Egg Freckles
By Thomas Brand

20th Aug 2013 Repair Disk Permissions

Readers ask me when is a good time to Repair Disk Permissions?

My answer, “when is the last time you booted into Mac OS 9?”

Many things you install in Mac OS X are installed from package files (whose filename extension is “.pkg”). Each time something is installed from a package file, a “Bill of Materials” file (whose filename extension is “.bom”) is stored in the package’s receipt file, which is kept in LibraryReceipts in Mac OS X v10.5 and earlier. These files don’t take up much disk space and you shouldn’t put them in the Trash. Each of those “.bom” files contains a list of the files installed by that package, and the proper permissions for each file.

In Mac OS X v10.5 or earlier, when you repair disk permissions Disk Utility reviews each of the .bom files in LibraryReceipts and compares its list to the actual permissions on each file listed. If the permissions differ, Disk Utility reports the difference and corrects them.

Prior to 10.6 you could use any version of Disk Utility on any version of Mac OS X to Repair Disk Permissions. It didn’t matter because the disk permissions being inspected were always compared to the defaults stored in the local LibraryReceipts directory.

Starting Mac OS X v10.6 and later, Disk Utility doesn’t even look in the LibraryReceipts directory when you Repair Disk Permissions. All it does is reset the Base Systems disk permissions back to the default as specified by version of Disk Utility you are using.1

  • Disk Utility can not repair permissions on any drive that does not have Mac OS X installed.
  • Disk Utility can not repair permissions on any third-party software.
  • Disk Utility can not repair permissions on any Apple software outside of the Base System.
  • Disk Utility can not repair permissions on any files in your Home Folder.2

Given all of these limitations what is Repair Disk Permissions good for?

Back in the days when Macs were capable of dual-booting into Mac OS 9 disk permissions were a big problem. Mac OS 9 didn’t respect disk permissions. It treated every file as if you were root.

If you booted into Mac OS 9 and ran some common applications, compressed and decompressed files, moved or renamed files, or (worse) ran a disk utility like Norton, they could completely destroy the permissions for many files that OS X needed to boot or run correctly.

Since this was a relatively common occurrence and a huge support issue, Apple introduced the Repair Privileges Utility. Starting with Mac OS X 10.2 Jaguar the Repair Privileges Utility was combined with Disk Utility. Repair Disk Permissions offered early dual-booting Mac users a quick way to fix their systems and get Mac OS X working again. But now that Macs can’t boot into Mac OS 9, why do we need to repair disk permissions?

The only time you need to run Repair Disk Permissions is if you changed a system-level permission you shouldn’t have. Apple tries to educate users on changing permissions in knowledge base articles like this one, but warns incorrect commands may result in data loss andor unusable system software, reduced system security andor exposure of private data. It is best to leave system-level permissions alone. Sure the freak power outage, cosmic ray, or a runaway installer might mangle some permissions here or there, but those are rare occurrences.3

Leave Repair Disk Permissions for the people who need it most. Gullible people who don’t know what they are doing, and still insist on Zapping their Mac’s PRAM every third Sunday.

  1. Therefore you need a 10.6 version of Disk Utility to repair permissions on a volume with 10.6 installed, and you need a 10.7 version of Disk Utility to repair permissions on a volume with 10.7 installed.
  2. In Mac OS X 10.5 and later, while started up (“booted”) from the Mac OS X 10.5 installation disc, a user’s home directory permissions can be reset using the Reset Password utility.
  3. You don’t need to run repair permissions before installing the latest Software Updates, because the Installer runs as Root and ignores disk permissions anyway.