[X-Newbies] Re: file locks-can't save files

Alex lists at lexial.ca
Thu May 26 20:31:27 PDT 2005 

On May 26, 2005, at 18:12, Charles Martin wrote:

> [...] your permissions are PROFOUNDLY screwed up [...]
>
> The easiest solution to this problem that I have found:
> 1. Download BatCHmod (available from versiontracker, macupdate, et al)
> 2. Run the program.

I seriously doubt Charles' diagnosis is correct.

If, as I believe, the problem is the immutable flag, then BatChmod  
cannot help. It does not handle it.

There are two immutable flags, user and system. The former can be  
changed with chflags, but, if the system immutable flag is set, then  
even root can't change it in multi-user mode.

I strongly advise reading the relevant Apple KB doc

<http://docs.info.apple.com/article.html?artnum=106237>

and, for slightly more detail

<http://www.osxfaq.com/Tutorials/LearningCenter/AdvancedUnix/ugp2/ 
page2.ws>

> 4. Set permissions as you want them, which should be as follows:
> [...]
> Under owner, all three boxes (r,w,x) should be checked.
> Under Group, just the r and x boxes should be checked.
> Under Everyone, just the r and x boxes should be checked.
>
> Check the "Apple ownership and privileges" to "Enclosed files and  
> folders." Leave the "unlock" box unchecked.
> 5. Hit Apply.

Assuming Charles' diagnosis is right, this is _not_ good advice.  
Consider what this action would accomplish. Hit Apply -- and you've  
given _every_ user permission to search each and every one of your  
folders, read each and every one of your documents, and launch any  
scripts you might have. (The only thing they can't do is change or  
trash your files.) This is a serious breach of security.

User permissions were actually designed in a more subtle manner;  
applying a batch change at the top level of your home directory is not  
going to restore them to the correct values. Consider, for instance,  
the Documents, Public, and Drop Box folders. You do not want to grant  
any kind of access to either the group or the world to the former. You  
do want to allow everyone to access but not modify the second, and  
modify but not see the contents of the latter, otherwise they lose  
their raison d'etre.

Whenever you propose to use a tool like BatChmod -- which ideally  
should come with a tutorial on permissions, but unfortunately doesn't  
-- think first long and hard about what the result will actually be.

And, btw, if you want to see what permissions should be on your home  
folder, check permissions on the appropriate item in  
/System/Library/User\ Template/

<0x0192>

More information about the X-Newbies mailing list