New to the Mac? Start here

Sean McNamara
30 November, 1999
View more articles fromthe author

A commonly recommended maintenance and troubleshooting task in Mac OS X is to run Disk Utility’s “Repair Permissions”. Although this can clear up many problems, it has its limitations, and an understanding of those limitations, and a more general knowledge of file permissions in Mac OS X is of use to all Mac users.

Each and every file on your Mac has an owner and group assigned to it, as well as a set of permissions for the owner, the group and everyone else. The three basic attributes are: read, write and execute. The read and write ones are pretty obvious as to their function, but the execute one serves two purposes: it makes applications and Unix shell scripts able to be run, and, when assigned to folders, it allows the contents of those folders to be listed. (Without the execute permission, folder contents may still be able to be read or written, but that utility is limited if you can’t discover what’s in the folder and you have to know the filepath of the file you wish to read or write.)

Each of these three attributes can be turned on or off in isolation, although some combinations make no sense in the real world (write permission without read permission is rare —but not unheard of — and execute permission without read permission is useless as the executable file won’t be able to be read to be executed). There are other special attributes which are beyond the scope of this article.

Some everyday implications of permissions are as follows:

  • The Applications folder is owned (and readable and writeable) by the root user, but also writeable by members of the “admin” group. The first user you set up in Mac OS X is an admin user, as are those you set as admin users in the Accounts System Preferences pane A.
  • Each user has a home folder, of which they are the owner, and the only user (by default) to have read and write access to that folder and its contents.
  • Inside the user’s home folder is the Public folder, which as a Drop Box in it. This Drop Box has write-only permissions for users other than the owner, so other users can’t list what’s in there (no execute bit) and they can’t read files in there.
  • A folder may have contents with ownership and permissions which are different to its own. For example, the Users folder on the HD (which houses the users’ home folders) is owned by the root user and the admin group, but each folder inside it is owned by the user for whom it’s their home folder.

Users don’t usually need to worry about manually changing ownership and permissions of files, but it is important to know that bugs and glitches in software or the disk directory may see the ownership and/or permissions of system or application files and folders change inappropriately. This is where the Disk Utility’s Repair Permissions function comes in.

The major limitation of this function is that it will not, for example, change the ownership and permissions of files in users’ home folders. Even if some changes there were unintentional and need to be fixed, Disk Utility won’t know which changes it needs to change back.

So how does it know what to change in the folders it does make changes in (system folders and Apple applications)? If you look in the Library folder at the root level of your hard disk, there will be a Receipts folder in there, which contain many .pkg files (.pkg files are installer-related). Each of the .pkg files inside that folder contains a “bill of materials” that details the files installed from the original .pkg and their correct permissions.

Disk Utility scans the Receipts folder for Apple-generated installation packages, and then makes sure the files referenced in those packages have the correct ownership and permissions applied B. It will not repair incorrect permissions for third-party applications.

Anyone planning on installing Mac OS X v10.5 (Leopard) over a previous version of Mac OS X should run Repair Permissions from the Disk Utility on the installer disk after booting from that disk but before starting the installation, and then run Repair Permissions again after the machine has rebooted.

Leave a Comment

Please keep your comments friendly on the topic.

Contact us