Permissions are not letting me...

pixmaniowa

pixmaniowa

Registered
I am major problems with permissions (or something) on my drives.
Every time I want to move or delete anything I have to authenticate.
I have repaired permissions and repaired the hard drive multiple times.
I have purchased a new drive, done a fresh install of Snow Leopard from the disk that came with the computer (MBP late 2010) Upgraded to lion, and completely updated the computer before migrating my info with migration assistant.
I have external drives with the "ignore permissions on this drive" box checked. And I have gone in and manually given out permissions to users when completely blocked out of a folder. Such as... I have my iTunes Media on an external USB drive. Today my appleTV2 stopped accessing my movies and photos from Home share. I went to look at the folder and I was completely locked out with the red ball and minus sign. Couldn't even see what was inside. So I changed permissions on the folder to let me in and it did. This is on a drive that is supposed to ignore permissions as mentioned above.
Photoshop cannot "Save" an image because I don't have permission to overwrite files. I have to "Save as" and make a new file in my home pictures folder.
I have struggled with this for a few weeks now and am finally tired enough of it to ask for help.
HELP?!!
pixman
 
The information about en/disable ownership is kept in a database. This information is taken from man diskutil:
The on-root-disk Volume Database at /var/db/volinfo.database is manipulated such that the User and Group ID settings of files, directories, and links (file system objects, or "FSOs") on the target volume are taken into account.

This setting for a particular volume is persistent across ejects and injects of that volume as seen by the current OS, even across reboots of that OS, because of the entries in this OS's Volume Database. Note thus that the setting is not kept on the target disk, nor is it in-memory.
Click to expand...
Thus, it's very probable that your re-install of the OS has corrupted or erased this database.

Fixing permission only works on the OS itself - neither on the user home directories nor any mounted drives.

Now, in order to diagnose your problems we'll have to resort to Terminal. The diskutil and dscl commands will be our friends here.
  • diskutil list gives you an overview of your mounted HardDisks and the partitions on them. What we are interested in are the actual partition that contains the data - that's usually disk#s3
  • diskutil info disk#s3 will give you a lot of information about the partition - inclusive whether ownership in en- or dis-abled
  • sudo dscl . -list /Users UniqueID | sort -n -k2 will give you a list of the users on your computer along with their associated UniqueID. I'm interested in knowing whether some of them should have the same UniqueID.
  • ls -alOe@ Run this command in your own home diretory ( cd ) as well as at the mount level ( cd /Volumes ). I'm interested in knowing whether any of the users are listed as numbers instead of a user short name. If the user is listed as a number, we've got an error.
Let me know what you can glean from the information provided by the above commands.
 
I appreciate your help very much, however, I am a little slow, and cautious, when going into terminal. I need to know what I should be logged in as when running each of the commands you have listed. And I don't know how to log into a different user such as root. I just typed "root" and it did not ask for a password it said invalid command. I have already Thanked and Plus oned you for you help so far. It is awesome information and helpful. BTW I read that having a non-apple formatted Time Machine drive can cause problems. My back-up drive is a non apple raid drive, 2 drives joined together to make one 4TB drive so I can get all my stuff backed up on it. Left that out on the previous post.
 
$ diskutil list
/dev/disk0
#: TYPE NAME SIZE IDENTIFIER
0: GUID_partition_scheme *4.0 TB disk0
1: EFI 209.7 MB disk0s1
2: Apple_HFS 4TB Drive 4.0 TB disk0s2
/dev/disk1
#: TYPE NAME SIZE IDENTIFIER
0: GUID_partition_scheme *1.0 TB disk1
1: EFI 209.7 MB disk1s1
2: Apple_HFS laptop 500 896.2 GB disk1s2
3: Apple_Boot Recovery HD 650.0 MB disk1s3
4: Apple_HFS Emergency 103.0 GB disk1s4
/dev/disk2
#: TYPE NAME SIZE IDENTIFIER
0: GUID_partition_scheme *640.1 GB disk2
1: EFI 209.7 MB disk2s1
2: Apple_HFS Pictures Mobile 541.7 GB disk2s2
3: Microsoft Basic Data FAT 32 51.7 GB disk2s3
4: Apple_Boot Recovery HD 650.0 MB disk2s4
/dev/disk3
#: TYPE NAME SIZE IDENTIFIER
0: FDisk_partition_scheme *1.0 GB disk3
1: DOS_FAT_16 NO NAME 1.0 GB disk3s1
/dev/disk4
#: TYPE NAME SIZE IDENTIFIER
0: FDisk_partition_scheme *16.1 GB disk4
1: DOS_FAT_32 EOS_DIGITAL 8.4 GB disk4s1
/dev/disk5
#: TYPE NAME SIZE IDENTIFIER
0: Apple_partition_scheme *1.5 TB disk5
1: Apple_partition_map 32.3 KB disk5s1
2: Apple_HFS iTunes 1.5 TB disk5s3
/dev/disk6
#: TYPE NAME SIZE IDENTIFIER
0: GUID_partition_scheme *750.2 GB disk6
1: EFI 209.7 MB disk6s1
2: Apple_HFS Movies 749.8 GB disk6s2
/dev/disk7
#: TYPE NAME SIZE IDENTIFIER
0: Apple_partition_scheme *2.0 TB disk7
1: Apple_partition_map 32.3 KB disk7s1
2: Apple_HFS 2 TB 2.0 TB disk7s3
 
laptopwork$ sudo dscl . -list /laptopwork | sort -n -k2
<dscl_cmd> DS Error: -14009 (eDSUnknownNodeName)
list: Invalid Path
This is my internal hard drive
 
Robert-Gainess-MacBook-Pro:~ laptopwork$ diskutil info disk#s3
Could not find disk: disk#s3
Robert-Gainess-MacBook-Pro:~ laptopwork$
I tried putting in my disk name in different combinations but just got lists of commands to use.
 
-MacBook-Pro:~ laptopwork$ ls -alOe@
total 1312
drwxr-xr-x+ 68 laptopwork staff - 2312 Dec 16 21:58 .
0: group:everyone deny delete
drwxr-xr-x 7 root admin - 238 Dec 10 02:02 ..
-rw------- 1 laptopwork staff - 3 Nov 15 2009 .CFUserTextEncoding
-rw-r--r--@ 1 laptopwork staff hidden 24580 Dec 14 19:54 .DS_Store
com.apple.FinderInfo 32
drwxr-xr-x 11 laptopwork staff - 374 Dec 18 2010 .Mpix
drwxr-xr-x 9 laptopwork staff - 306 Oct 17 13:21 .SimplyColorLab
drwx------ 3 laptopwork staff - 102 Sep 12 2010 .TVUPlayer for MacOS X
drwx------ 127 laptopwork staff - 4318 Dec 16 19:53 .Trash
drwxr-xr-x 2 laptopwork staff - 68 Apr 18 2011 .Xcode
drwxr-x--x 4 laptopwork staff - 136 Sep 22 2010 .adobe
-rw------- 1 laptopwork staff - 1560 Dec 12 00:35 .bash_history
drwxr-xr-x 5 laptopwork staff - 170 Aug 22 15:10 .blurb
-rw------- 1 laptopwork staff - 1675 May 7 2011 .btguard_key
drwxr-xr-x 3 laptopwork staff - 102 Mar 10 2011 .config
drwx------ 3 laptopwork staff - 102 Nov 30 2009 .cups
drwxr-xr-x 5 laptopwork staff - 170 Mar 9 2011 .cytoscape
drwx------ 13 laptopwork staff - 442 Dec 17 17:58 .dropbox
drwxr-xr-x 354 laptopwork staff - 12036 Dec 6 21:15 .dvdcss
drwxr-xr-x 30 laptopwork staff - 1020 Dec 16 21:02 .fontconfig
drwxr-xr-x 14 laptopwork staff - 476 Nov 13 17:21 .fonts
drwxr-xr-x 2 laptopwork staff - 68 Jun 2 2011 .gravit
drwxr-xr-x 3 laptopwork staff - 102 Jul 27 17:42 .hsoftdata
-rw-r--r-- 1 laptopwork staff - 0 Sep 27 22:27 .keep_ci3
drwxr-xr-x 4 laptopwork staff - 136 Oct 7 2010 .magicJack
-rw-r--r-- 1 laptopwork staff - 245 Jun 29 20:06 .mailcap
-rw-r--r-- 1 laptopwork staff - 362 Jun 29 20:06 .mime.types
-rw-r--r-- 1 laptopwork staff - 106 Jun 10 2010 .netToolsColorThemes
-rw-r--r-- 1 laptopwork staff - 68 Jun 10 2010 .netToolsHistory
drwxr-xr-x 4 laptopwork staff - 136 Jun 8 2010 .parallels
drwxr-xr-x 1723 laptopwork staff - 58582 Oct 17 13:10 .roescache
drwxr-xr-x 6 laptopwork staff - 204 Jul 14 17:59 .servetome-fontconfig
drwxr-xr-x 4 root staff - 136 Dec 11 17:23 .shsh
drwxr-xr-x 3 laptopwork staff - 102 Aug 28 2010 .smb
drwx------ 3 laptopwork staff - 102 May 7 2011 .ssh
drwxr-xr-x 6 laptopwork staff - 204 Jun 20 17:28 .subversion
drwxr-xr-x 3 laptopwork staff - 102 Sep 23 13:19 .swt
-rw-r----- 1 laptopwork staff - 16 Jun 7 2010 .vbt5
-rw-r--r--@ 1 laptopwork staff - 42 Nov 11 2010 .wgetrc
com.apple.TextEncoding 15
-rw-------@ 1 laptopwork staff - 4640 Feb 8 2011 21Dtec8xfrL._SL500_AA300_.jpeg
com.apple.quarantine 49
drwxr-xr-x 3 laptopwork staff - 102 Jul 27 13:58 Active Web Sites Laptop
drwxr-xr-x 3 laptopwork staff - 102 Sep 23 18:22 Applications
drwxr-xr-x@ 4 laptopwork staff - 136 Jul 20 12:48 Applications (Parallels)
com.apple.FinderInfo 32
drwxr-xr-x 928 laptopwork staff - 31552 Dec 16 21:58 Calibre Library
drwxr-xr-x@ 82 laptopwork staff - 2788 Dec 17 17:41 Desktop
com.apple.FinderInfo 32
com.apple.metadata:kMDItemFinderComment 42
0: group:everyone deny delete
drwxr--r--+ 75 laptopwork staff - 2550 Dec 13 04:33 Documents
0: group:everyone deny delete
drwx------+ 224 laptopwork staff - 7616 Dec 16 22:37 Downloads
0: group:everyone deny delete
drwx------@ 13 laptopwork staff - 442 Dec 17 17:13 Dropbox
com.apple.FinderInfo 32
-rw-r--r-- 1 laptopwork staff - 1079 Jul 27 18:08 Duplicate_Annihilator_debug.log
-rw-r--r-- 1 laptopwork staff - 1219 Jul 27 18:08 Duplicate_Annihilator_progress.log
-rw-r--r-- 1 laptopwork staff - 1 Jul 27 18:07 Duplicate_Annihilator_progress_magic_1.log
-rw-r--r-- 1 laptopwork staff - 1 Jul 27 18:07 Duplicate_Annihilator_progress_magic_2.log
drwxr-xr-x 2 laptopwork staff - 68 Jul 4 21:38 EarMaster
-rw-r--r-- 1 laptopwork staff - 241251 Jul 28 15:50 Flyer mailed to Airports.pdf
drwx------@ 72 laptopwork staff hidden 2448 Dec 10 10:11 Library
com.apple.FinderInfo 32
0: group:everyone deny delete
drwx------+ 14 laptopwork staff - 476 Oct 20 13:29 Movies
0: group:everyone deny delete
drwxr--r--+ 6 laptopwork staff - 204 Jul 27 14:07 Music
0: group:everyone deny delete
drwxrwxrwx+ 28 laptopwork staff - 952 Dec 15 20:17 Pictures
0: group:everyone deny delete
1: user:gainesjane allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity
2: user:janegaines allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity
drwxr-xr-x 2 laptopwork staff - 68 Apr 29 2011 Pictures LR Auto Import
drwxr-xr-x+ 7 laptopwork staff - 238 Nov 17 13:24 Public
0: group:everyone deny delete
1: user:janegaines allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity
drwxr-xr-x+ 5 laptopwork staff - 170 Nov 15 2009 Sites
0: group:everyone deny delete
-rw-r--r--@ 1 laptopwork staff hidden 6656 Jul 7 11:29 Thumbs.db
com.apple.FinderInfo 32
drwxr-xr-x 2 laptopwork staff - 68 Nov 12 2010 TiVoShows
-rw-r--r--@ 1 laptopwork staff - 76550 Sep 27 22:35 Tiger Direct.pdf
com.apple.FinderInfo 32
-rw-r--r--@ 1 laptopwork staff - 83193 Sep 27 22:34 Wacom Tablet Replacement.pdf
com.apple.FinderInfo 32
-rw-r--r--@ 1 laptopwork staff - 78732 Sep 27 22:36 Walmart.pdf
com.apple.FinderInfo 32
-rw-r--r-- 1 laptopwork staff - 62275 Oct 1 15:41 ems.cfg
-rw-r--r--@ 1 laptopwork staff - 7412 Dec 17 17:12 imacros.log
com.apple.quarantine 75
-rw-r--r-- 1 root staff - 11314 Dec 11 18:14 umbrella0.log
 
pixmaniowa said:
Robert-Gainess-MacBook-Pro:~ laptopwork$ diskutil info disk#s3
Could not find disk: disk#s3
Robert-Gainess-MacBook-Pro:~ laptopwork$
I tried putting in my disk name in different combinations but just got lists of commands to use.
Click to expand...

You are doing this wrong.
You'll have to replace the '#' with the actual number of the disk.
And sometimes you'll also have to replace the '3' with the correct partition.
That's why I wanted the diskutil list command in order to find these numbers correctly.

So, in your case some examples will be:
Code: 
diskutil info disk6s2
diskutil info disk7s3
 
pixmaniowa said:
laptopwork$ sudo dscl . -list /laptopwork | sort -n -k2
<dscl_cmd> DS Error: -14009 (eDSUnknownNodeName)
list: Invalid Path
This is my internal hard drive
Click to expand...

You are doing this wrong. The command has to be executed exactly as written.
Code: 
sudo dscl . -list /Users UniqueID | sort -n -k2
 
pixmaniowa said:
I appreciate your help very much, however, I am a little slow, and cautious, when going into terminal. I need to know what I should be logged in as when running each of the commands you have listed. And I don't know how to log into a different user such as root. I just typed "root" and it did not ask for a password it said invalid command.
Click to expand...

When you just start Terminal, you'll execute commands as the user you are logged in as. You can see this by running this command : whoami

Mac OS X (and somewhat Ubuntu Linux) are operating with a 5-level user account structure:
  1. root (sometimes teasingly called the God Account) - of which there can only be one, and which is normally not enabled. Just writing root in Terminal will not log you in as root. You'll have to have enabled the root account in Directory Utility in order to be able to log in as root. Having done that, you'll have two ways to do it.
  2. admin - you can have several of these but you'll have to have at least one. They can be temporarily elevated to have root privileges, but in normal use they are somewhat restricted, eg they can't see the files of other users which the root account can. The account you create when you start from scratch is an admin account. In Terminal you elevate an admin account temporarily to the root level by prefixing the command with sudo which will prompt you for your admin account password.
  3. normal user - has no admin privileges at all. I usually create a normal user for my daily work and only use the admin account for administrative uses. This is a security issue in order to prevent trojans and viruses to be able to run with admin privileges.
  4. restricted user - a normal account with reduced privileges
  5. guest account - a temporary normal account that is completely erased when logging out.
 
pixmaniowa said:
-MacBook-Pro:~ laptopwork$ ls -alOe@
total 1312
-rw-------@ 1 laptopwork staff - 4640 Feb 8 2011 21Dtec8xfrL._SL500_AA300_.jpeg
com.apple.quarantine 49
drwxrwxrwx+ 28 laptopwork staff - 952 Dec 15 20:17 Pictures
0: group:everyone deny delete
1: user:gainesjane allow list, ...
2: user:janegaines allow list, ...
drwxr-xr-x 2 laptopwork staff - 68 Apr 29 2011 Pictures LR Auto Import
drwxr-xr-x+ 7 laptopwork staff - 238 Nov 17 13:24 Public
0: group:everyone deny delete
1: user:janegaines allow list, ...
Click to expand...
This looks quite normal and doesn't raise any serious alarms as far as I can see.

However, you have some funny stuff with the above files and directories.

The *.jpeg file is quarantined which indicates that it's been downloaded through Safari. If you try to open it, you'll be prompted due to security issues. It's possible to remove this warning.

The 2 directories has gotten ACL privileges added to them for other accounts. This doesn't raise my alarms as such - I'm just wondering. But the permission settings on the Pictures directory is allowing every user to do almost everything with it.

Now, that was for your home directory. You'll also have to do it for the mounted volumes : cd /Volumes ; ls -alOe@ You don't have to post the result here - just look for the user and group columns and see if they look normal - they all ought to be laptopwork staff
 
You must log in or register to reply here.
Back
Top