解决 Snow Leopard 的 everybody 权限问题


可能是一直选择直接升级覆盖安装的关系,自从10.5 Apple 引入 ACL 以来,我的 Mac系统文件权限就没正常过几天。表现是文件权限列表里出现莫名其妙的 “unknown” ,10.6 以后又多了个叫 “everybody” 的。这些不正常的权限设置导致系统速度也一直不太正常,时常无响应或者卡一下。上次受不了的时候新建了一个用户试试,发现 Snow Leopard 系统跑的像飞一样,因此下决心彻底解决这个问题。今天在 Macosxhints 上找到了解决办法,分享一下。

老外说话比较啰嗦,解决办法直接看3b部分即可。

The solution to the everybody user being twice is easy. Run the Terminal application and for your user directory and files in it, remove the permission to outside world users.

The following command solved it for me:

chmod -R o-rwx username
chmod -R g-rwx username

This got rid of both the “unknown” user and the 2nd “everyone” user.

The reason you get this everyone problem twice, is that there are actually 2 everyones. One seems to be a “group” named everyone, and one is outside world users. Thus, you see the name everyone twice.

As for getting rid of the ACL nightmare, the following worked for me.

1. What creates the ACL problem?
You can see it in action by creating a new user account (admin access), and create some dummy files in it. Try to change the names of these files, and no problem you can do so easily. Now go to up one directory level to your user folder, open a Get Info window on the new account you just made. You will see several users in the permission section, most likely “user”, “staff”, and “everyone”.

Now use Get Info to apply a permission change to this new user account. For example, change the permission for “everyone” to Read Only. Then select “apply to enclosed items”. Now go back to your home directory and try to change the file name of items in that account, and you will find you can’t. Do a Get info on one of the files and in the permission section it says “You have custom access”, instead of “You have read and write access”.

You can also easily create the problem from the Terminal window, instead of the Get Info window. For example, go to your users folder using the Terminal application, and type the following in the terminal window.

chmod -R =rw,+X username

This will force Leopard to set the read and write permissions to the usual default to your user folder and to all files/folders recursively (this is what the -R is for) in your user folder (the +X will retain any execute permissions that are currently set). After doing this you will again create the problem.

2. What causes the problem?
Run the Terminal application (you should be in your home directory) and type:

ls -le

This will list all your files and folders in your home directory, along with the ACL extensions to the file permissions. On my machine I get under each “permission affected” files or folders the following additional information.

0: group:everyone deny delete

So this “everyone” person is not allowed to delete any files (or rename them). And this “everyone” person is a “group” that includes EVERYONE including the user as well. Thus, since “everyone” can’t change files, neither can the user. This part is confusing at first to realize what is going on since in Unix terminology normally “everyone” only refers to the outside world, and not the user himself. I believe Apple tried to use the ACL extension to prevent certain files/folder that Leopard would not want the user to rename/delete (i.e. Pictures directory), but for some reason Leopard is applying this to all files, folder, and contents of folders.

3. The solution the solution is simple. Remove this ACL condition for all files or folders in your home directory.

3a. You typically can easily do this from the user folder level in Terminal, since the affected account also has the same ACL condition applied to it. Type ls -le to see if this condition is present for the affected user folder account itself. If it is, then all you have to do is type is:

chmod -R -a# 0 username

This will remove the ACL condition (numbered 0) from the user account folder, and all files or folders in it (the -R condition causes this recursive fix of all contents of all folders).

3b. You may not be able to do this from the user folder level in Terminal if the user folder itself does not have this ACL condition. In this case, simply go to your home directory in Terminal, and fix to each file or folder within your home directory individually, and do this recursively to all contents of folders so you don’t have to do it for the contents of the folders in your home directory. Type ls -le, and find which files/folders are affected, and for each affected file/folder type the following to remove their ACL condition:

chmod -R -a# 0 file_or_folder_name

After doing this, if you type ” ls -le ” in Terminal window you will see that the ACL condition is gone from every fixed file or folder. Also, if you do a Get Info in Finder on any fixed file/folder you will see in the permission section the phrase “You can read and write”.

Should the permission problem be fixed this way by canceling the ACL conditions, I am not sure. But it is now fixed on my machine (not solved, but fixed) and I again have full access to all my files.

2 Responses

Leave a Reply


*