What to do if OS X asks for passwords when managing files

After upgrading or making major changes to the system, you may find yourself burdened with authentication messages when managing files in OS X. What now?

In OS X you should be able to create and manipulate files on your system largely without being burdened to authenticate, especially if the files are within resources your account owns such as your home folder. However, after upgrading or otherwise performing changes to the system you may find that the system continually prompts you for a password when you try to manage your files.

Sometimes this issue may occur only when you perform certain tasks such as deleting files (as opposed to placing them in the trash), but at other times it may happen on any manipulation.

OS X is generally split into three access permissions tiers. The first is the user-level access, which are files that you have full access to, regardless of where they are. This is usually just the user's home folder and the files located within it. The second is the admin-level access, which include system files that administrators can freely access without needing to authenticate. Such areas include the global Library folder and the Applications folder (both at the root of the hard drive). The third tier are those that require root-level access, for which even administrators will need to authenticate or possibly will have to switch to running as the root user in order to manage. These include files in the /System folder, and some hidden resources such as the accounts database.

For any of these resources, the default permissions setups that establish these access requirements can be changed. While such changes can result in more open access to resources for accounts that by default don't have access, changes to them can also result in a more restricted environment. If this happens and the management of files that you previously were able to perform without authentication now requires it, then there are some things you can do.

Permissions fix with Disk Utility
Running a permissions fix on the boot drive with Disk Utility will address permissions problems with system resources. Screenshot by Topher Kessler/CNET
  1. Fix permissions on the system
    Most of the root- and admin-level resources on the system are central resources that were installed either by the OS X installer or by a third-party installer. For the most part, along with their installation these resources include a receipt file that is stored in the system, and which contains information about what files were installed and where. In addition, this receipt contains the default permissions setup for each of these files. The system can access this to reset the permissions to their default settings and thereby clear any changes that may currently be preventing access.

    To do this, open the Disk Utility program and then select your boot drive, followed by clicking the "Verify Disk Permissions" button to check for any errors, or the "Repair" button to fix these errors.
  2. Reset account permissions
    The Disk Utility permissions fixing routines will only target files for which there is an associated receipt. This includes most system resources but does not include any resources in the user's home folder or any others that a user has explicitly created. To tackle permissions access errors for files in the home folder, you will need to use a separate utility on the OS X installation drive. Reboot the system to the OS X installer (insert the disc and hold the "C" key, or hold Command-R at start-up for OS X 10.7 or later). Then choose your language and at the installer window choose "Reset Password" from the Utilities menu. If this option is not in this menu (OS X 10.7 or later), then choose the "Terminal" option and enter the command "resetpassword" to launch this utility.

    In the utility, choose your boot drive, then choose your user account from the drop-down menu, followed by clicking the "Reset" button in the "Reset home directory permissions and ACLs" section at the bottom of the window. If files in the user account are still not accessible after this step, then open the Terminal utility and run the following command to remove ACLs. Then reboot to the OS X installer and try resetting account permissions again:

    sudo chmod -RN ~

  3. Users & Groups system preferences
    The account type in OS X can be seen in the Users & Groups system preferences. Screenshot by Topher Kessler/CNET
  4. Check your user account
    While rare, sometimes after upgrading or performing other similar changes to the system, your user account may no longer be a member of the administrator group, which will result in you requiring far more authentication than before your changes. Therefore, be sure to check your account's status in the Users & Groups (or "Accounts") system preferences to see if it is a standard user or an administrator.

    Your system ought to have at least one administrative user account, which you can use to promote or demote others to administrative levels, but if you have no administrative account then you can quickly restore one and be up and running again.
  5. Ignore permissions on external volumes
    Most of the time external hard drives are treated as permission-less storage spaces so you can access any file on them from any account on the system. However, this setting can be reverted on a per-drive basis. If you are finding the system is requesting you authenticate to access files on your external storage drive, it is likely that the drive's permissions are now being observed. While you can make permissions adjustments to the drive to ensure all users have access, one quick way to revert to the normal behavior is to get information on the drive and click the checkbox to ignore permissions on it.

    Keep in mind, this setting is available only for secondary storage volumes, which include external drives and built-in secondary partitions and hard drives, but will not include the boot drive.
  6. Volume ignore permissions setting
    Ensure this option is checked in the information window for mounted volumes to ensure you have full access to them. Screenshot by Topher Kessler/CNET
  7. Clear and rebuild the trash.
    A final area where permissions settings can be a problem is when deleting files. For all locally attached volumes (USB, FireWire, and Thunderbolt drives included), when you delete files the system will initially store them in the OS X Trash, and then delete them fully when you empty the trash. To implement this behavior, OS X creates hidden folders in the user account and at the root of all volumes of locally attached drives to hold trashed files; however, if the system cannot create or access these hidden folders, it will prompt you to immediately delete the files.

    If you are experiencing this issue, you can usually fix the problem by removing the hidden trash folders on the system. To do this, open the Terminal utility and run the following commands to remove the hidden Trash folder in your user account (be absolutely sure there are no spaces following the slash in this command):

    sudo rm -rf ~/.Trash
    sudo rm -rf /.Trashes

    If you have run the commands above, then run the following command to clear the administrative timeout and require a password again (this is just a precautionary step):

    sudo -K

    Following this, you will need to specifically target the .Trashes folders on external and secondary hard drives for removal by typing "sudo rm -rf" in the Terminal followed by a single space. Then drag the secondary volume to the Terminal window to complete the full path to it. (Do not press enter at this time. If you do and are prompted for a password, then press Control-C to cancel and re-type the command).

    With the secondary volume's path entered in the Terminal, press the delete key once to remove the trailing space, then type "/.Trashes" so the command looks like the following:

    sudo rm -rf /Volumes/MyDriveName/.Trashes

    With the command formatted like this, press enter followed by supplying your password to remove the targeted "Trashes" folder. Repeat this procedure for all attached hard drives. Once this is completed, the next time you delete a file from these drives the system will recreate these folders and store the files in them so they appear in the Trash in the OS X Dock.

Questions? Comments? Have a fix? Post them below or e-mail us!
Be sure to check us out on Twitter and the CNET Mac forums.