- How To…
- Installing Mac OS X
- Exploring the Finder
- Configuring System Preferences
- Managing User Accounts
- Managing Files and Folders
- Securing Your Mac
- Application Tips & Techniques
- Utilities Tips & Techniques
- Apple Hardware
- Menu Master 1.2
- MacWireless 11g PC Card
- ChronoSync 3.0
- DejaMenu 1.2
- Endicia for Mac 2.5
- EyeTV 2.0
- VersionTracker Pro 4.1
- Squeezebox 3
- WhatSize 10.2.6
- AppZapper 1.3.1
- DeskPicture 10.02
- Full Tilt Poker
- Portable Handles
- PowerSquid Surge3000
- Firefox 2.0
- USB 2.0 Universal Drive Adapter
- Back-UPS RS 1500 LCD
- Google Desktop 18.104.22.168
- Google Earth 4
- OfficeTime 1.1
- iStat pro 4.01
- PTHPasteboard 4.2.0
- iBiz 3.1.5
- Iris 1.0
- Hazel 2.0.2
- Xspinner 1.0
- Apple Predictions For 2006
- Reviewing 2006 Predictions
- Apple Predictions for 2007
- The Broadband Battle
- Emulating Early Apples
- Tech Tips from a Trip Abroad
- Profiting from the "Macworld Effect"
- Macworld Expo 2007 Keynote
- Tired of Waiting for Apple
- Buying an External Hard Drive
- Things I Love About Leopard
- Macworld Expo 2008 Reflections
- Combo Update 10.5.2
- Things I Loathe About Leopard
Last updated Feb 25, 2005.
The following guide update is reproduced with permission from Brian Tanaka’s Take Control of Permissions in Leopard.
You can tell Mac OS X to ignore ownership of all files and folders on a non-boot volume. Since permissions depend on ownership, when you ignore ownership, permissions are much less effective. This can be helpful in a variety of situations, such as sharing files with a group of people or dealing with ownership problems resulting from having multiple boot volumes.
Although ignoring permissions makes them less effective, it does not make them totally irrelevant, because, despite the name of the option, ignoring ownership doesn’t actually ignore ownership. Instead, each item on the volume takes on a special UID and GID that tell the operating system to act as if any account that accesses the item is the item’s owner. (Ownership of items created before ignore permissions was enabled reverts to original owners when the ignore ownership option is disabled.)
For example, if you ignore ownership on a volume, the operating system will report that whichever account you’re using owns all items on that volume. If a different account looks at items on the volume, the operating system will report that that account is the owner.
It’s like setting a box with your name written on it on a table and leaving the room. When the next person walks in, he sees his name written on the box. If another person walks in and stands beside the first person, she will see her name. To whom does the box belong? Anyone who looks at it! Magic!
However, when an account attempts to work with the item, the permissions relevant to the item’s owner apply, as usual. If, for instance, the permissions allow the owner read permission only, then that item is read-only.
Still, for the vast majority of typical items on a typical volume, this effectively means that all accounts have free access to all items since most items have liberal permissions for the owner. The net effect then, is that ownership is ignored, an permissions aren’t a hindrance. Some people refer to this phenomena as floating permissions, although that’s an inaccurate, unofficial term: the ownership floats, not the permissions.
In Leopard (and Tiger), the special UID is 99 and the special GID is 99—the unknown user and unknown group, respectively.
To see the UID and GID assigned to any item, [in Terminal] use the n option of ls. For example: ls – ln somefile, or ls –lnd somefolder. However, remember that if ignore ownership is on, the operating system will lie and report the UID and GID of your account.
To see the actual UID and GID assigned to an item on a volume with ignore ownership on, use the sudo command to execute the same ls command as root: sudo ls –ln somefile. (When you use sudo, you are prompted for your password. If you are not an administrator, you are not allowed to use sudo.)
Here are some examples of situations wherein you might wish to ignore ownership:
- On volumes shared by different users on the same Mac, or by different users on different Macs. In these situations, turning on ignore ownership will help you avoid permissions problems.
- To share an iPhoto library with multiple users. If you were to use the Shared folder, iPhoto would create files that other users are forbidden to see, but the problem doesn’t happen if you use an external volume with ignore ownership turned on.
As a general rule, you needn’t ignore ownership on a volume. If you are in doubt, simply do not use this function. After all, it’s safer to leave permissions in full effect. You would not want, for example, to ignore ownership on a volume where you stored private or sensitive data.
However, if you want to ignore ownership, follow these steps:
- Working in the Finder, select the volume.
- Choose File > Get Info (Command-I). You may need to click the Sharing & Permissions triangle to reveal more detail.
- Check "Ignore ownership on this volume."
To turn it off, simply uncheck the "Ignore ownership on this volume" checkbox.