The ins and outs of an OS X Permissions fix

22.04.2015
Since you use a Mac, then at some point you've likely run into the mention of a "Permissions Fix" as a solution to just about any problem--slowdowns, random crashes, your Mac not booting up. Because it can refer to a bunch of different problems, hearing this term might leave you wondering what it is, what permissions are, and whether or not you actually need to run this routine on your Mac.

To understand permissions, try visualizing your hard drive's format as a highly branched tree: The top level of the drive is the trunk, and each branch is a node that represents information about a file or folder on the drive. Okay, this may be a somewhat crude picture of your Mac's file system, but if there's one takeaway, remember that each item on your hard drive is represented by something called a "node."

These nodes contain information about the location of file data on the drive and the hierarchical structure of their organization, as well as permissions rules, which determine what kind of access is allowed at each node.

In essence, file system permissions restrict access to files and folders, which is important for two essential reasons:

Security: Technically, your Mac can run just fine with full and open access to all files for every user and program that runs on it; however, improper access to some resources will allow other users to view all of your documents and any running program to access any of your sensitive information. In these days of cybercrime, this security is highly important.

Stability: Even though your Mac can run fine with no permissions restrictions, an improperly- or maliciously-coded program could easily harm your system by modifying system files with no need for authentication. This can lead to crashes and the inability to use your system.

While these problems can occur when there are no restrictions on file access, the converse also may result in problems, where an improper lockdown of a file by incorrect permissions settings may prevent required access to it, resulting in applications and system services hanging and crashing, among other unwanted behaviors.

As a result of these issues, essential files and folders that OS X and applications require to run securely need to be set with the proper level of permissions restrictions, such as only giving system file write access to members of special groups like administrators.

There are many ways to configure the permissions of a single file or folder to grant the desired level of access; however, the OS X permissions database, which is simply a collection of "bill of materials" (.bom) files located in the following two directories, only allows developers to specify one set of permissions for their programs' files:

            /var/db/receipts

            /Library/Receipts

When you run a Permissions Fix routine, OS X simply compares the permissions on disk to the default ones in the .bom files in the database, and updates them to ensure the permissions represent those intended by their developers.

Running a permissions fix

To run this permissions fix routine, you have a couple of options available to you:

Disk Utility: Using Disk Utility is the most common approach for running a permissions fix, and can be done by launching the program, selecting your boot volume, and then clicking the First Aid tab where you will see options to Verify and Repair disk permissions. You can proceed with either of these, the first being a dry run to inform you of potential inconsistencies, and the second offering the option to repair. Disk Utility may be run for this purpose directly from within OS X, or from within Recovery Mode.

The Terminal: As with many programs, Apple includes a terminal-based counterpart for Disk Utility in the "diskutil" command, which can run a permissions fix, too (just replace "verifyPermissions" with "repairPermissions" to invoke a fixing routine):

                        diskutil verifyPermissions /

While you'll use Disk Utility and the Terminal to run a classic permissions repair routine, this routine will only target system files and components of installed applications (provided developers have supplied this information in their receipts). This means your home folder and the security set up on it by its default permissions will not be affected by the Permissions Fix. Nevertheless, there may be times when your home folder's permissions have also changed, to where it no longer keeps your files secure from other users.

To address this, Apple includes an option for repairing home folder permissions, which can be launched by restarting your Mac in Recovery mode (hold Command-R when you hear the boot chimes), and when the OS X Tools interface appears, choose Terminal from the Utilities menu. In here, run the command "resetpassword" (all one word), which will launch a hidden utility. In this utility, select your boot drive, and then choose a username from the drop-down menu. Then click the button at the bottom of the utility to reset home folder permissions and ACLs (ACLs are a modern and advanced form of permissions rules).

So now, the question begs: When is it best to repair your disk's permissions The answer here generally is "almost never" for day-to-day activities, and it is only needed once after performing major changes to your Mac, especially unsupported changes like downgrading your OS after an upgrade. However, it may also be useful to run after installing programs, or updating any software.

With this in mind, you might be confused if you run a permissions verification and see regular items show up that need to be repaired. For the most part, these repairs appear after benign changes to the permissions, and only pop up as a warning because developers can only include one permissions rule set, when many will work for the same purposes.

Overall, if you are concerned about the presence of permissions errors when verifying, then run a repair routine to have the system check for and update all relevant permissions. As long as programs are not hanging, crashing, or showing odd behaviors (not being able to save files, for example), then you really don't need to worry about permissions. In many cases, your Mac isn't actually experiencing a permissions issue--so if a permissions fix doesn't solve the puzzle, move on and investigate other potential causes.

(www.macworld.com)

Topher Kessler