How to change ownership of all files and folders under another user?

Discussion in 'macOS' started by DrD, Mar 8, 2010.

  1. DrD macrumors member


    Aug 9, 2007
    Not too long ago I went through a process of changing my user in OS X to another name. It seemed to go smoothly enough. However many of my old applications are owned by an "_unknown" now. This is fine and dandy, except that every time I go to rename or move something in these places, it either has to authenticate or just tells me I'm not allowed.

    What would be a simple, effective way to change ownership on all files/folders tied to "_unknown" to my current user?
  2. ScoobyMcDoo macrumors 65816

    Nov 26, 2007
    Austin, TX
    Here is something to try. Open a terminal and cd to the directory you want to change the owner of such as

    cd /Applications

    Then just to test, see if this gives you a list of all the files that have the _unknown ownership

    find . -nouser

    If that doesn't work, try

    find . -user _nouser

    I think the first one will work. If it does try this

    find . -nouser -exec chown newuser:newgroup {}\;

    You will probably have to run that as root.

    By the way, none of this is tested, so use at your own risk.
  3. Hal Itosis macrumors 6502a

    Hal Itosis

    Feb 20, 2010
    There is something not quite right here... because the real "_unknown" user (uid 99) never causes access problems for anyone. I get the feeling you are relying on Finder Get Info windows to get this information... and those are just too incomplete to paint a proper picture of permissions reality. What some Finder Get Info window refers to as "unknown" is more likely your former user account name (or id), and totally different from the Directory Services user entity called _unknown. [yeah, it's confusing... i agree. Finder's bad, not mine.]

    To see what's really happening requires Terminal. We first need to know some stuff about your user via the id command:


    Then we need to see a listing of some problem folder. Normally we don't need sudo for such listings... but in order to detect the presence of any real "_unknown" user ownerships (or group memberships), sudo is necessary.

    sudo ls -alOe

    With the information supplied from those two commands, we can see what's really happening and recommend the right fix.
  4. DrD thread starter macrumors member


    Aug 9, 2007
    uid=502(******) gid=20(staff) groups=20(staff),204(_developer),100(_lpoperator),98(_lpadmin),81(_appserveradm),80(admin),79(_appserverusr),61(localaccounts),12(everyone),101(

    drwxr-xr-x 12 501 admin - 408 Mar 8 13:11 .
    drwxrwxr-x+ 59 root admin - 2006 Mar 8 13:01 ..
    0: group:everyone deny delete

    Is that what you needed?

    For the sake of anonymity, refer to my old user as "sam", and the new one as "max"
  5. Hal Itosis macrumors 6502a

    Hal Itosis

    Feb 20, 2010
    It's best to show the command as well... because now i have to guess where that folder is. I will assume you should own it then (and just hope that assumption doesn't prove false later on). It would appear that you listed some subfolder of /Applications, and clipped out the 10 items it contains (12 - 2 = 10).

    Okay... your current uid is 502 (which we could say belongs to "max"), and apparently your former "sam" account was uid 501. Note there how the number 501 appeared in that listing, instead of the name? Terminal is showing us the true owner. And —by displaying the number instead of a name —is also telling us that id currently has no known username (no account).

    So in this particular case, it looks as if we want to find items owned by uid 501 and transfer ownership to 502. One way to fix your situation is to do that specific conversion:

    sudo find -x /Applications -user 501 -exec chown -hv 502 {} +

    • i focused specifically on the /Applications folder (and all its children)
    • i made sure we don't mess with other ownerships (root should own Safari, etc).
    • that command (as written) only works in Leopard or higher... so if you have Tiger, let me know.
    • i added the -v option so you'll get a list of every item whose ownership was changed
    • the -h option includes symlinks

    Another possible approach (more general) is to look for stuff owned by users other than your current user or root and tweak those:

    sudo find -x /Applications \( -not -user `id -u` -a -not -user 0 \) -exec chown -hv `id -u` {} +

    I would say it's best to avoid that one because it could prove fatal if run on some folder other than /Applications. I only threw it out there because it is more flexible... i.e., it isn't limited to just fixing a 501/502 problem. Though... if several users share one Mac, it could give one of them more ownership over stuff in /Apps than necessary. And again, running on some folder other than /Apps would be risky.

    Bottom line, i'm pretty the first command (customized for your specific problem) will straighten out /Applications quickly and safely.
  6. Hal Itosis macrumors 6502a

    Hal Itosis

    Feb 20, 2010
    I just want to throw this out there:

    When a Mac belongs to one person, it may not be mandatory that they stick with uid 501... but i think it makes life a lot less complicated. I'm not sure why you went through that "process", or what that process was... but apparently it changed your uid from 501 to 502.

    The Unix/permissions layer doesn't really care about a user's name... it cares only about uid number. The name is a string for human consumption and convenience. Under the hood, the permissions are all enforced by uid number. By staying with uid 501, i have an easy time when i connect my various Macs together and start moving stuff around between them (and external disks).

    I think that the 501-->502 change you originally enacted (before starting this thread) was unfortunate and unnecessary. Because... just like these items in /Applications became a hassle, so too might files on other disks (backups, etc.) become problematic (if permissions are enabled on those disks), and certainly if you have other Macs (or add one in the future), this current user with uid 502 will eventually necessitate extra authorizations somewhere else down the line.
  7. DrD thread starter macrumors member


    Aug 9, 2007
    I'm not as familiar with under the hood unix as you are. Long story short, when I got my mac and it walked me through its "new computer" routine, I somehow missed that it made my username the same as my silly email address (minus @etc). This annoyed the hell out of me to no end, as I failed to notice until a few days later, after I got everything installed and working.

    Several months later, I found an apple specific approach to changing my username to what I originally wanted. And it did, everything from my home folder to my login. It turned out quiet nicely really, except for that subtle applications issue.

    If going from 501 to 502 is bad, would the opposite approach work? Can I keep my current user ID, change it from 502 to 501 somehow, and then run that command to change ownership of all files/folders from 502 to 501?
  8. calderone macrumors 68040


    Aug 28, 2009
    Yes you can:

    dscl . -change /Users/shortname UniqueID 502 501
    You can then use the commands given above to change ownership.
  9. DrD thread starter macrumors member


    Aug 9, 2007
    That seemed to do the trick. I ran:

    dscl . -change /Users/max UniqueID 502 501

    and then ran

    sudo find -x / -user 502 -exec chown -hv 501 {} +

    Just switched 501 and 502 around, and ran it on the root folder '/' instead of just /Applications.

    Only snag was that eventualy it said "out of memory", heh. So I just ran it on the indivdual sub folders:

    sudo find -x /Users/max -user 502 -exec chown -hv 501 {} +

    sudo find -x /Applications -user 502 -exec chown -hv 501 {} +

    sudo find -x /System -user 502 -exec chown -hv 501 {} +

    sudo find -x /Library -user 502 -exec chown -hv 501 {} +

    And that seems to have worked. I did get a little scared at first when suddenly I didn't have access to stuff in my home folder, but upon restarting it works like a charm (still logged in as 502 on the previous session I presume).

    Now ID gives me:
    uid=501(******) gid=20(staff) groups=20(staff),204(_developer),100(_lpoperator),98(_lpadmin),81(_appserveradm),80(admin),79(_appserverusr),61(localaccounts),12(everyone),101(

    And more importantly, ownership on everything is now set to 501. No more pesky ownership issues in my Applications folder.

    Thanks so much for your help and for pointing me in the right direction everyone! Cheers.
  10. Hal Itosis macrumors 6502a

    Hal Itosis

    Feb 20, 2010
    Should be possible. The command calderone posted looks right, except it need to be prefixed with sudo (unless the terminal is running a root shell). There is also a GUI method available via System Preferences --> Accounts Advanced Options you could consider using.

    Well sort of. The command i posted focused exclusively on the /Applications folder. Not having done a uid conversion myself (using either dscl or the 'Advanced Options' GUI method, i'm not sure what all extra steps may be needed (as opposed to what all does Directory Services change on its own when done using either of those techniques).

    Most likely, your home folder will need the 502 -> 501 reversion. [again, i would think going through System Preferences --> Accounts (Advanced Options) would handle that part for us... but i've never tried it.]

    But if we need do it ourselves, then the command i previously posted would need to target something besides just the /Applications folder (as well as reversing the 501/502 order):

    sudo find -x ~ -user 502 -exec chown -hv 501 {} +

    There i changed the order and substituted /Applications with ~ [where the tilde (with no user specified after it) is a shortcut meaning /Users/you]

    Alternatively (instead of targeting one folder here and one folder there) the entire HD could be processed as a whole with:

    sudo find -x / -user 502 -exec chown -hv 501 {} +

    ...where the slash means searching the entire HD [and the -x prevents wandering inside other mounted volumes or shares]

    I just hope your uid actually is 501 before you run any of those. That condition can be verified, by looking at id (as above) or with:

    dscl . -read ~ RecordName UniqueID

    [no sudo needed there, for just reading]


    EDIT: Oh wow... that's what happens when i spend too much time on a post. :D

    Okay, i didn't see your 5:09 PM message until just now. It seems pretty strange that the dscl command worked for you without sudo... but other than that, good job.
  11. Hal Itosis macrumors 6502a

    Hal Itosis

    Feb 20, 2010

    $ dscl . -read /Users/halito UniqueID
    UniqueID: 501
    $ dscl . -change /Users/halito UniqueID 501 502
    <main> attribute status: eDSPermissionError
    <dscl_cmd> DS Error: -14120 (eDSPermissionError)

    $ dscl . -read /Users/halito UniqueID
    UniqueID: 501

    As i expected... [needs sudo]

Share This Page