What's With Leopard Permission Repair? - ehMac.ca
Facebook
Twitter
YouTube
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read Advertise


Reply
 
LinkBack Thread Tools Display Modes
Old Dec 5th, 2007, 10:36 PM   #1
Resident Curmudgeon
 
SINC's Avatar
 
Join Date: Feb 2001
Location: Central Alberta
Posts: 86,945
Send a message via AIM to SINC
What's With Leopard Permission Repair?

Ever since I left Tiger behind, permission repairs have sucked. I tired again tonight and when I saw, "estimated time less than one minute" I had hope.

Eight and one half minutes later, I got this on my brand new MBP:

Repairing permissions for “Macintosh HD”
Warning: SUID file "usr/libexec/load_hdi" has been modified and will not be repaired.
Warning: SUID file "System/Library/PrivateFrameworks/DiskManagement.framework/Versions/A/Resources/DiskManagementTool" has been modified and will not be repaired.
Warning: SUID file "System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Versions/A/Resources/Locum" has been modified and will not be repaired.
Warning: SUID file "System/Library/PrivateFrameworks/Install.framework/Versions/A/Resources/runner" has been modified and will not be repaired.
Permissions differ on "private/var/log/secure.log", should be -rw------- , they are -rw-r----- .
Warning: SUID file "System/Library/PrivateFrameworks/Admin.framework/Versions/A/Resources/readconfig" has been modified and will not be repaired.
Warning: SUID file "System/Library/PrivateFrameworks/Admin.framework/Versions/A/Resources/writeconfig" has been modified and will not be repaired.
Warning: SUID file "usr/libexec/authopen" has been modified and will not be repaired.
Warning: SUID file "System/Library/CoreServices/Finder.app/Contents/Resources/OwnerGroupTool" has been modified and will not be repaired.
Warning: SUID file "System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent" has been modified and will not be repaired.

Permissions repair complete

When will Apple do something about this now useless and aggravating feature in Leopard?
__________________
Visit my website:
St. Albert's Place On The Web
(Over 3.7 million folks have.)
SINC is offline   Reply With Quote
Sponsored Links
Advertisement
 
Old Dec 5th, 2007, 10:44 PM   #2
Full Citizen
 
Cole Slaw's Avatar
 
Join Date: Aug 2005
Location: Interior B.C.
Posts: 140
I get the same thing when I repair permissions in Leopard.
It just seems to go on forever compared to how it worked in Tiger.
__________________
Mac Mini (2012) 2.3 i7/960gb ssd + 1tb /16gb RAM | 27" Thunderbolt Display | 13" MacBook Pro (2015) 2.7/i5/256gb + 128 gb Transcend/8gb RAM
Cole Slaw is offline   Reply With Quote
Old Dec 5th, 2007, 11:34 PM   #3
Full Citizen
 
Join Date: Mar 2005
Location: Toronto, ON
Posts: 492
For some reason, it takes forever.

There were a few threads in the Apple discussion forums on this. They suggested reinstalling 10.5.1 update via download/install (as opposed to software update).

EDIT: An Apple Tech Note talks about this, but only says these messages can be safely ignored.

For me it cleared out all those error messages, but the detect/repair still takes a while.

I'm on a MBP 2.16, 3GB ram...
Jeepdude is offline   Reply With Quote
 
Old Dec 6th, 2007, 12:47 AM   #4
Full Citizen
 
Join Date: Apr 2004
Location: Port Coquitlam, B.C.
Posts: 619
I've read the same as what Jeepdude mentioned (download and install) and that's how I updated.

So far as I can guess it seems that Apple has to figure out just how the new Access Control Lists will be handled by Disk Util. Actual permission repairs seem reasonably swift once they start. DU may be comparing the ACLs with the Unix permissions which seems to take time.

This is all my opinion / guessing. No proof.
Orion is offline   Reply With Quote
Old Dec 6th, 2007, 01:10 AM   #5
Honourable Citizen?
 
GratuitousApplesauce's Avatar
 
Join Date: Jan 2004
Location: Isle in the Salish Sea
Posts: 4,853
OK, I'm waaaaaaaaaaay out of my depth here and I seem to be having some very annoying problems with permissions under Leopard.

I was trying to move some of my music files around within my /Users/(myStandard-nonAdminUser)/Music folder and migrate a bunch of backlogged .mp3s into my iTunes folder Music/iTunes/iTunes Music folder. I discovered that to move them or change the names of any of the folders and files - many of which I had created - I was being prompted for my admin password. In some cases even the admin pass wouldn't allow me to change the names.

So I tried fixing the permissions from within the Get Info window. No effect. What I saw on the Get Info window of the affected files was a note under Sharing & Permissions reading "You have custom access" instead of the usual "You can read and write".

I knew enough about using the Terminal to be able to look at files in there and view the exact permissions. The affected ones were -rwx---rwx+ or [email protected]

I started looking around the web for how to fix this and found a page on the macosxhints forum, where some quite knowledgeable people mention how Apple has introduced ACLs (Access Control Lists) into Leopard. Permissions Nightmare With Leopard

This is starting to look like a nightmare to me.

I followed the advice of the final post in the thread which recommended using the command chmod -R -a# 0 to eliminate the ACLs attached to the permissions. I did not apply this to my whole home folder as was recommended, but just applied it to a few directories within the Music folder to see if it would work. It seemed to be working OK, but the first thing I discovered was that it was going to be tedious. The change doesn't seem to propagate downwards through many or all directories. I tried applying it up the directory chain a bit but it didn't seem to work in that case either.

So far, this seemed somewhat annoying until I realized that this permission problem is through files all over my home folder and Documents folder. Now I'm really annoyed. I tried making changes to the names of graphics files, spreadsheet and text files throughout the folder and found that I couldn't do this or put them in the trash without an admin password. In some cases the admin pass wasn't enough and in one case I found that even using my root password didn't do it. Now I'm more than really annoyed.

At this point I'm looking at a huge amount of work to downgrade to Tiger or methodically go through a ton of files using chmod.

I'm not sure what to do at this point since I don't really know what's going on and I don't want to make anything worse. This could be a case where a little bit of knowledge is a dangerous thing, although I was being quite conservative about any of the Terminal changes I made. From what I'm reading on the web about this it looks like Apple has really dropped the ball with their permissions implementation in Leopard.

Anyone have any ideas?

Is this what it's like in the land of MS Windows?
__________________
The price of apathy toward public affairs, is to be ruled by evil men. -- Plato.
GratuitousApplesauce is offline   Reply With Quote
Old Dec 6th, 2007, 02:39 AM   #6
Assured Advertiser
Honourable Citizen
 
MacDoc's Avatar
 
Join Date: Nov 2001
Location: Planet Earth.....on FASTER boil :-(
Posts: 30,834
You'll notice that several utilities, SuperDuper, iDefrag, Onyx etc are not yet up to Leopard support.

There are clearly still some issues in handling the changes in the deep file structure.



__________________
In Australia and the web site is out of date.
Lots of good deals on Retinas, previous high end MacPros and current MacPro 6 core bundles in stock. [email protected]

Last edited by MacDoc; Dec 6th, 2007 at 04:08 AM.
MacDoc is offline   Reply With Quote
Old Dec 6th, 2007, 03:38 AM   #7
Honourable Citizen
 
chas_m's Avatar
 
Join Date: Dec 2007
Location: Victoria BC
Posts: 11,953
Send a message via AIM to chas_m
Re: What's With Leopard Permissions Repair?

Permissions repair under Leopard does not take noticeably longer (though I'm sure it's slightly longer) than it did in Tiger.

I did an A&I which cleaned up my "highly tweaked" system nicely, maybe that's the reason -- I don't know.

This thread got me curious so I decided to time the repair just now: 1 min, 10 seconds. Seems a bit slower than Tiger but nothing to write home about ...
chas_m is offline   Reply With Quote
Old Dec 6th, 2007, 09:19 AM   #8
Full Citizen
 
Join Date: Dec 2005
Location: londonon
Posts: 376
Quote:
Originally Posted by GratuitousAppleSauce
I discovered that to move them or change the names of any of the folders and files - many of which I had created - I was being prompted for my admin password.
There could be more than one cause for this. For one, there appears to be a bug in how permissions work in Leopard (i.e. they don't work as it is supposed to), affecting both the "Finder" and unix layer. Another possible issue is ACLs - in Leopard, users' "home" folders and most of their standard "top level" folders ("Desktop", "Documents", etc.) have the "group: everyone deny delete" rule that prevents deletion and moving (renaming counts as removing) of any items with that ACE. The problem is that the stupid new "Get Info" interface does not show this rule, yet allows a user to apply it to "enclosed items". So a user might make an intentional change to the permissions on eg. the "Music" folder to allow someone else access, then use "apply to enclosed items", not realizing that they are also transferring the ACLs at the same time. Then, since "Get Info" doesn't even display negative ACEs, the user can't get rid of it (or even know that they are there) without going to the command line.

Quote:
Originally Posted by GratuitousAppleSauce
The change doesn't seem to propagate downwards through many or all directories.
The command 'chmod -R -a# 0...' just removes the first rule of the named item. If there is more than one rule, the former rule #1 becomes rule #0 (and so on) and the command would have to be repeated until all rules are gone. And as you noted, the command only acts on the named item but not on any contents if the item is a directory.

Assuming you own all of the files, all ACLs on a folder and it's contents can be stripped using:
Code:
chmod -RN /path/to/folder
Note that this may not be what you want since an ACE is used when access rights to some user are granted using "Get Info" - that would be stripped as well. But you could just add those back (and use "apply to enclosed items" at that point). After doing all that, if the folder being worked on is the "home" or one of the "standard" folders, it might not be a bad idea to put the original ACE back as well, which was probably intended to prevent the user from accidentally deleting eg. their whole "Documents" folder (something a poorly designed "column view" increases the possibility of). i.e.
Code:
chmod +a "everyone deny delete" /path/to/folder
biovizier is offline   Reply With Quote
Old Dec 6th, 2007, 10:52 AM   #9
Honourable Citizen
 
Join Date: Mar 2000
Posts: 2,804
Here's an idea. STOP repairing permissions. Seriously - this is such a troubleshooting red herring it's not funny. Back in MacOS 9 and earlier it was "rebuild your desktop" and "zap your PRAM". Now it's repair permissions.

What do you think will happen to your Mac if your secure.log has permission -rw-r----- and not -rw-------?

If you do not know the answer, then stop worrying about permissions.
hayesk is offline   Reply With Quote
Old Dec 6th, 2007, 11:07 AM   #10
Mac Guru
 
monokitty's Avatar
 
Join Date: Jan 2002
Posts: 14,627
Quote:
Originally Posted by hayesk View Post
Here's an idea. STOP repairing permissions. Seriously - this is such a troubleshooting red herring it's not funny. Back in MacOS 9 and earlier it was "rebuild your desktop" and "zap your PRAM". Now it's repair permissions.

What do you think will happen to your Mac if your secure.log has permission -rw-r----- and not -rw-------?

If you do not know the answer, then stop worrying about permissions.


Excellent post!
__________________
ACMT
MacBook Pro (15-inch, Mid 2012) 2.3 GHz Core i7, 16GB, 256GB M4 SSD
iPhone 8 - 64GB S/GSound System Audio Engine A2Display UltraSharp U2412M 24"
Custom Built Gaming PC Kaby Lake Edition | 16GB DDR4 | GTX 1070 8G
monokitty is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Leopard versus Frankenmac! Macaholic Anything Mac 19 Nov 10th, 2007 02:36 PM
PB 12 with Leopard: can't repair permissions Pelao Mac, iPhone, iPad and iPod Help & Troubleshooting 4 Nov 10th, 2007 02:24 PM
Leopard and Filemaker7-9 a non starter + more nasssty MacDoc Anything Mac 8 Nov 1st, 2007 02:26 PM
Leopard??..we could not agree more MacDoc Anything Mac 12 Oct 18th, 2007 01:15 PM
Leopard Opinion saxamaphone Anything Mac 7 Oct 3rd, 2006 11:54 AM


All times are GMT -4. The time now is 05:06 AM.



Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright © 1999 - 2012, ehMac.ca All rights reserved. ehMac is not affiliated with Apple Inc. Mac, iPod, iTunes, iPhone, Apple TV are trademarks of Apple Inc. Content Relevant URLs by vBSEO 3.6.0 RC 2

Tribe.ca: Urban living in Toronto!