Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > Software - Troubleshooting and Discussion > Mac OS X > 10.5.5 permissions issue

10.5.5 permissions issue
Thread Tools
Mac Enthusiast
Join Date: Apr 2003
Location: Seattle
Status: Offline
Reply With Quote
Sep 16, 2008, 05:46 PM
 
I just updated from 10.5.4 to 10.5.5 via Software Update. Booted twice, as expected, and everything seems OK. I repaired permissions and got the following:

Warning: SUID file "System/Library/CoreServices/Finder.app/Contents/Resources/OwnerGroupTool" has been modified and will not be repaired.
Warning: SUID file "usr/bin/lppasswd" has been modified and will not be repaired.

Is this something serious? How do I fix this? Should I be worried?

Thanks.
     
Grizzled Veteran
Join Date: Mar 2004
Status: Offline
Reply With Quote
Sep 16, 2008, 07:47 PM
 
Originally Posted by Douglashh View Post
I just updated from 10.5.4 to 10.5.5 via Software Update. Booted twice, as expected, and everything seems OK. I repaired permissions and got the following:

Warning: SUID file "System/Library/CoreServices/Finder.app/Contents/Resources/OwnerGroupTool" has been modified and will not be repaired.
Warning: SUID file "usr/bin/lppasswd" has been modified and will not be repaired.

Is this something serious? How do I fix this? Should I be worried?
Hard to say if it's serious, since the message doesn't indicate how it "has been modified".
For security reasons (it would seem), Disk Utility now refuses to do anything with the file.

Anyway, run these two blue commands and compare their output to mine:

ls -lOeT /usr/bin/lppasswd

-rwsr-xr-x 1 root wheel - 47472 Sep 3 21:24:06 /usr/bin/lppasswd

openssl sha1 /usr/bin/lppasswd

SHA1(/usr/bin/lppasswd)= 3a81c34ddaef4863960f7cf5aa32c1b5bb1d1ea8

Post your output, and maybe someone can recommend a solution.

--

According to...

pkgutil --file-info /usr/bin/lppasswd

volume: /
path: usr/bin/lppasswd

pkgid: com.apple.pkg.BSD
pkg-version: 10.5.0.1.1.1192168948
install-time: 1196363433
uid: 0
gid: 0
mode: 100755

pkgid: com.apple.pkg.update.os.10.5.2.combo
pkg-version: 1.0.1.1191932192
install-time: 1202790807
uid: 0
gid: 26
mode: 104755
sha1: <6f2f1387 246a69c0 fc54701d f4daef44 89a7f7f9>

pkgid: com.apple.pkg.update.os.10.5.3.combo
pkg-version: 1.0.1.1191932192
install-time: 1212023877
uid: 0
gid: 0
mode: 104755
sha1: <b8de2db3 f8e0a555 27742da7 3d8f9121 bf474047>

pkgid: com.apple.pkg.update.os.10.5.4.combo
pkg-version: 1.0.1.1191932192
install-time: 1220481452
uid: 0
gid: 0
mode: 104755
sha1: <b8de2db3 f8e0a555 27742da7 3d8f9121 bf474047>

pkgid: com.apple.pkg.update.os.10.5.5.combo
pkg-version: 1.0.1.1191932192
install-time: 1221531856
uid: 0
gid: 0
mode: 104755
sha1: <3a81c34d daef4863 960f7cf5 aa32c1b5 bb1d1ea8>


...we can see the file came from the BSD package originally, without any suid bit.
Then the 10.5.2 (combo update) set the suid bit, but changed the group to 26 (_lp).
Remaining combo updates retained the suid bit, but restored the group to 0 (wheel).

At the end there (10.5.5) you can see the sha1 digest matches what i got from command #2.

FWIW,

-HI-

EDIT: ooops, i forgot about the other file there

ls -lOeT /System/Library/CoreServices/Finder.app/Contents/Resources/OwnerGroupTool

-rwsr-xr-x 1 root wheel - 38432 Aug 22 00:12:13 2008 /System/Library/CoreServices/Finder.app/Contents/Resources/OwnerGroupTool

openssl sha1 /System/Library/CoreServices/Finder.app/Contents/Resources/OwnerGroupTool

SHA1(/System/Library/CoreServices/Finder.app/Contents/Resources/OwnerGroupTool)= f57684d10ac1cf817ade56be7d822025e57d6c74

[are you on an intel or ppc Mac?]
( Last edited by Hal Itosis; Sep 16, 2008 at 08:02 PM. )
-HI-
     
Mac Enthusiast
Join Date: Apr 2003
Location: Seattle
Status: Offline
Reply With Quote
Sep 17, 2008, 02:12 AM
 
I have an intel MacMini. According to Apple this is a known issue and not a problem and can be ignored.
     
Posting Junkie
Join Date: May 2001
Location: Brisbane, Australia
Status: Offline
Reply With Quote
Sep 17, 2008, 04:27 AM
 
…as with most "errors" during permissions repair.

[ fb ] [ flickr ] [] [scl] [ last ] [ plaxo ]
     
Grizzled Veteran
Join Date: Mar 2004
Status: Offline
Reply With Quote
Sep 17, 2008, 08:19 AM
 
Originally Posted by Douglashh View Post
According to Apple this is a known issue and not a problem and can be ignored.
Nonsense. Until we see a listing of those files, neither you nor I nor Apple have the slightest idea what's up with them. As I indicated: D.U. refuses to touch any suid file if it appears "modified" (even if it's not supposed to be suid in the first place!!!). One case at MacFixIt (and another at macosxhints) had the suid bit set on /sbin/launchd -- and that caused every program the user launched to be run as root. People there also looked at the Disk Utility report and quoted that same Apple article saying: "this is a known issue and not a problem and can be ignored."

Horse*censored*

I'll concede that in this particular case it might be harmless. And -- if you're not even curious enough to see exactly what's what (by doing a simple ls command) -- then I won't waste any time on it either. Just be aware: all suid errors are not created equal... and some are potentially quite problematic.
( Last edited by Hal Itosis; Sep 17, 2008 at 08:41 AM. Reason: added linkages)
-HI-
     
Mac Enthusiast
Join Date: Apr 2003
Location: Seattle
Status: Offline
Reply With Quote
Sep 17, 2008, 12:28 PM
 
This is what I received from Apple that said they can/should be ignored.

http://support.apple.com/kb/TS1448?viewlocale=en_US
     
Moderator
Join Date: Jan 2001
Location: Polwaristan
Status: Offline
Reply With Quote
Sep 17, 2008, 12:47 PM
 
If you want to try something else to make it go away, download the 10.5.5 combo updater and run it. Sometimes it will fix issues that the regular updater created or avoided.
     
Posting Junkie
Join Date: Dec 2000
Status: Offline
Reply With Quote
Sep 17, 2008, 02:22 PM
 
Are you still able to use the "Authenticate" button in the Finder? If so, relax.

The thing I hate about Repair Permissions is how it's placed in the same context as the regular disk repair tool, causing people to run around like headless chickens if it ever logs anything. Is your system working properly? Then you don't need to worry about Repair Permissions.

Ticking sound coming from a .pkg package? Don't let the .bom go off! Inspect it first with Pacifist. Macworld - five mice!
     
Mac Enthusiast
Join Date: Apr 2003
Location: Seattle
Status: Offline
Reply With Quote
Sep 17, 2008, 05:16 PM
 
"Authenticate" button in the Finder? What is that?

System is running just fine.
     
Posting Junkie
Join Date: Dec 2000
Status: Offline
Reply With Quote
Sep 17, 2008, 05:34 PM
 
When you try to do something that requires authentication, like trying to add something to a folder that's owned by root or trying to change a file's permissions in the Get Info window. I think the OwnerGroupTool binary is in charge of that.

Ticking sound coming from a .pkg package? Don't let the .bom go off! Inspect it first with Pacifist. Macworld - five mice!
     
Mac Enthusiast
Join Date: Apr 2003
Location: Seattle
Status: Offline
Reply With Quote
Sep 17, 2008, 05:47 PM
 
OK, thanks. No problem with the "Authenticate" button at all i've used it a number of times since the upgrade. No problem logging in or out of my account either.
     
Posting Junkie
Join Date: Dec 2000
Status: Offline
Reply With Quote
Sep 17, 2008, 06:04 PM
 
Then I wouldn't worry about it.

Ticking sound coming from a .pkg package? Don't let the .bom go off! Inspect it first with Pacifist. Macworld - five mice!
     
Grizzled Veteran
Join Date: Mar 2004
Status: Offline
Reply With Quote
Sep 17, 2008, 08:14 PM
 
I agree, no need to worry.

Also... no need to wonder, or guess, or assume, or speculate.
There's no need for any mystery whatsoever.

The simple commands posted above will reveal EVERYTHING about those
items anyone would ever need to know (in this thread's context).


The thing I hate about Repair Permissions is how it's placed in the same context as the regular disk repair tool,
Agreed again.
-HI-
     
Fresh-Faced Recruit
Join Date: Oct 2008
Status: Offline
Reply With Quote
Oct 12, 2008, 12:56 PM
 
Funny how things happen,
I did my usual repair permissions this AM and got the same message, tried a few more times and still got the same SUID warning. I then "Updated" from the single to the combo updater and behold, the SUID's are gone. End result, the upgrade does fix it.... for now.

Mike
     
   
Thread Tools
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Top
Privacy Policy
All times are GMT -4. The time now is 11:32 PM.
All contents of these forums © 1995-2014 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2014, Jelsoft Enterprises Ltd., Content Relevant URLs by vBSEO 3.3.2