user:group ownership question

dr chris jones · 03-31-2012, 04:33 PM

If I open Terminal, cd /Volumes and then ls -la, I see this;

Code:

drwxrwxrwt@  6 root   admin   204 31 Mar 21:42 .
drwxr-xr-x  30 root   wheel  1088 12 Feb 21:02 ..
lrwxr-xr-x   1 root   admin     1  2 Mar 07:52 System HD -> /
drwxrwxr-x   9 chris  staff   748 15 Dec 18:09 Time Machine Backups
drwxr-xr-x  16 root   admin   612 30 Mar 20:06 Users HD

But when I enter su, then ls -la gives me this;

Code:

drwxrwxrwt@  6 root      admin      204 31 Mar 21:42 .
drwxr-xr-x  30 root      wheel     1088 12 Feb 21:02 ..
lrwxr-xr-x   1 root      admin        1  2 Mar 07:52 System HD -> /
drwxrwxr-x   9 _unknown  _unknown   748 15 Dec 18:09 Time Machine Backups
drwxr-xr-x  16 root      admin      612 30 Mar 20:06 Users HD

Can someone explain why the "Time Machine Backups" volume has user:group "_unknown" under su?

(Note: OsX v10.7.3)

ganbustein · 03-31-2012, 05:24 PM

Because there is a "magic" user whose userid is 99, and whose usename is usually "_unknown" but sometimes "unknown".

The magic is that this user is a chameleon. If a file is owned by userid 99, and you ask who owns the file, the answer is always "Why, you do!". Unless you're running as root, in which case you get a truthful answer, because no one lies to root.

There is a corresponding group (groupid=99, group name usually either "_unknown" or "unknown") that behaves the same way.

When you disable ownership on a disk volume, all files/folders on the volume behave as if they were owned by 99:99, again unless it's root doing the asking. Since the owner of a file usually has read/write access to it (and root always does), disabling ownership for all practical purposes means that all files are read/write to all users.

When MacOS (i.e., pre-OS X Mac operating system) creates a file on disk, it leaves the unix permissions block uninitialized (entirely zero), because it has no awareness of unix permissions. When OS X looks at the file, it sees that the block is all zero, which cannot be valid, and fabricates a block with user:group=99:99, and permissions 777, thus granting all OS X users full access to any file created by MacOS. (777 permissions alone wouldn't be enough. You have to be the owner to change permissions, for example.)

dr chris jones · 04-01-2012, 03:28 AM

Thanks for that explanation - always nice to understand such unix weirdness!

So is this a sign that the drive was formatted with the "Ignore Ownership" button checked?

benwiggy · 04-01-2012, 04:50 AM

Quote:

Originally Posted by dr chris jones


	So is this a sign that the drive was formatted with the "Ignore Ownership" button checked?

No formatting required! You can tick or untick the box without reformatting. But it does suggest that the box is or has been ticked.

SirDice · 04-02-2012, 01:40 AM

Quote:

Originally Posted by dr chris jones


	Thanks for that explanation - always nice to understand such unix weirdness!

Nothing to do with unix though. This 99 uid/gid business is strictly OS-X. On Linux, BSD or any other unix this is just a uid/gid like all the others.

ganbustein · 04-02-2012, 03:27 PM

Time Machine won't back up to a volume that has owners disabled. Either the name of the volume ("Time Machine Backups") is misleading, or ownership of the top level directory on the volume is a relic of some time when you had owners disabled. (Or perhaps the backups are all in disk image files, each of which has owners enabled.)

Mikey-San · 04-03-2012, 01:53 AM

Quote:

Originally Posted by ganbustein


	Time Machine won't back up to a volume that has owners disabled. Either the name of the volume ("Time Machine Backups") is misleading, or ownership of the top level directory on the volume is a relic of some time when you had owners disabled. (Or perhaps the backups are all in disk image files, each of which has owners enabled.)

Time Machine will attempt to enable ownership on the backup volume, if ownership is disabled, when beginning the backup.

dr chris jones · 04-03-2012, 02:17 AM

Quote:

Originally Posted by ganbustein


	Time Machine won't back up to a volume that has owners disabled. Either the name of the volume ("Time Machine Backups") is misleading, or ownership of the top level directory on the volume is a relic of some time when you had owners disabled. (Or perhaps the backups are all in disk image files, each of which has owners enabled.)

Interesting that you raise this. It certainly was being used for a Time Machine Backup, and without any problems. Except.... that when I tried to copy the backup over to a new (larger) hard drive (with ownership enabled), I couldn't. Not in the finder, not with cp, and then not under su - which is when I noticed the "_unknown" user:group.

I can't remember how the drive was originally formatted - it was a long time ago - but the partition was not set as GUID, so seems I hadn't followed the normal protocol and hence very possible the ownership could have been ignored.

But I wasn't that bothered and quickly gave up - I was just interested to know how the user ambiguity came about!

Thread Tools
Show Printable Version Email this Page
Display Modes	Rate This Thread
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode	Rate This Thread:

03-31-2012, 05:24 PM	#2
ganbustein MVP Join Date: Apr 2008 Location: Berkeley CA USA Posts: 1,014	Because there is a "magic" user whose userid is 99, and whose usename is usually "_unknown" but sometimes "unknown". The magic is that this user is a chameleon. If a file is owned by userid 99, and you ask who owns the file, the answer is always "Why, you do!". Unless you're running as root, in which case you get a truthful answer, because no one lies to root. There is a corresponding group (groupid=99, group name usually either "_unknown" or "unknown") that behaves the same way. When you disable ownership on a disk volume, all files/folders on the volume behave as if they were owned by 99:99, again unless it's root doing the asking. Since the owner of a file usually has read/write access to it (and root always does), disabling ownership for all practical purposes means that all files are read/write to all users. When MacOS (i.e., pre-OS X Mac operating system) creates a file on disk, it leaves the unix permissions block uninitialized (entirely zero), because it has no awareness of unix permissions. When OS X looks at the file, it sees that the block is all zero, which cannot be valid, and fabricates a block with user:group=99:99, and permissions 777, thus granting all OS X users full access to any file created by MacOS. (777 permissions alone wouldn't be enough. You have to be the owner to change permissions, for example.)

04-01-2012, 03:28 AM	#3
dr chris jones Triple-A Player Join Date: Mar 2004 Location: London, UK Posts: 147	Thanks for that explanation - always nice to understand such unix weirdness! So is this a sign that the drive was formatted with the "Ignore Ownership" button checked?

04-02-2012, 03:27 PM	#6
ganbustein MVP Join Date: Apr 2008 Location: Berkeley CA USA Posts: 1,014	Time Machine won't back up to a volume that has owners disabled. Either the name of the volume ("Time Machine Backups") is misleading, or ownership of the top level directory on the volume is a relic of some time when you had owners disabled. (Or perhaps the backups are all in disk image files, each of which has owners enabled.)