Leopard permission problems (what’s new?)

Ok, just found out about this while fiddling with a new.. er.. hdd of mine (yeah it was supposed to be secret but wtf). Anyway a little background: I was thinking of coming up with a way to organise my stuff inside, and I decided to follow *exactly* how macs lay out their stuff. Basically, there is a Users folder in root, and then my shortname folder in it, which is my home folder, and all the other jazz inside the home folder. I will then create symlinks from within my home folder to point into folders in that folder, just as though they were at the same place all along.

For example, ~/Music, which is essentially /Users/san/Music, or more accurately, /Volumes/san/Users/san/Music, will point to /Volumes/san\ Storage/Users/san/Music instead. All these can be done with ln -s

Very simple right? Yes, till I hit a problem after creating a symlink pointing to the home folder on my new drive; accessing this symlink stalled my whole mac. Finder stalled, Safari stalled, every fucking thing stalled, I even had an error that Finder.app did not exist while trying to open a folder from my Dock. Great. This symlink I created, whatever I tried to call it, when pointing to /Volumes/san\ Storage/Users/san, would just lock up. I cannot find a better explanation of this fuckup better than a stupid permission problem went bad.

I checked the Get Info of the 2 home folders and compared them and I found this slight discrepency: there’s a group called (unknown). Not only on my new drive, even on my old one, and every damn fucking file and folder in my home folder.

So I checked it up. Lo and behold, yet-another-mac-permissions-fuckup. Everyone who upgrades from Tiger, or migrates a Tiger user account, will get this problem. That practically means all of my dear Mac friends reading this, except for the lucky **** who bought Macs that came with Leopard. Yes you Geoff, and you too bee.

Why did this happen? Basically, Tiger got it all wrong: when you create a user acount, say ‘ass’, you will be also assigned to a group, called ‘ass’. This isn’t the convention in the Unix and Linux and BSD worlds, it doesn’t even make sense, so Leopard fixed it. Now, all (new) accounts are under the group ‘staff’. But guess what, they forgot to convert the old Tiger users over. There is no such group called ‘ass’, or ‘san’ or whatever you decided to name your account. So it shows up as, you guessed it, (unknown). So they sorta fixed the problem, which wasn’t really a problem, and created a new one. What new problems? Reportedly, Spotlight is semi borked with this permission problem, and you get a performance hit because of that. (Jem, I guess this was our problem all along) Also, your Finder might crash when you try to delete the (unknown) user group, or it might just crash for no particular reason, like me accessing the damn symlink I created. It’s also plain UGLY. Macs are meant to be preetee.

So. Fix? Or no fix? A brilliant way would be to create a new account and manually copy all your shit over. That would be something I won’t want to do, and I guess neither do you. Another way, is to do it by nipping the problem at the bud, and fixing the rest with some smart terminal fiddling. Which I did, and my Mac still runs, so I guess it’s safe.

Instructions are detailed here but I’ll summarise for you. First, go into your System Preferences, click on Account, and authorise yourself. Right click on your own account, and click the only option there, Advanced Options. Here you will find your poison: Group ID will be exactly the same as User ID, 501. Change Group ID to 20. Click Ok.

While you are at it, it is probably a good idea to temporarily disable Spotlight on your whole HDD, using the Spotlight preference and putting your drive in the ignore list.

Now, open terminal, and type this: ln -aln Documents It can be any folder for that matter I just used Documents as an example. You should see a bunch of drwx—— number 501 501 number date myFolder there. The 2nd 501 is what we are interested in, and if it’s something else like 502, just take note of it. The 1st 501 is correct and we are not touching it.

Next, run the command
and then followed by
sudo find . -group 501 -exec chgrp 20 {} \;

Basically, cd jumps to your home directory, and the command will find everything within your home directory, and change all group 501s to group 20. If the number you got just now is some other number just replace 501 with it. Don’t do anything and wait. Once it’s done, restart your computer and run permissions checking just in case. If ACL turns up for Finder and some other passwd shit, it’s a 10.5.5 problem, download the 10.5.5 combo updater and reupdate your Mac.

You can double check your folders now, the (unknown) should now be ‘Staff’. Re-enable your spotlight and everything should work as per normal. My iMac seems zippier now, but I don’t know if that’s because my spotlight indexing was still ignoring my main drive.

With this I learnt how to set the Users folder on my new drive to Root access only, and my own folder to be my access only. So nobody can delete the Users folder by accident without inputting a password, and only I can access my own stuff. Heh. This also probably means I’m restricting access to only my Macbook Pro and my iMac, and Macs in general that allow me to input a password to let me in. Oh my god, :O so damn troublesome! I can’t let any Tom, Dick or Harry hack into my computer and steal my files! Damn I want a windows computer so I can be hacked D:

Sigh, Macs are so troublesome and lousy, we don’t have .dlls for anyone (like your neighbourhood friendly virus) to hack openly, as everything on windows is permission 777. We need to know stuff about permissions and owners and groups, so god damn troublesome. Windows is so much better, I can just delete NTDLR and get away with it. 😦 I want my Vista PC..

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: