Permissions - lack of

My folders and some files say I have “custom access” - some, like the mail folder say I have “read only.” I have spent days with Apple Senior Level Advisors and they have been unable to solve the problem - which in many cases keeps me from making changes or seems to slow my computer down. I went from Ventura (had the problem there) to a clean install of Sonoma. Same problem. I’ve done repair permissions using terminal in the normal mode as well as recovery. Solutions? thank you. David

Can you clarify what you did when you say “clean install of Sonoma”?

I erased my SSD internal drive, then used migration assistant to reinstall from TM B/U.
When that didn’t solve the issue, Apple had me erase the drive again and install by dragging folders them from the TM backup.
Did this several times with them.

IMO Moving entire folders over from a Time Machine backup or using Migration Assistant to retrieve your backed up folder is simply re-introducing the same problem - which is the permissions that are set in that backed up copy.
Did Apple Support examine the permissions on that backed up copy using CLI commands to determine what they are? The ACLs have to be checked as well as the permissions shown by the ‘ls’ command.
I assume that your files were accessible at one point in time and then “poof” something happened to make them unusable. Any recollection on when things stopped working?

I don’t think that they used CLI commands to look at anything.
Agree that importing imported the problems.

Re: Poof
My best guess is that somewhere between Catalina and Ventura - I did used migration assistant in bringing in a new OS and I set up a different user from the one in Catalina.

Is there a place to go to find the CLI commands to use them?

Thank you for your assistance.


Unix 101: “man ls”

in particular you want the “ls -ael” variant The “e” option shows the access control list for the file/directory,. Between the standard UNIX permissions (such as rwxrwxrwx which represents owner, group, everyone) and the ACL (which augments the UNIX standard permissions) you should have a good idea of what permissions are. This output should match up with what you see in the Finder’s “Get Info” dialog.

The brute force mechanism is to do the following:

ls -aeld /Users/*your-user-name* > file-list.out
ls -aelR /Users/*your-user-name* >> file-list.out

That will list every file in your home folder and descend into sub-folders.

At that point it becomes an exercise in filtering text in the output file to try and find the rogue files/folders that have the wrong permissions.

Having “custom access” to a file or folder is not a problem unless what the permissions do not give the owner (that is, you) at a minimum read and write access to the files. I have custom access on all of my folders in my home folder with the exception of the Public folder.

In general all of the files and folders on your account should list you as the owner with read/write/execute permissions. There might be some outliers, but you should have at least read and write access. And in today’s macOS, the group found for the file/folder in the ls command should be “staff” like the following:

me@Upstairs ~ % ls -aled ~/Desktop
drwx------@ 4 me staff 128 Jan 1 13:21 /Users/me/Desktop
0: group:everyone deny delete

Again, in general, if the files don’t conform to these rules then something is wrong and most likely occurred when migrating files to a new username under the older macOS. Migration Assistant was somewhat brittle in older macOS release for things like migrating to a new username.

Good luck and I hope this helps.

Have you noticed whether the files you can’t open are from the previous user?

I have both.
Files I can’t change that I just created this year with the same user and files that may have been created before the current user.

I have an excel file created in September (Ventura - same user) I can’t make changes to despite “Get Info” showing that the user has both read and write permissions.

The error message:

David Tuma

Sounds like something was amiss with the perms beforehand and Migration Assistant didn’t fix it. This should work…

Create a new admin account and log in with it.
Make sure you have a backup just in case.
Delete old user account and choose the option to preserve home directory. This might end up in /Users/Deleted users instead of /Users.
Reboot…really not needed but just in case…and log in with the previously created admin account.
After verifying the old home directory is in /Users…move it if needed…create new daily driver account with the same user name as before…and you should really make this a non admin account for security purposes. You will get a prompt to create new or use existing home directory…choose the latter. This will fix the permissions on the home directory
Log out and in as the new user account.
If you’re logged in as non admin and need to do something admin-y…just provide that username and password in the authentication box. I also add my daily non admin account to the sudoers file for terminal use purposes but that’s not strictly needed.

My folders and some files say I have “custom access”

1 Like

One other thought. Check the permissions on all the folder containing the documents. You should have write permissions to that.

File hierarchy:

System has “R&W"
I can’t add my user (markindia2) - don’t have necessary permission

User (markindia2)
Shows I have “R&W” and I can make changes to those who have access

Shows I have “R&W” and I can make changes to those who have access

Tax Filings TurboTax
Shows I have “R&W” and I can make changes to those who have access

2023 Tax Return
Shows I have “R&W” and I can make changes to those who have access

Excel file
Shows I have “R&W” and I can make changes to those who have access
After checking and making any changes to “get info” for access, I restarted.
No change.
When I try to save changes, I can’t.
I get:

David Tuma

This message and attachments, if any, is a private communication intended for the recipients only. It may contain information that is privileged or confidential. If you are not the intended recipient, please do not read, copy or use it, and do not disclose it to others. Please notify the sender of the delivery error by replying to this message, and then delete it and any attachments from your system. Thank you.

I get this from Excel periodically, if you just save as with a new name it will fix the permissions. So not the permissions from the computer but from Excel .



I’m not sure if this will fix it, but how about going into the Settings app. Click “Privacy & Security”, then “Full Disk Access”, and see if Excel is turned on for Full Disk Access. If not, does turning it on fix the issue for saving the excel file?

It’s important to underscore this point.

If a file is writable but its folder is not, an app can write (and overwrite) the contents of that file. But in this situation, it can not create a new file in that location.

Many apps will not overwrite a file when you save it, but they will create a new temporary file. Then they will replace the original file with the temporary file (using the replaceItem API, which will preserve permissions and ensure that no data loss occurs).

If the temporary file is created in the same location as the original, then it will need write permissions for its folder in order for the procedure to work.

So why do apps do it this way? The two most important reasons (at least to me) are:

  • To make a backup copy of the original (if the app is configured to do so).
  • If there’s an error saving the file, you don’t want the original to be trashed.
1 Like

Thank you but “no joy.”
I gave them full disk access and then restarted but still could make changes.


Top level, my SSD Internal HD says I have read only - won’t let me change as I don’t have necessary permission

Next level down is “Users” - it only allows “read” won’t let me change as I don’t have necessary permission

Although I can get to the section to make changes, I can’t add me as the admin because I can’t make a change.

In Sharing & Permissions, they both show:
System: Read & Write
Wheel: Read Only
Everyone: Read Only

Can’t add or change the ones there.

David Tuma

On my M1 Mac mini (Sonoma) and 2014 Intel Mac mini (Monterey), the root permissions are the same as yours,

However, on both the permissions on /Users for mine are:
system: Read & Write
admin: Read only
everyone: Read only

The user group for the /Users folder is not ‘wheel’ in a fresh macOS installation. IMO that needs to be fixed - and not by adding yourself to the access control list of /Users.

No user except the root user is a member of wheel. If your user account is set up as an admin, you are a member of the “admin” group, not ‘wheel’.

(the sudo CLI command as distributed with macOS keys off of membership of the ‘admin’ group and not ‘wheel’. - it’s likely that anywhere that you need to enter an admin password also keys off of membership in the ‘admin’ group).

Also the user folders in the Users directory have:

: Read & Write
staff: Read only
everyone: Read only

1 Like

Please open terminal and cd to the directory where this spreadsheet is.

Then provide the output to ls -ln <filename>. Because of the spaces, you will need to wrap the file name in double quotes or else use tab to help finish typing the name.

Then provide the output to id.

The goal is to find out if the uid (not the name) of the file matches “you”.