Permissions help (beyond disk utility)

[memco]

I am attempting to fix a system wherein there some major permissions issues. Running the repair permissions tool in disk utility does not fix them. The machine in question is having issues saving files and preferences and has run into a number of programs that don't work correctly. Background is below, but if you have any suggestions, Bash scripts, programs, etc. that can help fix this issue, I'd be very grateful.

This all started when the owner tried to delete a portion of Integro's Virus Barrier X. Their system refused to boot afterward. I was able to mount the computer in target disk mode, so I tried to backup as much as I could onto an external drive; only, I was told I didn't have permission to copy the files. An apple support rep confirmed my suspicion that the only way to deal with this would be to either go through and manually track down the file or do a global "apply to enclosed items" permissions change to the problem areas. Knowing it was probably a bad idea, I tried my best to avoid this, but there didn't seem to be another way. After backing up, I performed a reinstall from the recovery disk and Lion boots fine, but I am now having the issues above.

 

[Macman45]

At this stage, and with DU unable to help, I would give Onyx a try....it's more powerful than DU and has extra tools to repair permissions, clear out leftover files etc.

Read the instructions carefully prior to use.

http://download.cnet.com/OnyX-Lion/3000-18512_4-75531645.html

 

[Michaelgtrusa]

You can also try.... http://www.macupdate.com/app/mac/6440/batchmod

 

[memco]

Though Onyx can do more, I think it's only using the same utilities as DU.

I found this article, which gives some information on how to do it in terminal, and also includes information on how to use the ACL reset in the password recovery utility.

I'm on Lion, and BatChmod doesn't indicate Lion compatibility. Do you know of any issues using it?

 

[Michaelgtrusa]

Though Onyx can do more, I think it's only using the same utilities as DU.

I found this article, which gives some information on how to do it in terminal, and also includes information on how to use the ACL reset in the password recovery utility.

I'm on Lion, and BatChmod doesn't indicate Lion compatibility. Do you know of any issues using it?

I ran across it on another site claiming that Apple support recommended this to use in lion.

 

[memco]

Thanks, I'll give BatChmod a try. I also found mention of AppleJack, I'll give that a go as well. I am able to save files again, but still have issues with preferences not being saved properly.

EDIT: I was looking at an old download page. Found the correct one, which indicatesLion compatibility. Thanks again.

 

[Michaelgtrusa]

Thanks, I'll give BatChmod a try. I also found mention of AppleJack, I'll give that a go as well. I am able to save files again, but still have issues with preferences not being saved properly.

EDIT: I was looking at an old download page. Found the correct one, which indicatesLion compatibility. Thanks again.

Get it working?

 

[memco]

Well, the issue seems to run pretty deep. There are a number of files that have custom permissions with everyone set to Custom. I cannot remove it no matter how I try. Even using chmod as root in single user mode with the -E flag set does not remove it. I would be interested in any other potential solutions.

 

[memco]

Ok, I finally got everything cleared.

To recap, I had a user who was unable to save files, change preferences, move, copy or delete files all because of permissions issues. The issue seemed to stem from the user having two entries for "everyone" in the sharing and permissions section of the get info, which had a value of "Custom". This could not be changed or deleted, even by clicking the lock in the bottom right and authenticating as an administrator. I suspect that this might be the result of Integro Software's Security Barrier, but I am not 100% sure.

I am unsure of what actually made it stick. I will say BatChmod is probably going to be me go to app for stuff like this again. It is quick and easy. Here are my recommended steps for any potential future visitors:

NOTE: this should not be used for system files, however, this should be safe for files in your user's home folder. As always, make sure you have a backup before attempting this.

1. Try using BatChmod to set any misbehaving (user) files to Owner: <username> with RWX all checked, Group: Staff, staff and everyone should only have the R option checked. Check the boxes to clear ACL's, reset ownership and permissions, and unlock.

2. If that fails, open Terminal and use the command:

sudo chmod -RN <file>

Be sure to replace "<file>" with the actual filename of the file you want to reset. It is probably just safest to drag the file or folder you need onto the terminal window after typing "sudo -RN ". You can perform this action on files or folders. This will recursively reset ACLs (access controls) for any files/folders within the specified folder. If, like me, you need to do this for documents and library files, it is fine to use:

sudo chmod -RN ~

This will reset all permissions on the user's home folder. But, there's still more to do at this point.

3. Reboot your computer into recovery mode (Lion) or boot to the OSX install disk for your operating system (I think this will only work as far back as Snow Leopard, but I could be wrong). Select your language then go the utilities menu and select Terminal. Then type in:

resetpassword

Hit enter. This will open a window to reset the user's password. It will also have a section at the bottom to reset permissions and ACLs on the user's folder. Make sure that you select the user account from the drop down menu up top, then click the reset permission button. Wait for the little loading icon to disappear. Go to the apple menu and select reboot.

Everything should now be working properly.

4. If it's not. Restart your computer, holding command+s to boot into single user mode and follow the commands recommended here.

I went through several reboots, a few different utilities and numerous terminal commands. I do not know why certain things seemed to work and others don't, but it is possible to recover from this nightmare eventually.

 

[oregondean]

Enabling remote volume for Time Machine

Turn off File Sharing in the Server application.

Run these two commands in an OS X Terminal window, replacing MyShare in each line with the name of the network share you want to enable for TimeMachine:

sudo defaults write /private/var/db/dslocal/nodes/Default/sharepoints/MyShare timeMachineBackup '(1)'

sudo defaults write /private/var/db/dslocal/nodes/Default/sharepoints/MyShare timeMachineBackupUUID $(uuidgen)

You'll be prompted for the server admin password when you run these commands.

Turn File Sharing back on in the Server application.


Source: http://serverfault.com/questions/326764/add-multiple-time-machine-shares-in-mac-os-x-lion-server