I’m very grateful for the many comments which you’ve made recently about my free utility to check permissions, PermissionScanner. Rather than respond to them piecemeal, this article explains what’s possible and what’s not, and provides a new version which hopefully addresses at least some of the issues you’ve raised.
It’s very important to remember what PermissionScanner is trying to do: to alert the user to files, particularly Property Lists containing preference and other settings, which apps and other software expect not only to be able to read, but to write too. One common reason for software failing to do what it needs with such files is that their permissions prevent it, and that’s how Apple got into advising users of how to go about correcting permissions on files in the user’s Home folder.
What PermissionScanner does is to perform a thorough or ‘deep’ search through any of five set locations. This is ‘deep’ in the sense that it looks in every folder and sub-folder that it can find, and keeps burrowing down until there are only files to check. For each file that it finds, it checks whether the current user is able to read or write to that file. Although it normally also checks symbolic links, it doesn’t resolve those, nor does it follow them into a linked folder and examine its contents as well (something I had previously misunderstood).
From several comments, some users have folders they want to check in which there are many broken symbolic links, and in previous versions of PermissionScanner this has resulted in very long lists of non-writable or non-readable files. It’s a moot point as to whether such problems should be reported here, as broken symbolic links could be the cause of problems themselves. To accommodate this as well as possible, this new version of PermissionScanner now has a Shallow option, which eliminates checks on any symbolic links found. In testing here, it reduces the number of items listed as not being writable in the Home Library option from 3984 out of 1,330,843, to 129 out of 1,309,333.
Opinion is divided on whether ~/Documents should be included at all, or whether it should be another option. While some apps may still store settings and similar files in ~/Documents, in Catalina that is a bad choice because of its new privacy protection. The five options offered by PermissionScanner cover:
- ~/Library/Preferences, the most important and relevant folder.
- ~/Library/Preferences, together with ~/Library/Containers, ~/Library/Group Containers, and any preference files elsewhere in ~/Library, which casts the net as wide as practical.
- the whole of ~/Library, which includes ~/Library/Application Support, and custom folders.
- the whole of your Home folder at ~, which includes ~/Documents and other folders as well.
- /Library/Preferences, a smaller but important folder which Apple doesn’t include in its recommendations, but which can cause problems.
In the context of the primary functions of PermissionScanner, I think that selection covers what is required, and goes above and beyond. If you want to check preference files without those confined to ~/Library/Containers or ~/Library/Group Containers, then the first of those is ideal. If you want to check all preference files, the second should be perfect. If you want include other app support and custom folders, then the third is the only wise choice.
PermissionScanner doesn’t formally check Unix permissions on the items that it examines. What it does is ask the file system whether, as the current user, that item is readable or writable, according to the option set by the user. In terms of the app’s functions, that is the only question necessary, as it alerts the user to the potential problem, so that they can inspect that file’s permissions and flags to determine what needs to be corrected, if anything.
PermissionScanner version 1.5 is now available from here: permscan15
from Downloads above, from its Product Page, and through its auto-update mechanism. I hope that it addresses your needs better, and look forward to your further comments.