Fixing/Correcting OS X home folder file permissions
Solution 1
First, make sure you own your home folder (note: I'm assuming you're running this from your own user account, and that you're an admin):
sudo chown -R $USER:staff ~
Then, give yourself proper access and nobody else any access (we'll make some exceptions later). Note that this is 2 commands to make sure that execute access gets added to the directories, but not plain files:
chmod -R 600 ~
chmod -R u+rwX ~
Now, grant read access to others for the directories they're supposed to have access to. If you don't have a sites folder, you can leave that off the second command:
chmod og+rX ~
chmod -R og+rX ~/Public ~/Sites
Apple likes to have access control entries to keep you from messing with "important" parts of your home folder. Again, if you don't have Sites you can leave that off (do not leave out Library; it's invisible, but it's there):
chmod +a "group:everyone deny delete" ~ ~/Desktop ~/Documents ~/Downloads ~/Library ~/Movies ~/Music ~/Pictures ~/Public ~/Sites
Finally, fix your Drop Box:
chmod og=wX ~/Public/Drop\ Box
chmod +a "user:$USER allow list,add_file,search,delete,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,writesecurity,chown,file_inherit,directory_inherit" ~/Public/Drop\ Box
Note that this procedure will not properly "fix" the permissions on files inside your various folders, but that doesn't really matter since it gives you full access to them and nobody else can get into the folders anyway...
Solution 2
To Reset file permissions and Access Control Lists (ACLs) of your user's home directory to their default settings do this:
- Boot into the Recovery mode by holding down the Command and R keys during boot.
- Open the terminal (under the Utilities menu)
- Type
resetpasswordinto the terminal and hit Return. - In the Reset Password utility window choose the correct volume, and on the bottom you’ll see an area labeled ‘Reset Home Folder Permissions and ACLs’. Click the Reset button in that area.
- Close windows, quick OS X Utilities, restart.
Solution 3
Run this
cd $HOME
{ sudo chflags -R nouchg,nouappnd ~ $TMPDIR.. ; \
sudo chown -R $UID:staff ~ $_ ; \
sudo chmod -R -N ~ $_ ; \
sudo chmod -R 755 ~ $_ ; \
sudo chmod 700 Desktop Documents Downloads Dropbox Library Movies Music Pictures Sites $_ ; \
sudo chmod 777 Public ; \
sudo chmod 733 Public/Drop\ Box ; \
} 2> /dev/null
Solution 4
Repair Disk Permissions by opening Disk Utility, selecting the drive, then clicking Repair Disk Permissions
Solution 5
After much effort and searching:
While not perfect, I just used the Get Info window on the home folder. It showed "read/write" for the user,* "read only" for admin, and "no access" for everyone. Looked good enough to me.
I then ran the option in the gear menu to apply to all enclosed items.
Restored access to everything! Less than a minute (on my SSD).
Hallelujah! *standard, not admin
Related videos on Youtube
35 : 48
00 : 59
02 : 52
11 : 27
03 : 23
achinda99
I'm currently an undergrad at Drexel University currently pursuing an BSc. in Computer Engineering with a Minor in Computer Science. I've worked co-ops with Yahoo!, Razorfish and SAP America. At those jobs and personally I know the following at a capable level: C#, VB.Net, php, JavaScript, Java, VHDL, SQL (MSSQL, MySQL) Other hobbies include drinking, photography, sports and the occasional video game. I'm also from Sri Lanka.
Updated on September 18, 2022Comments
-
achinda99 over 1 year
Long story short, I managed to muck up the file permissions within my home directory in OS X (Lion). While I'm familiar enough with linux file permissions and more than comfortable changing them, I am unable to get the right combination of permissions and/or commands to change them appropriately.
Before I continue however, I must mention that I have a slightly different setup to a standard install. My hard drive is partitioned into two drives, System and User.
My home folder is located at in Users/[username] on the User drive, ie. when both drives are correctly mounted, it is accessible at /Volumes/User/Users/[username]. In /User/, I have a symlink [username] which points to //Volumes/User/Users/[username] and this has worked just as I wanted.
I tried the following two articles found here and here only t myself locked out of my own home directory. In the meantime I changed them to full global access so that I can use them but I would like to get around to fixing that.
-
HikeMike over 12 yearsThat CNET post is probably pretty destructive. You lose access (executable flag) to all directories within your home. I bet that guy has never attempted to actually do what he wrote.
-
-
achinda99 over 12 yearsFrom within Disk Utility, I select the "User" partition, and I do not have the option to fix permissions (it is disabled).
-
Gordon Davisson over 12 yearsRepair Disk Permissions only fixes permissions on system files, not user files.
-
HikeMike over 12 yearsDoing what you suggest will break things. You will take away execute permissions from binaries. Dashboard widgets, programs in
~/Applications, services will all break. Probably quite a bit more. -
HikeMike over 12 yearsI suggest you skip the second code snippet and invert the third, i.e. take away (non-recursively)
go-rwxfor Documents, Music, etc. (those that are created by default). -
Gordon Davisson over 12 years@Daniel Beck: Most OS X users don't have a user Applications folder (or a personal binaries folder, or...). I hadn't thought of Services, though. Call it a personality quirk, but I don't like having execute permission enabled on non-executables, and I'd rather have to fix the occasional file that needs it than set it on everything. You can find any actual executables with
find ~ -type f -print0 | xargs -0 file | grep executableand then add execute for them (chmod u+x /path/to/file) individually. -
Gordon Davisson over 12 years@Daniel Beck: As for whether to remove group+other access to everything and add it selectively, or remove it selectively, I don't think there's a truly right answer: wiping the original permissions destroyed information, and there's no way to get it back. Your approach probably leaves most files closer to their original permissions, but at the risk of giving away access to things that should not be readable, like ~/.ssh
-
achinda99 over 12 yearsGave this solution a shot. Generally seems to work, except now I have some weird functionality with drag/drop. Essentially I can't seem to drag drop anything (files to folders), one item in a container to another, etc. Furthermore, even in a browser, mouseover doesn't seem to work either. Might have to revert back to 777 until I can figure this out.
-
Gordon Davisson over 12 yearsDrag & Drop and default programs are both related to launch services; check its preferences (
ls -le ~/Library/Preferences/com.apple.LaunchServices*) and for services that need to be executable (see thefindcommand I gave above). BTW, for some reason the execute permission seems to be set for the preference lock files, so maybe runningchmod u+x ~/Library/Preferences/*.lockfilewould help. -
Gordon Davisson over 12 years@Daniel Beck: the grep I gave won't match the listing for the universal container, but it should match the enclosed executables (e.g. "(for architecture i386): Mach-O executable i386").
-
ylluminate over 7 yearsI'm assuming that you used Linc's standard procedure as a starting point: discussions.apple.com/thread/5275515?tstart=0
-
PatrickT almost 4 yearssudo chown -R $USER:staff ~yieldedzsh: bad substitutionThat's where I stopped.
