRIVE_NAME/Users/Shared/)
    I did at first create a new folder within ~/Users/, renamed it to "Users", did a "Get info" but could not add the "wheel" user, so I simply copied it using the following commands which gave me that same folder (and contents) in the new location....
    Code:
    $ sudo ditto /Users/Shared /Volumes/DRIVE_NAME/Users/Shared
    followed by disabling the original folder:

    Code:
    $ cd /Users/
    $ mv Shared/ Shared_old
    This resulted in the same folder in the new location with the same permissions:

    system: Read & write
    wheel: Read & write
    everyone: Read & write

    At this stage I don't know if I should proceed with the terminal commands you quoted as I'm unsure if copying the folder (using "ditto") would result in issues further down the road as opposed to creating a new folder. I've left it alone for now.
     
  12. Taz Mangus macrumors 68040

    Taz Mangus

    Joined:
    Mar 10, 2011
    #12
    It all looks good. For the /Users/Shared folder what I do is create a symbolic link for it:
    Leave the /Users folder on the boot drive, don't get rid of it. Now I would suggest you do a Time Machine backup. Now you can proceed with doing the clean install on the boot drive if you like so that you can get straighten out the priviledges on the boot drive. You will need to create the user accounts again and change their locations in advanced options. Also you will need to setup the symbolic link for /Users/Shared that I showed above. One more thing, I would suggest that you enable root user but don't use it. If your user account hard drive were to ever fail then you could login in as root and create temporary accounts on the boot drive until you replaced the user account hard drive and setup it up again.
     
  13. macstatic thread starter macrumors 6502a

    Joined:
    Oct 21, 2005
    #13
    OK, I think I understand... I see that my boot SSD now has both the original /Users/Shared/ folder as well as a "Shared" folder with an alias icon on it. So I suppose I can just delete (or rename for now) the original "Shared" folder, perform the link commands, reboot, and OSX will then follow the alias and store whatever needs to go there on the other hard drive, right? I'll do a PRAM reset as well just to be on the safe side.

    Are there other ways to fix/default the permissions than reinstalling OSX from scratch? I'll also have to reinstall the apps as they spread their stuff around in the various OSX folders.

    I'll look into enabling the root user. Might come in handy some day.
     
  14. Taz Mangus macrumors 68040

    Taz Mangus

    Joined:
    Mar 10, 2011
    #14
    Yes, you can delete the original /Users/Shared folder. Maybe just re-apply the OS X 10.9.x install on top without erasing will fix the system files privileges.
     
  15. macstatic thread starter macrumors 6502a

    Joined:
    Oct 21, 2005
  16. Taz Mangus macrumors 68040

    Taz Mangus

    Joined:
    Mar 10, 2011
    #16
    You are welcome. Glad I was able to help.
     

Share This Page