Can anyone explain the following message
‘Repairing permissions for “****”
Warning: SUID file “System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent” has been modified and will not be repaired.’
The above is the result after repairing permissions on an iMac 2.5 Intel i5 with16GB RAM.
offtopic mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options
At 07:06 -0400 3/8/12, Tony wrote:
Can anyone explain the following message
‘Repairing permissions for ³****²
Warning: SUID file
³System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent²
has been modified and will not be repaired.’The above is the result after repairing permissions on an iMac 2.5
Intel i5 with16GB RAM.
One of my ‘stock’ explanations of SUID:
SUID means Set User ID. Every process that runs on you Mac (use
Activity Monitor to see them all) runs ‘as’ a known user. That is
each process has the rights, privileges and restrictions set for a
particular user. When you run something it runs as you, with your
rights, privileges and restrictions. However some things need a
different set of rights, privileges and restrictions in order to do
their job. Some need more rights than you have, some are more secure
if more restricted, and some like webservers (web sharing) and mysql
servers need specific settings. A SUID file is an executable
application file that is set to be owned by a user that has the
required rights, privileges and restrictions, and has the ‘suid’ bit
set in its permissions. Whenever that application is run, whoever it
is run by, it runs as the user set to be its owner.One example is ‘usbmuxd’ - the USB multiplexer daemon. It controls
all the traffic through your USB ports. It has to be running early
in the boot sequence before the keyboard is required, and so would
be started as ‘root’. This would be rather dangerous, so there is a
special user called ‘_usbmuxd’ with much restricted abilities, and
the usbmuxd is SUID so that it runs with those restrictions when
started.There are also application binaries that are SUID ‘root’ so that
even though you start them (or your login sequence does) they run
with full root privilege because they need wider access in order to
work. I have ‘ccc_helper’ (part of Carbon Copy Cloner) that runs as
root because it needs to be able to copy files that I don’t have the
privilege to read. It is automatically installed that way.Obviously making sure that only the correct files are SUID is quite important.
If a binary that used to be SUID has been changed, then if repairing
permissions just re-added the SUID status whatever it had been
changed to would then have abilities it shouldn’t. That ARDAgent
needs to be replaced with a safe copy before it is made SUID. It
could be anything at present.
David
–
David Ledger - Freelance Unix Sysadmin in the UK.
email@hidden
www.ivdcs.co.uk
offtopic mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options
Apple knowledge base article includes that along with many other similar permission messages that you can “safely ignore”.
http://support.apple.com/kb/TS1448
offtopic mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options
What it says is you changed a setting and permissions repair will not change it back
The day you get a new computer and before you add a printer run permissions repair and note what you see
Now add a printer and run permissions repair and now see how it reports your printer pref is cha fed and repair can not fix it.
It is just telling you your permissions are not virgin anymore
Dale Josephson
Sent from my iPhone 4S
On Aug 3, 2012, at 12:00 PM, chuckamuck email@hidden wrote:
Apple knowledge base article includes that along with many other similar permission messages that you can “safely ignore”.
http://support.apple.com/kb/TS1448
offtopic mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options
offtopic mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options