Mavericks permissions? Help please.

Discussion in 'OS X Mavericks (10.9)' started by mrkgoo, Oct 23, 2013.

  1. mrkgoo macrumors 65816

    Aug 18, 2005
    Ok, so just regarding UID (user ID) and GID (GroupID), traditionally before about Leopard, the UID for the default user was 501 (username), and the GID was also 501 (username).

    After Leopard, the default became 501 (username), and 20 (staff) respectively, for default new users.

    Those that transitioned their users retained their 501 (username) as gid, which lead to some mostly cosmetic issues in Lion and beyond (when you get info for a file, it would have 'fetching' instead of what should have read 'staff').

    I rectified this by changing my user's primary gid to 20 in Lion and mountain lion.

    NOw after installing mavericks, I had the odd issue of having my UID as 501 (username), but my gid as 20 (username).

    And no, before anyone asks, repairing permissions using Disk Utility, or the user home folder permissions via resetpassword utility in the recovery partition did not fix anything.

    You can see which UID and GID you have by typing 'id' straight into terminal.

    you SHOULD see something like this:
    uid=501 (username) gid=20 (staff) groups= 20 (staff) etc....

    I saw:
    uid=501 (username) gid=20 (username) groups= 20 (username)

    That is, 'staff' did not exist in the list of groups.

    However, 'dscacheutil -q groups' showed that the staff group did in fact exist with the GID =20.

    Firstly, I wonder if anyone else has migrated their users since leopard or before and see anything like this.

    Secondly, if someone could be so kind as to check something for me.

    You see, I 'fixed' my issue, but I'm not sure if I was supposed to do it that way.

    What I did was:
    Opened Directory in /System/Library/CoreServices/Directory Utility

    Under the Directory Editor pane, you can select "groups" in the pull down menu (NOT Users), and you can see the set primaryGID listed there (and change it if you have admin access).

    Mine was at 20, which I assume was conflicting with the real staff group of 20 (which was also listed there).

    Now my request is for anyone who actually migrated their user from snow leopard to Lion or above, and still have their GID as 501 (username). Could someone please check their group username (note NOT under the user pane) has an GID the same as their UID?

    Again, check the GROUPS, NOT users, if your name exists under there.

    I want to see if it's supposed to be 501 (or whatever user ID your UID is), and that I was ok in changing it from the supposedly wrong 20. Note the staff group exists there with a primaryID of 20, so I'm guessing a conflict.

  2. SlCKB0Y, Oct 24, 2013
    Last edited: Oct 24, 2013

    SlCKB0Y macrumors 68040


    Feb 25, 2012
    Sydney, Australia
    username$ id
    uid=501(username) gid=20(staff) groups=20(staff),401(,12(everyone),61(localaccounts),79(_appserverusr),80(admin),81(_appserveradm),98(_lpadmin),501(access_bpf),33(_appstore),100(_lpoperator),204(_developer),398(,399(

    On at least BSD and Linux, your username uid and gid should be above 500. Below 500 are reserved for system accounts. Based on what you say, prior to Leopard, they were following this convention for OS X as well.

    My guess is if you have "uid=501(username) gid=20(username) groups=20(username)", this is not correct.
  3. mrkgoo thread starter macrumors 65816

    Aug 18, 2005
    Yes thanks - I know that's what it is SUPPOSED to be, but just wondering if anyone who has 501 (username) as their groupname (hangover from Snow Leopard) is able to tell me what the primary group ID entry in Directory Utility is. That is, whether my 'fix' was sufficient.

Share This Page