macOS Sierra Recovery HD Changes

[Update 7/20/17] As of 10.12.6 RepairHomePermissions still fails with error: Unable to launch the underlying task process.  Also my bug report has been marked as a  DUPLICATE OF 25393689.

[Update 1/26/17] As of 10.12.3 RepairHomePermissions still fails with error: Unable to launch the underlying task process.

One of the areas that hasn’t gotten much coverage with the update to Sierra is the Recovery HD. This is the minimal OS environment that lets us do things like reinstall the OS, restore a Time Machine backup, and partition volumes before an install.
The other thing that Recovery allows us to do is to reset forgotten passwords. Originally, we could do this by booting off the install CD/DVD. Once those went away Recovery HD gave us a Reset Password option in the Utilities menu. That went away in Yosemite(?) but we could get the same functionality by choosing Utilities -> Terminal and running the resetpassword command.
This reset password utility would also allow us to reset a users home folder permissions, including the default ACLs.
Now with macOS Sierra v10.12, this has changed again. To start, boot to Recovery by holding down Command-R at startup.  You will end up at a screen like:

Screen Shot 2016-09-21 at 3.10.31 PM.png

Then open the Utilities menu and choose Terminal:Screen Shot 2016-09-21 at 3.10.55 PM.png

In the Terminal window that open, run the resetpassword command to bring up a new assistant.Screen Shot 2016-09-21 at 3.11.11 PM.png

Select the user you need to reset the password of and click Next.

Screen Shot 2016-09-21 at 3.11.28 PM.png

Then you can enter the new password and confirm it.  Add a hint if you want and click Next.Screen Shot 2016-09-21 at 3.11.42 PM.png

Finally you get confirmation of the change and can reboot.  Or if you open the Reset Password menu, you can quit to easily return to the Terminal.Screen Shot 2016-09-21 at 3.11.57 PM.png

The piece that is missing from all that is reseting home folder permissions.  It turns out there is a new tool to (try to) do this.  Back in your terminal, enter the command RepairHomePermissions and hit Enter.Screen Shot 2016-09-21 at 3.12.28 PM.png

Again an assistant opens and we can select the user whose home folder permissions we need to reset.  Click Next.Screen Shot 2016-09-21 at 3.12.36 PM.png

Unfortunately, at this time (Sierra v10.12 build 16A323) the process fails.Screen Shot 2016-09-21 at 3.12.41 PM.png

Again, you can reboot or Quit the RepairHomePermissions assistant (interestingly called ResetPassword in the menu bar).

Note that RepairHomePermissions is available in a full Sierra install, but fails even sooner when run as it tries to reference /System/Installation/CDIS/KeyRecoveryAssistant.app/Contents/MacOS/KeyRecoveryAssistant, which doesn’t exist on a standard install.

Also both of these assistants will have you unlock a FileVaulted drive before asking you which user to work with.

Thanks to MacAdmin Slack members mikethefifth, for asking about reseting home folder permissions which prompted these tests, and owen.pragel, for sharing the new command list that included the tantalizing RepairHomePermissions and for finding the reference to KeyRecoveryAssistant.

Update: I have filed a bug about RepairHomePermissions not working. https://openradar.appspot.com/28431470

 

 

 

Advertisements

One thought on “macOS Sierra Recovery HD Changes

  1. I accidentally changed the ACLs permissions on my home folder and had the same problem on my MacBook Pro running macOS Sierra version 10.12.2

    Follow the step below to changed the folders No Access permissions and revert back to Allow access:

    Restart with the Command and S keys held down, and run the following commands:

    mount -uw /
    chown root /
    chmod 1775 /
    exit

    After the last command “exit” your system should restart on its own and everything should appear the same as the time before you changed the Home folder permissions.

    I hope this helps,

    Extreme Landing
    https://ExtremeLanding.com/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s