Wheel Group

1976pianoman · Nov 14, 2015

Hi,

Is it normal that files my home user account contains file permissions allowing the Wheel group? I noticed this when I happen to check the properties of a file I downloaded and saved to my desktop. I noticed the Wheel group have read permissions, then checked around some more and discovered wheel is all up in my business in home folder.

Thanks.

dsemf · Nov 14, 2015

1976pianoman said:
Hi,

Is it normal that files my home user account contains file permissions allowing the Wheel group? I noticed this when I happen to check the properties of a file I downloaded and saved to my desktop. I noticed the Wheel group have read permissions, then checked around some more and discovered wheel is all up in my business in home folder.

Thanks.

Check the permissions for the Desktop itself. I suspect you will see that only you have access. Without access to the Desktop itself, other people cannot see the contents of the Desktop.

If you look at other top level folders such as Documents, Photos, Music, etc., you will see the same situation. Library and Public have access at the top level, but will be restricted as necessary at lower levels.

DS

1976pianoman · Nov 14, 2015

So how does a saved file to the desktop end up with Wheel permissions? And if the desktop itself does not have Wheel permissions, can Wheel access the said desktop item?

SlCKB0Y · Nov 14, 2015

1976pianoman said:
Hi,

Is it normal that files my home user account contains file permissions allowing the Wheel group? I noticed this when I happen to check the properties of a file I downloaded and saved to my desktop. I noticed the Wheel group have read permissions, then checked around some more and discovered wheel is all up in my business in home folder.

Thanks.

This explains it pretty well:
http://superuser.com/questions/191955/what-is-the-wheel-user-in-os-x

In OS X, "wheel" is the default group for the root user.

MacBook-Pro:~ user$ su
Password:
sh-3.2# id
uid=0(root) gid=0(wheel) groups=0(wheel),1(daemon),2(kmem),3(sys),4(tty),5(operator),8(procview),9(procmod),12(everyone),20(staff),29(certusers),61(localaccounts),80(admin),33(_appstore),98(_lpadmin),100(_lpoperator),204(_developer),395(com.apple.access_ftp),398(com.apple.access_screensharing),101(com.apple.access_ssh-disabled)

1976pianoman · Nov 14, 2015

SlCKB0Y said:
In OS X, "wheel" is the default group for the root user.

Yes, I am aware of that. That is why I thought it was strange to see it where I am seeing it on desktop files, anything I download and many of the files in the home folder.

SlCKB0Y · Nov 14, 2015

1976pianoman said:
Yes, I am aware of that. That is why I thought it was strange to see it where I am seeing it on desktop files, anything I download and many of the files in the home folder.

Well it is weird - I can't replicate the behaviour.

Even weirder is that although the group wheel still exists in OS X, it is no longer used as it previously was. Previously only users in group wheel could su to root. Wheel has been replaced by group "admin" for this function (su and sudo).

Source: https://developer.apple.com/library...uide/FileSystemDetails/FileSystemDetails.html

The Wheel Group
There is a special group in BSD called the wheel group. Membership in the wheel group confers on users the ability to become the root user by using the su utility on the command line. Users who are not in the wheel group can’t become the root user, even if they have the correct password.

In OS X v 10.3 and later, the wheel group is not used. Its functions have been assumed by the admin group.

dsemf · Nov 15, 2015

1976pianoman said:
Yes, I am aware of that. That is why I thought it was strange to see it where I am seeing it on desktop files, anything I download and many of the files in the home folder.

Open a terminal window and run the id command.

This is what I get:

Code:

uid=502(xyz) gid=20(staff) groups=20(staff),12(everyone),61(localaccounts),701(com.apple.sharepoint.group.1),100(_lpoperator)

This means that any file or directory that I create will have xyz as the owner and staff as the group.

Here is a partial output from the ls -l command:

Code:

drwx------+  12 xyz   staff    408 Nov 14 12:35 Desktop/
drwx------+  22 xyz   staff    748 Oct 24 12:14 Documents/
drwx------+  10 xyz   staff    340 Nov  7 08:18 Downloads/

As you can see, staff does not have any access to these top level directories and will not be able to traverse the directory trees.

Here is a top level directory that I created:

Code:

drwxr-xr-x   31 xyz   staff   1054 Aug 17 08:06 W7/

In this case I did not restrict the permissions so anyone in the staff group can traverse this directory.

DS

dogslobber · Nov 15, 2015

1976pianoman said:
Hi,

Is it normal that files my home user account contains file permissions allowing the Wheel group? I noticed this when I happen to check the properties of a file I downloaded and saved to my desktop. I noticed the Wheel group have read permissions, then checked around some more and discovered wheel is all up in my business in home folder.

Thanks.

Possibly the group setting for the folder is wheel. If you then create files in that directory then it'll make those files owned by wheel too.

If that's the issue then you'd need to change the group owner to say "staff" then recursively change all the files to "staff" group too.

E.g. if your $USER dir is the wrong group then do

chgrp -R staff $USER

Don't try that without a backup mind!

APPLEMACNEO · Oct 6, 2024

The “wheel” showed up after I upgraded to the new mac upgrade. It is linked to sharing. Check your sharing settings it opens up all of your sharing settings.

Search

Search

Wheel Group

1976pianoman

macrumors newbie

dsemf

macrumors 6502

1976pianoman

macrumors newbie

SlCKB0Y

macrumors 68040

1976pianoman

macrumors newbie

SlCKB0Y

macrumors 68040

dsemf

macrumors 6502

dogslobber

macrumors 601

APPLEMACNEO

macrumors newbie

Our Staff