Annoying permissions problem

[acme]

I placed a bunch of files onto my Mac Book Pro from Mac Pro and I can't change file names or alter files in programs bcs I don't have permissions!

I did a Apply to all enclosed on the whole entire documents folder where the user has read/write priveleges. I am that user.

what more do I need to do to instruct this computer that I am allowed to change my own files?

thank you!

a

[acme]

More on this...

set up a support call last night, quickly got bumped to Senior Advisor level. we tried doing the reset permissions technique where you use the hardware restore partition of Lion...did this Twice.

Also removed and re-instated the problem user.

also did disk repair and repair permissions.

the only improvement is that I could save from Photoshop with out being asked for Admin pass, but can't change the names of any of the files that were already in documents; can change the name of a NEW file, like a sreen grab saved to desktop.

Senior advisor has a call into the Engineers to see if THEY can fix it.

No clue what caused this or any of my other Lion problems.

a

[NaOH]

Do you dare ask about your IMAP mailbox-count issue while you have the attention of one of these upper-level support people?

[acme]

no..I guess because I think that's largely "solved" .

this permissions thing I got no clues. one minute I'm doing "housekeeping," putting things into folders for making sense of what I've got...

...next thing, I can't save a file, and can't re-name things in the finder w/o being asked for admin pass.

this all happening on the MBPro, so totally different machine, tho still Lion.

I am to the point of suspecting hob goblins or gremlins, or that time I stepped on a sidewalk crack when I was 6.

I am just having a mind-bending streak of lousy luck with Lion/OS X.

[agentx]

Maybe an ACL causing issues....or ID mismatch on permisisons.
Do both your machines have same username but a different ID ? 501,502 etc ?
How did you copy files ?

id
ls -alOe ~
ls -alOe ~/Documents

Please post back output from Terminal commands and we can have a look.

[acme]

different names on each computer. copied most files via external drive, some via file sharing/public folder.

id:

uid=501(lionr) gid=20(staff) groups=20(staff),401(com.apple.access_screensharing),12(everyone),61(localaccounts),403(com.apple.sharepoint.group.2)
LionRs-MacBook-Pro:~ lionr$


LionRs-MacBook-Pro:~ lionr$ ls -alOe ~
total 1808
drwxr-xr-x+ 17 lionr staff - 578 Apr 13 12:58 .
0: group:everyone deny delete
drwxr-xr-x 6 root admin - 204 Apr 15 10:05 ..
-rw------- 1 lionr staff compressed 3 Apr 7 13:09 .CFUserTextEncoding
-rw-r--r--@ 1 lionr staff - 15364 Apr 14 21:20 .DS_Store
drwx------ 2 lionr staff - 68 Apr 15 21:47 .Trash
drwxr-x--x 3 lionr staff - 102 Apr 7 15:52 .adobe
-rw------- 1 lionr staff - 197 Apr 15 21:41 .bash_history
drwx------ 2 lionr staff - 68 Apr 7 16:03 Applications
drwx------+ 6 lionr staff - 204 Apr 15 10:25 Desktop
0: group:everyone deny delete
drwx------+ 12 lionr staff - 408 Apr 14 20:13 Documents
0: group:everyone deny delete
drwx------+ 5 lionr staff - 170 Apr 7 13:15 Downloads
0: group:everyone deny delete
drwx------@ 45 lionr staff hidden 1530 Apr 13 18:54 Library
0: group:everyone deny delete
-rw-r--r--@ 1 lionr staff - 300304 Apr 7 17:27 Library alias
drwx------+ 3 lionr staff - 102 Apr 7 13:09 Movies
0: group:everyone deny delete
drwx------+ 4 lionr staff - 136 Apr 9 14:29 Music
0: group:everyone deny delete
drwx------+ 4 lionr staff - 136 Apr 7 13:09 Pictures
0: group:everyone deny delete
drwxr-xr-x+ 7 lionr staff - 238 Apr 14 20:15 Public
0: group:everyone deny delete
LionRs-MacBook-Pro:~ lionr$




LionRs-MacBook-Pro:~ lionr$ ls -alOe ~/Documents
total 80296
drwx------+ 12 lionr staff - 408 Apr 14 20:13 .
0: group:everyone deny delete
drwxr-xr-x+ 17 lionr staff - 578 Apr 13 12:58 ..
0: group:everyone deny delete
-rw-------@ 1 lionr staff - 24580 Apr 14 20:13 .DS_Store
0: group:everyone deny delete
-rw------- 1 lionr staff - 0 Apr 7 13:09 .localized
drwx------+ 23 lionr staff - 782 Apr 14 21:20 Art
0: group:everyone deny delete
drwx------+ 3 lionr staff - 102 Mar 24 20:22 ArtRage Paintings
0: group:everyone deny delete
drwx------@ 48 lionr staff - 1632 Apr 14 20:09 Downs|RC
0: group:everyone deny delete
-rw-------@ 1 lionr staff - 41082880 Mar 15 11:26 SecureInfoHeManB_Day.dmg
0: group:everyone deny delete
drwx------@ 26 lionr staff - 884 Mar 9 16:09 Type Master|RC
0: group:everyone deny delete
drwx------@ 44 lionr staff - 1496 Mar 11 20:35 resources

[agentx]

Ok the ACL on top level of documents (0: group:everyone deny delete) has propagated down and as such is causing issues with files/folder requiring admin perms to do anything i presume as well. It is there to stop people deleting the standard template folders (desktop,documents etc) but it is also stopping normal operations.

Code:

sudo chmod -R -N ~/Documents/

This will get rid of all ACLS on all files and folders in your documents folder.

[agentx]

Repeat terminal commands again and post back and all should be fixed ;-)

[acme]

OK...any way to determined what caused this whole problem in the first place? moving files around into folders can't be it, else we'd all have our pants around our ankles..

[acme]

Quote: Originally Posted by agentx Repeat terminal commands again and post back and all should be fixed ;-)

won't do it. I'm typing my admin pass and won't accept.

what does it want from me, excatly?


thanks!

[agentx]

No idea how it came to be but mor ethan lily th inheritance bit is set on the ~/Documents ACE which it should not be.....i think.

Does it all work now ?
ls -alOe ~
ls -alOe ~/Documents
Post back

[acme]

the computer will not receive the sudo command you gave.

refuses to accept my admin password. does it want my *user* password? That one is non-admin.

what does the computer want from me?

[DeltaMac]

You can't 'sudo' while logged in to a non-admin account.
If you are presently logged in to a non-admin account - log out, log back in to your admin user, and sudo will then work. You would need to change that terminal command to provide the full path to your normal account/Documents folder.

[acme]

OK..I'm in the weeds with that last concept. I understand it, but don't know what to type.

same outcome if I promote this user to admin for purps of typoing thise commands and then back to staandard?

[DeltaMac]

rather than
sudo chmod -R -N ~/Documents/
type
sudo chmod -R -N /Users/yournormaluser/Documents/
Change the yournormaluser to your actual standard account shortname.

You would do that while logged in to an admin account. You could do it the way you mentioned, but you'd still need to log in to an admin account to promote your normal user, so you might as well fix the folder's permissions while you're there...

[acme]

OK..so now I am in my regular user, and it now is Admin...so is

sudo chmod -R -N ~/Documents/


the command I need to use?


thank you!


a

[ganbustein]

You don't need sudo to remove ACLs from files you own. (And, you don't want to remove the ACL from ~/Documents itself, just the subordinate items. The easiest way is to go ahead and remove it, then add it back.)

chmod -RN ~/Documents
chmod +a 'group:everyone deny delete' ~/Documents

[acme]

the "remove it then add it back" part is a little confusing to me...

are we removing something bad and putting in something good?

[ganbustein]

Users sometimes accidentally trash folders they shouldn't. Apple puts a standard ACL on those folders that effectively says they cannot be trashed or renamed. One of those folders is your Documents folder.

That ACL is a useful protection on the Documents folder itself. Somehow, though, you've propagated it down onto subfolders/subfiles of you Documents folder. There, it's not useful and in fact is causing you trouble.

The first command:

chmod -RN ~/Documents

removes all ACLs from your Documents folder and everything within it. That's almost exactly what you want, except that it also removes the standard ACL from Documents itself. In other words, it removes one more ACL than you want to remove.

The second command:

chmod +a 'group:everyone deny delete' ~/Documents

puts back just that one ACL.

[acme]

OK..that appears to have set things to right.....I can duplicated files in the finder, change their names and send them to the trash w/o bein asked for admin credentials.

I thank you all for the helpful terminal commands; the diagnostic AND the restoring ones.

now, have any of you ever gotten into this situation and/or know how or why it could happen?

I'd almost feel better if I'd done something stupid that I could make a note not to do. what gives me that queasy feeling is if it's just "one of those things that happens."

guess I can tuck those commands away for later, case in does...

thank you!

a