[Update 7/20/17] As of 10.12.6 RepairHomePermissions still fails with error: Unable to launch the underlying task process. Also my bug report has been marked as a DUPLICATE OF 25393689.
[Update 1/26/17] As of 10.12.3 RepairHomePermissions still fails with error: Unable to launch the underlying task process.
One of the areas that hasn’t gotten much coverage with the update to Sierra is the Recovery HD. This is the minimal OS environment that lets us do things like reinstall the OS, restore a Time Machine backup, and partition volumes before an install.
The other thing that Recovery allows us to do is to reset forgotten passwords. Originally, we could do this by booting off the install CD/DVD. Once those went away Recovery HD gave us a Reset Password option in the Utilities menu. That went away in Yosemite(?) but we could get the same functionality by choosing Utilities -> Terminal and running the resetpassword command.
This reset password utility would also allow us to reset a users home folder permissions, including the default ACLs.
Now with macOS Sierra v10.12, this has changed again. To start, boot to Recovery by holding down Command-R at startup. You will end up at a screen like:
Then open the Utilities menu and choose Terminal:
In the Terminal window that open, run the resetpassword command to bring up a new assistant.
Select the user you need to reset the password of and click Next.
Then you can enter the new password and confirm it. Add a hint if you want and click Next.
Finally you get confirmation of the change and can reboot. Or if you open the Reset Password menu, you can quit to easily return to the Terminal.
The piece that is missing from all that is reseting home folder permissions. It turns out there is a new tool to (try to) do this. Back in your terminal, enter the command RepairHomePermissions and hit Enter.
Again an assistant opens and we can select the user whose home folder permissions we need to reset. Click Next.
Unfortunately, at this time (Sierra v10.12 build 16A323) the process fails.
Again, you can reboot or Quit the RepairHomePermissions assistant (interestingly called ResetPassword in the menu bar).
Note that RepairHomePermissions is available in a full Sierra install, but fails even sooner when run as it tries to reference /System/Installation/CDIS/KeyRecoveryAssistant.app/Contents/MacOS/KeyRecoveryAssistant, which doesn’t exist on a standard install.
Also both of these assistants will have you unlock a FileVaulted drive before asking you which user to work with.
Thanks to MacAdmin Slack members mikethefifth, for asking about reseting home folder permissions which prompted these tests, and owen.pragel, for sharing the new command list that included the tantalizing RepairHomePermissions and for finding the reference to KeyRecoveryAssistant.
Update: I have filed a bug about RepairHomePermissions not working. https://openradar.appspot.com/28431470