Ouch - Big Permissions Problem.

Discussion in 'macOS' started by phospholipid, Dec 12, 2011.

  1. phospholipid macrumors newbie

    Joined:
    Dec 12, 2011
    #1
    I have a buddy running a PowerBook G4 with 10.5.x. It's been going great. However - oh, and let's not dwell on this - she decided to "make her computer more secure" and in doing so she changed permissions on her computer and then restarted. She told me that she did "get info" on "something" and changed permissions on "Other" to nothing. I know I know... again, let's not dwell.

    I'm not sure what she changed them on, exactly, but I'm pretty sure she had selected the icon for her hard drive. So, she made it so Other couldn't access her whole drive. I'm not 100% sure, but from what she says and what I'm seeing, I think that's what happened.

    I booted the machine in target mode and it wouldn't even show up on another mac. Ok, so I booted to SUM. First I tried to run applejack, knowing it would fail on the permissions step. The drive check.repair went well. Everything checked out. There were a few minor problems. But, as expected, permissions repair wouldn't run - more specifically, it ran, but it said everything was off limits.

    So, I booted to SUM again. I did sbin/fsck -fy - once again, everything was fine. So, I ran sudo chmod -R 755 / and this is what I got:

    sudo: can't open /private/etc/sudoers: Permission denied
    root# sendmail: warning: valid_hostname: empty hostname
    sendmail: fatal: unable to use my own hostname

    Sudo is having an identity crisis.

    So, what is going on? Will I have better luck if I take the drive out and put it in a carriage?

    Oh, wait... at one point I ran the chmod command without sudo, and it started to run through every single file on the drive, which pleased me at first. I thought, "Great, it can see all the files so everything is there. And it's changing things to make them usable." But then I noticed that only the first half was true, for after every file it said, "Read-only file system".

    Any thoughts?
     
  2. r0k macrumors 68040

    r0k

    Joined:
    Mar 3, 2008
    Location:
    Detroit
    #2
    It's almost time for a melt and repour. If you can boot from an OS X usb or DVD, you can go in and chmod 755 everything on the drive because you booted from another filesystem. In fact, this might be the fix for the entire problem. Wait for it to finish and then reboot and see if things are back to normal. No. Wait. Those permissions will add execute and read permissions to every file on the system. So it will open up your friend's home folder to outside user(s). The next step, after the system is running "normal" is to go in a bash shell and make ONLY HER HOME FOLDER 750 so other users can't see inside.

    The next step in the melt and repour would be to take ownership of every file on the system. This would mean you could suddenly read everything (as root) and once you could see everything again, and set it all to 755, you could then go in and give ownership of your friend's files back to your friend again.

    The final step in the melt and repour is to format and reinstall OS X. Let's hope it doesn't go this far as I bet your friend didn't back anything up before they did the system-wide permissions change, did they?
     
  3. Mal macrumors 603

    Mal

    Joined:
    Jan 6, 2002
    Location:
    Orlando
    #3
    Those permissions are going to seriously screw things up. Might get it to a better stage, but an OS reinstall is pretty much guaranteed here. The system is not designed for 755 permissions with the same ownership throughout the whole drive, and many things will break (granted, they're already broken, but setting them that way won't fix everything).

    OP, you need to boot from an OS install disk, try to repair permissions, and then reinstall the OS. Don't format the drive unless it just won't let you install without doing that, it should be able to preserve the files.

    jW
     
  4. r0k macrumors 68040

    r0k

    Joined:
    Mar 3, 2008
    Location:
    Detroit
    #4
    Agreed. Explicitly adding 755 when the only thing the OP's friend messed up was "other" is overkill. Perhaps o+rx might be the thing to try from the command line. Remember "repair permissions" only applies to OS installed files so while it may fix /Applications and /bin it may not fix areas in /Library that were messed up by the OP's friend's original mistake.

    I also agree about the attempt to reinstall without reformatting. However, if the reinstall simply copies files and doesn't do anything about permissions, it might crash in the middle of the install leaving things just as messed up.
     

Share This Page