If you are having trouble with user permissions of files and applications in OS X Lion, there are a couple of ways to correct them. User permission issues can prevent Spotlight from finding certain items, or some files and folders may be completely inaccessible to you.
This tutorial describes how to change access rights to items on your computer, as well as how to perform a full reset on all your Home Directory permissions and Access Control Lists (ACLs) to revert them back to the original state (see PART 2).
PART 1: How to View and Change File Permissions
METHOD 1: In Finder
It’s very simple to edit user permissions on individual files, folders and applications without having to resort to the command line Terminal:
- Select the file, folder or application whose permissions you want to view and edit
- Choose File -> Get Info from the Finder menu or use COMMAND + I
- The Get Info window opens and shows the item’s permissions in the Sharing & Permissions section. Under the Privilege column, click on the drop-down arrows to show the available options. Here you can choose which option to set.
The options displayed are usually as follows, but No Access may not always be a valid option (e.g. for administrators):
- Read & Write
- Read only
- Write only (Drop Box)
- No Access
If the padlock icon is displayed in the lower righthand corner, you’ll be prompted to enter the Admin password before any changes can be applied.
The actions button (the gears icon) at the bottom of the window presents a few more options to change the item’s owner, or apply the changes to all of the enclosed items and subfolders. If you make any changes and subsequently change your mind, there’s also a useful option to revert the changes back to the previous settings.
Lastly, you can use the + and – buttons to add or remove individual users and set their permissions on the item. For example, the + button presents a choice of usernames to add to the permissions list, and also allows you to add a new username by creating a new user account.
METHOD 2: Using Terminal
More advanced users that are already familiar with UNIX-style commands may prefer to use Terminal’s chmod command to change file permissions and Access Control settings. However, the first method mentioned above is far simpler and can achieve the same results.
The built-in manual can be used to obtain more details about each command. For example, type man chmod into the Terminal window to display its detailed help page and usage information.
The basic steps are:
- Open Terminal from the Applications folder or using Spotlight
- At the command prompt, navigate to the directory that contains the item(s) you want to edit. For example cd Documents/Work
- Type the command ls -l to view (in long format) the contents of the folder and each item’s permissions. The directory contents are displayed with various symbols in the first column to indicate permissions (Read, Write, and Execute) for Users, Groups and Others
- Use the chmod command to change permissions. Chmod has dozens of options so the manual pages must be read carefully
- To assign the current user read, write and execute permissions: chmod u+rwx <filename>
- To assign the current user full access, but restrict write access to Groups and Others: chmod u=rwx, go=rx <filename>
- To remove all permissions for Groups and Others: chmod go= <filename>
PART 2: How to Repair User Permissions
A Note About Disk Utility
You might expect that Disk Utility’s Repair Disk Permissions feature (see below) can fix any problems with your permissions. However, this is not the case as it doesn’t resolve issues with the Home Folder.
Using Repair Utilities to Reset User Permissions
The most effective way to completely reset your Home Folder’s permissions and ACLs back to their original state is to restart your computer and use the Repair Utilities.
Follow the steps below:
- Restart your Mac and hold down COMMAND + R during restart to open the Repair Utilities screen
- In the menu bar, click on Utilities and then select Terminal
- Terminal will open, and at the command prompt type resetpassword
- The Reset Password tool opens, but note that we won’t actually change the password. Instead, select the hard disk and the relevant user account from the drop-down menu
- In the area called Reset Home Directory Permissions and ACLs, click the Reset button to reset everything
Resetting all the user permissions takes just a few minutes. When the process is complete, restart your computer and everything should be back to normal.
Thanks for the above Roland.
Unfortunately, using finder and info is fraught with problems. I am logged on as an admin – more often than not I don’t even show in the list of users under privileges.
If I try to add myself or a group – I am told I don’t have permissions to do so. In fact users are listed that are not connected to the network or who have nothing to do with the files or folders I am looking. For example – my web design folder is created and administered by me alone. Looking at info for the files and folders contained within – doesn’t even show me in the users privileges listings!
So – what is the point of an admin account type that doesn’t allow administration of the files and folders? I have tried logging on as root – this doesn’t even allow me full access – particularly to a NAS drive.
Permissions are a mess on a Mac – what is needed is an in-depth article looking at permissions and their rationale – currently it seems to be a murky mess making it almost impossible for the owner of a Mac to take proper control of the operating system.
Agreed, permissions are a mess under Lion. It goes wrong with an unacceptable frequency. I cannot count the number of times Lion suddenly removes the admin (= main user) from privileges. I had just followed the above procedure twice, on both my desktop and laptop computers. Within two weeks same mess (both computers have the same users and passwords to enable easy syncing).
Loosing too much time over it, too.
I tried to reset the user permissions after restarting and pressing cmd + R but when I reached the pop up window to select my drive it didn’t include my main drive where the system is installed. I even thought of reinstalling Lion but again it didn’t offer my main drive as an option.
After restarting, spotlight wanted to start indexing from scratch and my offsite backup Crashplan suddenly seemed convinced that it needed to backup 30 gigs of data…
The computer seems to be working OK and the permissions all check out as being correct when I view them in the finder just like your example above but this has all left me feeling rather confused about what is going on here.
Final comment on this. Apple crow that their OS is the most advanced and use friendly in the world. This is clearly not the case – any OS that requires a user to frequently address permissions issues and to tinker under the bonnet (via terminal) is not user friendly or advanced.
Spotlight is also incapable of searching an attached drive – that is just madness.
Ho hum.
Thanks!!! So much!! I was having problems with my contents still showing from a folder I restricted access to. This totally worked to fix the problem!