Have you tried repairing macOS permissions? It is a standard advice for the Mac troubleshooting That has been on the web forever. For many users, this seemed to solve many types of rare problems. But when OS X El Capitan (10.11) was launched, the option "Repair Disk Permit" suddenly disappeared from the Disk Utility application.
Does that mean that Apple has resolved issues related to permissions in macOS, or was it something else? We will reveal this mystery and show you how disk permissions work on your Mac.
How macOS permissions work
Each item on your Mac, whether it's a file or a folder, has a set of permissions. These control which user accounts they can access and what type of access they have. The permits consist of three activities (reading, writing and execution), carried out by three types of users (owner, group and all).
You can define privilege rules separately for each level of ownership. Permission, in combination with accounts and property, gives you security, allows for controlled sharing, can establish limited or no access to files and maintains system integrity.
View file system permissions
Any user can view file and folder permissions using the Finder or Terminal information window. In Finder, right-click on a file or folder and choose "Get information" from the context menu. Click the Share and permissions triangle to expand the permissions of the item.
To view this information in the Terminal, type the following:
ls -l «path to your file»
The character after the hyphen is a lowercase L and reveals the ownership and permission of your file. On the command line, the abbreviation for read permission is r, while type is w and execute is x.
MacOS permissions: Owner, group and all
Let's analyze the three types of users that appear in the Mac permission fields:
- Owner: The owner of an item is a user who creates the item or copies it to the Mac. Users generally own most of the items in their home folder.
- Group: each element is also owned by a group. A group is a set of linked user accounts so that permissions can be applied to all members.
- Everyone: Use this permission setting to define access for any person, including local users, shared users and guests.
Read, write and execute
Next, let's look at the three types of permissions that these users may have:
- Read: Users or groups can open a file but cannot save changes. If it is a folder, you can browse the list of items.
- Write: the user or group members can modify or delete the file. For a folder, you can make changes to the contents of the folder.
- Execute: Files with execution permission can behave like a program or script. In the case of a folder, running means that someone can list its content as long as read permission is also enabled.
Factors that cause macOS permission problems
In OS X Yosemite and earlier versions, Disk Utility can verify and repair permissions on some files and folders. However, in reality, the application does not repair the permissions. Simply reset them.
In addition, it is said that Disk Utility repair permissions make it appear that the permissions may go wrong or get corrupted over time. But this is not true. The permissions remain the same until something or someone appears and changes them. There are many reasons why this can happen:
- Application installers: Some installers change the permissions of existing items as a necessary part of the installation process, but cannot return them to the appropriate configuration.
- User error: if you are playing with permissions in the Terminal or through a third-party application, errors can cause problems. For example, using the chmod command incorrectly can change the permission settings of an item.
- Share a folder: all computer users have permission to access the items in the shared folder. If you are using this folder as a repository of files in transit, then permission issues are unlikely. But if you store items for several people to use permanently, problems may arise.
- Permissions on copied items: It is difficult to predict what permissions macOS will assign when copying files to an external volume, SMB or FTP. You may have to use some trial and error to solve this problem.
What happened after OS X El Capitan?
In OS X El Capitan, Apple introduced System Integrity Protection (SIP) in all system files, folders and even included applications. Protects system content from intentional and unnoticed alterations while preserving default permission settings. SIP protects the following directories: / System, / usr, / bin, and / sbin.
When you update Apple applications or macOS updates, the installer will verify and reset the permissions of any item if necessary.
No third-party application, regardless of bad behavior, can change permissions unless you disable SIP.
What about the user and home folders?
System Integrity Protection does not protect items in the / Library folder, applications in / Applications and everything in your Startup folder. The ~ / Library folder is especially important, as it consists of central system preference files, third-party application preferences, keychain data and more.
If the permissions were changed to any of these files or folders, you can expect a lot of strange problems on your Mac. Problems that may arise due to incorrect permissions include:
- Changes you make in Finder, System Preferences or the Dock are not saved.
- Windows that opened the last time you closed session or if you closed an application, open again after starting that session.
- You are asked for an administrator password while moving certain items in the Startup folder.
- You repeatedly receive a message that says "macOS needs to repair your library to run applications."
- When you save a file, you will receive a message that a file is locked or does not have the necessary permissions. This happens a lot with Microsoft Office documents.
- Default or third-party applications may crash at startup. Some applications may not even be updated.
- Firefox or Chrome do not load your preferences and it reads: «Your profile cannot be loaded».
- The photos and videos you import in Photos do not appear in the application. Or you receive a message to select a default photo library every time you open the app.
MacOS permissions: reset permissions for startup folder
From the Finder sidebar, right-click on your Startup folder and select "Get information." Now, click on the “Share and permissions” drop-down triangle and with it you will see your permissions.
Now, click on the Lock button at the bottom of the window and enter your administrator password. Then, select the action menu button and choose "Apply to attachments."
Click OK to confirm the action. The updated permissions will be propagated through your home folder.
Next, open the Terminal application and type the following:
diskutil resetUserPermissions / `id -u`
This option resets the user's permission on the root volume (/) to the current user ID. If all goes well, restart your Mac.
But if you get error 69841, follow these steps:
In macOS High Sierra or earlier:
Open the Terminal application and enter the following:
chflags -R nouchg ~
Then, enter this command one more time:
diskutil resetUserPermissions / `id -u`
Now, restart your computer again.
In macOS Mojave and later
The steps for Mojave and the latest versions are the same as the previous ones, but you must add the Terminal to Full Disk Access before continuing. To do this, go to System Preferences, now to Security and privacy. And then, click on the Privacy tab. Click on the Lock icon and enter your administrator password to make the changes.
Next, select the Total Disk Access tab. Then, click on the "More" button and add the Terminal application.
After doing this, continue typing the Terminal commands mentioned above for High Sierra and earlier.
Understand Mac user accounts
When the option to repair disk permissions disappeared from the Disk Utility application, it did not affect much because it was never an important troubleshooting step.
But seeing the type of problems you may encounter due to incorrect permissions, it is clear that resetting the permissions for your home folder is the last resort when these inconveniences arise.
It is also surprising to see that Apple no longer includes this option. But remember, you should only apply these steps when necessary. Understanding permissions is a complex issue.
Now, if you understand how macOS user accounts work, it will be much simpler.