This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Regarding KB 131959 for MacOS Permissions errors, The prescribed script is erroneous as written by Sophos and corrective action steps for incorrect permissions do not work as they are written to operate on the recovery console instead of on the boot volume

Regarding KB 131959:

In running the prescribed script, there is a major error that results in the failure of properly echoing the folder path that is non-compliant to the criteria. Specifically, the following line simply echoes the command "ls-ld $directory" instead of actually echoing the output of the command.
echo 'BAD PERMISSIONS ' 'ls -ld "$directory"'

This can be fixed by changing it to the following 2 lines:
echo 'BAD PERMISSIONS for: '
ls -ld "$directory"

I would recommend adding the following between fi and done:
echo 'Persmissions OK for:'
ls -ld "$directory"
echo 'Script complete'

With respect to the instructions for fixing bad permissions, the instructions are incorrect. The instructions as written result in the commands being executed within the Recovery Partition, which is not correct as it is read-only and is not the source of the problem. They should be executed in the appropriate boot volume. Therefore, each command should be executed as relative command once cd is executed to navigating to the appropriate boot volume. For example:

cd /Volumes/MacOSX/
chmod 755 Library

or if the problem is with the volume root:
cd /Volumes/
chmod 755 MacOSX


And, one more thing, you state that sudo should be used in the Recovery terminal. Sudo is not possible to be used in that environment. You are inherently a root user within that environment and sudo will fail as it does not exist.

[locked by: SupportFlo at 9:59 PM (GMT -8) on 29 Nov 2018]
Parents Reply
  • To follow up:

    The typo in the script has been fixed accordingly.

    Regarding the fix steps:

    These are steps written for in normal mode, the instructions state to reboot to normal mode to fix permissions. Performing via recovery console, which is somewhat possible, can differ in location, so it's best to go to normal mode as the article specifies, in order to fix permissions.

    I will reach out to you via PM to discuss your reward! :)

    Community Manager, Support & Services

    Support Videos | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question, please use the 'Verify Answer' button.
No Data