Show Full FAQ List | List by Topic | Submit a Question and Answer | Visit DealMac | Alert the Admins


Category: OS X

49. Repair Permissions: What is it and why?

To be a little more specific, file permissions (or "file privileges") are a part of the UNIX file system that defines who owns and who has permission to use a file.

Each file has an "owner" (which is a user on the machine, including the background "users" you don't every really see, like 'root', 'daemon', and 'www'). That file also belongs to a "group", which can in turn contain a list of users that you could (in theory) define.

The idea here is that "permissions" define the READ, WRITE, and EXECUTE privileges for each file. They can be set individually (at the command line, or using a free utility like BatChmod), so that there are a total of 9 settings in a 3 x 3 table:
_______ Read __ Write __ Execute

As owner, you might have a file that you update every day. Let's say it's your calender. You want your group, let's call that group "family" - which contains you and all the users in your house, to read the file so they can check your schedule, but you don't want them to change it. You don't want any guest user, hacker, or background application to be able to even see the file.

You set Owner=YourUserID to "read/write", Group=family to "read only", and Everyone to "none". That's what it means to the average user.

At the OS level it's much more important - and FAR FAR from useless. You might see it as useless if you are unfamiliar with the way operating systems, particularly UNIX based systems, work - because you don't see it doing anything except when it gets messed up. The trouble is there are a lot of people writing software and installers for MacOS X who don't fully understand Unix yet (or at least aren't used to it), and they are making installers and applications that do things incorrectly. This is one of the ways permissions get messed up (and why running "repair permissions" after an installation is a good thing to do). They also get messed up with appliations create files with incorrect settings. If an installer creates a preference file, for example, with aministrator access; a non-administrative user that runs the program that needs those prefs may not get access to them - causing a slowdown or a problem.

All files have these settings, and they are there not just to protect you from "meddlesome kids" (or moronic adults), but from both poorly written and malevolent programs. A virus has a lot more trouble wreaking havoc when it can't damage system files because it lacks permission. Even under your administrator, it won't have access to "root" permissions, so system files remain relatively safe. A badly written program is the same way - it can't accidentally overwrite something important. Same is true for 'guests' or background processes. "www" is a user for the web server - so that someone looking at a web page is isolated in that user - and would have a hard time using HTTP to hack into your machine and cause harm. The user "www" doesn't have full access to your machine. You get the idea.

They get screwed up for all kinds of reasons - bad installers, dumb users, smart users making errorrs, file corruption, etc...

If you have problems or have done a major upgrade/install/overhaul, run the repair permissions feature on Disk Utility.

Related Links:

Show Full FAQ List | List by Topic | Submit a Question and Answer | Visit DealMac | Alert the Admins