Q&A: MacFixIt Answers
Surprising user names in permissions lists and how to disable sharing services are covered in this week's Q&A.
MacFixIt Answers is a feature in which I answer Mac-related questions sent in by our readers.
I welcome contributions from readers, so if you have any suggestions or alternative approaches to these problems, please post them in the comments!
Question: Wheel and Fetching users and groups in OS X permissions lists
MacFixIt reader Ken asks:
Who are "permissions" users Wheel and Fetching when you get information on a file in OS X?
The Wheel user is actually a group. Groups in OS X make setting access permissions easier, especially for things like giving administrative access to an account. Access to various areas of the operating system is already defined for the admin group, so instead of giving an account access to those areas individually, you can simply add the account to that group.
There are a number of hidden and special groups in OS X, with the Wheel group being accounts that are given access to the "sudo" command for running commands as another user, especially the root user. For the most part, members of this group will be administrative user accounts.
Accounts and groups are identified by series of numbers, with the name as a mask to make identifying the number easier on you. If the specified group or user number does not exist, then the system will spend time trying to locate it (the account may be a local one, or one defined on a network domain). If you see "Fetching" listed, then the system cannot pair up the user or group ID number with an account on the system, either because it is missing (the account was deleted) or because its ID has somehow changed (sometimes from migrating accounts to a new system).
Generally these occurrences do not cause any problems, but if you are having access permissions errors then try using Disk Utility's Permissions Repair routine to correct permissions on system files and for some installed applications. This should ensure that files and applications are properly accessible.
Question: Disabling OS X sharing services to prevent intrusion
MacFixIt reader Alan asks:
We recently discovered a vicious hack/malware on all of our Mac OS X computers. Our "experts" have instructed us to do many things to "harden" our devices in addition to installing some high-end firewalls. How do I disable ANY Windows file sharing or sharing "tools" like SMB etc?
These services are enabled or disabled in the Sharing system preferences pane. Go to this pane, and then uncheck all of the listed services to disable them, and you will block a number of access routes to your computer. In addition, go to the Security & Privacy system preferences and be sure the firewall is enabled (click the lock to authenticate, then click the button in the Firewall tab).
Finally, if you are very concerned about what programs on your system are contacting which external servers, you can install a tool like Little Snitch to monitor outgoing traffic and warn you of any connections being made.