Migrating to Leopard from Tiger can corrupt up your user’s group settings

If you are a Mac user and have used OS X 10.4 Tiger, then upgraded to OS X 10.5 Leopard, there may be lurking problems in your system.

In Tiger, each of your users had a group id (gid) which matched your user’s Unix ID. Your first user would be 501, second would be 502, etc.

In Leopard, the rules changed so your group should be ‘staff’, or a GID of 20. The Leopard update installer didn’t change this for existing users, so things can go awry later. For example, if an application that runs fine now is later changed to run with the ‘staff’ permissions, it won’t be able to access your own files. Oops.

So the fix, which took literally 20 hours and many forum pages, is long and drawn out, and might not even be fully correct, but here is what I know you need to do at a minimum:

  1. Change your user’s group ID to 20. You do this by opening System Preferences, then click Accounts. Click the padlock to authorize as an administrator, and then right-click your user, choosing Advanced options. Check that the group field reads “staff” or 20. If it does not, change it to 20. Also note your User ID, for example 501.

  2. Change your temporary folders. Yes, this is very geeky unix, but if you don’t do it, any new files created by Apple apps will have the wrong group IDs. BE VERY CAREFUL WITH THIS, AND HAVE A BACKUP! (Mom you ignore this, we’ll fix this for you 🙂 )

    1. Copy the following command to your clipboard: sudo find /private/var/folders/ -group 501 -prune
    2. Open Text Edit and paste the command into a new document
    3. Change the 501 to whatever your User ID was that you noted above
    4. Copy the changed command and paste onto the clipboard
    5. Open Terminal.app found in /Applications/Utilities
    6. Paste the command into the terminal window and press return
    7. Type in your admin password

Now you’re going to see some gibberish, like:

/private/var/folders//IY/IYc8-0-KHNKv-n6jayvDRE+++TI

  1. Copy that output, from the /private.. to the end of the line.
  2. Type (the case is important, and don’t press return): sudo chgrp -R staff
  3. Type a space
  4. Paste in the gibberish so it ends up looking like: sudo chgrp -R staff /private/var/folders//IY/IYc8-0-KHNKv-n6jayvDRE+++TI
  5. Press return

Whew. That should do it. Try making some new files with text edit, saving them to the desktop. Get info and check the permissions, the owner should be you, and the group should be staff.

If you want to fix up old files, you can change every file in your home directory, but the ramifications of that are unknown. However, if you really want to do it (Make sure this is what you want to do!):

  1. sudo chgrp -R staff ~

Will change every file in your home directory to have a group of staff.

All of this nonsense, because Apple has decided to not fix it. Thanks.

Thanks to:

Apple Discussions