(SOLVED!) Best environment to repair permissions in?

Discussion in 'macOS' started by Diogones, Aug 17, 2012.

  1. Diogones, Aug 17, 2012
    Last edited: Nov 12, 2012

    Diogones macrumors regular

    Diogones

    Joined:
    Dec 23, 2009
    #1
    Hey all,

    As an avid Mac user and troubleshooter, I find that repairing permissions is something I do quite frequently, but I've heard differing ideas on how exactly to go about it. Some of the suggestions are:

    1: Boot into Safe Mode and launch Disk Utility

    2: Repair Permissions directly in your normal administrator account, while working normally

    3: Boot into the Recovery Partition, or if there isn't one, from the recovery/install media, and once in the recovery environment, repair from there

    4: Don't use Disk Utility to repair permissions; use a third-party Utility such as Lion Cache Cleaner or Disk Warrior

    5: Boot into Single User Mode and repair permissions from the command line

    While I'm sure you could repair permission using any one of these approaches, I was wondering which was the most effective at bringing permissions up to date with the latest changes to your accounts, documents, and programs. I think just repairing in Safe Mode or regular mode would work fine, right?
     
  2. Intell macrumors P6

    Intell

    Joined:
    Jan 24, 2010
    Location:
    Inside
    #2
    Number 2 would be the closest. But having a separate user account just for admin privileges doesn't increase security if the only person using the machine is you.
     
  3. Diogones thread starter macrumors regular

    Diogones

    Joined:
    Dec 23, 2009
    #3
    Thanks for your prompt and helpful reply, Intell! Right, what I meant by option two was that a user would repair their permissions logged in normally. I used the word "administrator" because that is what most users' accounts are.

    As for keeping a separate admin account, sure I could see that giving you more security, because even though you may be the only person using it, if you are not logged into an admin account directly, and keep the password separate from yours, and do not automatically log into it, these measures can help prevent an unwanted program or other unauthorized process that requires admin privileges from installing or running, respectively.

    Granted, the separate admin account method is much more effective if you have multiple users, as you could prevent an inexperienced user from messing with system files, for example, but I still see it protecting a single user setup, even just a little.
     
  4. Intell macrumors P6

    Intell

    Joined:
    Jan 24, 2010
    Location:
    Inside
    #4
    The slight flaw in the logic of having a separate admin and non-admin account to increase security on a one person only Mac is that there isn't anything that can can harm without you entering your password.

    Be it having to first enter your user name and then password or just the password, there is no extra security added. On Mac OS X, the user's processes run as the user without superuser privileges. The only way to get superuser privileges is by entering an admin password or via a software exploit. Both ways happen on a standard Mac OS X user account.

    That way of thinking was valid for Windows 2000 and XP when every process ran with superuser privileges if the user account was as admin. However, Microsoft has made strides to correct that problem with Vista and 7's User Account Control feature. That very feature is analogous to Mac OS X requesting a password to do any superuser activity.
     
  5. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #5
    Some people repair, or recommend repairing permissions for situations where it isn't appropriate. Repairing permissions only addresses very specific issues. It is not a "cure all" or a general performance enhancer, and doesn't need to be done on a regular basis. It also doesn't address permissions problems with your files or 3rd party apps.

    Five Mac maintenance myths
    There are times when repairing permissions is appropriate. To do so, here are the instructions:
    If repairing permissions results in error messages, some of these messages can be ignored and should be no cause for concern.
     
  6. Diogones thread starter macrumors regular

    Diogones

    Joined:
    Dec 23, 2009
    #6
    Wow, thanks a ton for your very informative post GGJstudios! I've run the permissions repair on a Snow Leopard machine after installing the latest update, and it fixed a sound issue I had with the Mac where there was no sound but the volume was turned all the way up. In that case, it fixed the installer files which caused the problem, but it doesn't fix third party installs. Thanks for the tip!

    OK, I got the clarification now Intell; thank you for breaking down the whole separate user account issue. I realized that it was widely used for Windows XP, but I didn't realize it was necessary for the Mac.

    However, I do see the advantage of having a separate user account in the context of an IT admin situation. Since the sysadmin could have a user account that isn't a part of the host machine, but administers the computer, the user would not only have to guess the password, but would also have a hard time filling in the user name field as well, since the user account name wouldn't be in the User Accounts preferences pane.

    Of course, on a one person Mac, there would only be two accounts: your standard account, and the admin account (not including a shared or guest account). With that in mind, someone trying to infiltrate the computer wouldn't be deterred by having to enter the admin username, as it would be plain to see in the User Accounts preferences pane, and could thus be freely copied.
     
  7. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #7
    On a Mac with only one user, you only need one account, which is by default an admin account. There is no advantage to be gained by setting up a separate standard account.
     

Share This Page