An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Topic Options
#33184 - 02/22/15 11:31 AM Recent COMBO Update
MG2009 Offline


Registered: 08/05/09
Yesterday I updated from Yosemite 10.10.1 to 10.10.2 (combo).

I then ran a Permissions Repair and got the following results:

Warning: SUID file “usr/bin/at” has been modified and will not be repaired.
Warning: SUID file “usr/bin/atq” has been modified and will not be repaired.
Warning: SUID file “usr/bin/atrm” has been modified and will not be repaired.
Warning: SUID file “usr/bin/batch” has been modified and will not be repaired.
Warning: SUID file “usr/bin/newgrp” has been modified and will not be repaired.
Warning: SUID file “System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent” has been modified and will not be repaired.
Warning: SUID file “usr/lib/sa/sadc” has been modified and will not be repaired.
Warning: SUID file “usr/libexec/security_authtrampoline” has been modified and will not be repaired.
Warning: SUID file “usr/bin/login” has been modified and will not be repaired.
Warning: SUID file “usr/libexec/authopen” has been modified and will not be repaired.


Anything here about which I should be concerned? (I haven't seen these SUID warnings before.)

Thanks.

Top
#33233 - 02/28/15 07:57 AM Re: Recent COMBO Update [Re: MG2009]
Ira L Offline


Registered: 08/13/09
Loc: California
I cannot address your specific warnings, but I do know that when you run System updaters the installation process requires that the Installer "take over" your computer. To do this requires modifying permissions on certain System files. Once the installation is complete you get back your computer, but Disk Utility may note that a modification has taken place.

I have seen similar warnings myself on occasion, but not to the extent that you are currently.
_________________________
On a Mac since 1984.
Currently: 27" iMacs, Macbook Air, macOS 10.14.x,; iPhones, iPods and iPads galore!

Top
#33234 - 02/28/15 10:55 AM Re: Recent COMBO Update [Re: MG2009]
MarkG Offline


Registered: 08/06/09
This may prove useful http://support.apple.com/en-us/HT203172 Mac OS X: Disk Utility's Repair Disk Permissions messages that you can safely ignore

Top
#33359 - 03/08/15 11:11 PM Re: Recent COMBO Update [Re: MarkG]
MG2009 Offline


Registered: 08/05/09
Thanks, Folks, for the info.

I decided to clean install BACK to Yosemite's original 10.10 version from last autumn. Ran DU afterwards and have not yet seen any SUID messages in the log.

Both 10.10.1 and 10.10.2 have been grief for my early 2011 MBPro. So I think I will wait until 10.10.3 becomes available to see what happens.

Maybe my old MBPro is just not up to the new tweaks of each upgrade?

Top
#33361 - 03/08/15 11:41 PM Re: Recent COMBO Update [Re: MG2009]
artie505 Online


Registered: 08/04/09
Originally Posted By: MG2009
Maybe my old MBPro is just not up to the new tweaks of each upgrade?

How old is it, and how much RAM have you got in it?

2011 isn't terribly old, and you've got at least 8GB of memory, so you shouldn't have any real issues running Yosemite in that respect.


Edited by artie505 (03/09/15 04:46 PM)
Edit Reason: Questions answered
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#33572 - 03/27/15 09:48 PM Re: Recent COMBO Update [Re: MG2009]
RickB Offline


Registered: 03/27/15
I am seeing the same issue in a 2011 27in iMac -i7 with 16GB RAM and an SSD drive. Started having issues just after installing the new DRIVE GENIUS 4. Oh Boy... Also installed a new 4TB TIME MACHINE BU DISK... THE FIRST BU NEVER COMPLETED. despite it being a thunderbolt drive..
Here is my DU list of SUID warnings, also not included in the apple SUID to ignore page..

Warning: SUID file “usr/bin/at” has been modified and will not be repaired.Warning: SUID file “usr/bin/atq” has been modified and will not be repaired.Warning: SUID file “usr/bin/atrm” has been modified and will not be repaired.Warning: SUID file “usr/bin/batch” has been modified and will not be repaired.Warning: SUID file “usr/bin/newgrp” has been modified and will not be repaired...
AND..
Warning: SUID file “System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent” has been modified and will not be repaired.Warning: SUID file “usr/lib/sa/sadc” has been modified and will not be repaired.Warning: SUID file “usr/libexec/security_authtrampoline” has been modified and will not be repaired.User differs on “private/var/db/displaypolicyd”; should be 0; user is 244.Group differs on “private/var/db/displaypolicyd”; should be 0; group is 244.Repaired “private/var/db/displaypolicyd”Warning: SUID file “usr/bin/login” has been modified and will not be repaired.Warning: SUID file “usr/libexec/authopen” has been modified and will not be repaired.

Top
#33576 - 03/28/15 08:22 PM Re: Recent COMBO Update [Re: RickB]
MG2009 Offline


Registered: 08/05/09
Here is an article which may be of some use:

http://www.macworld.com/article/1134165/ardagent.html

Read under the "What You Can Do" section.

I followed the instructions about making the ZIP file. Ran D/U. The "ARDAgent" message no longer appears in the D/U log.

Top
#33578 - 03/28/15 11:10 PM Re: Recent COMBO Update [Re: MG2009]
artie505 Online


Registered: 08/04/09
Your linked article is dated June 2008 and pertains to an issue applicable to OS X 10.4 and 10.5, so unless you're running a pretty antiquated version of OS X, it's 100% unlikely to be at all pertinent to whichever version you are running, despite the fact that following its suggestion rids you of the ARD message (for reasons you ought to be able to discern on your own).

It's a work-around fix for something that Apple took care of within OS X long ago.

(It looks to me [in OS X 10.6.8] like the file to which the article directs you, /System/Library/CoreServices/RemoteManagement/ARDAgent doesn't even exist any more, having long since been changed to System/Library/CoreServices/RemoteManagement/ARDAgent.app.)

Personally, I'd fall back on "Don't worry about it".

Edit: And if you use Apple Remote Desktop, it's probably now broken.


Edited by artie505 (03/28/15 11:16 PM)
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#33588 - 03/29/15 12:04 PM Re: Recent COMBO Update [Re: artie505]
MG2009 Offline


Registered: 08/05/09
"(It looks to me [in OS X 10.6.8] like the file to which the article directs you, /System/Library/CoreServices/RemoteManagement/ARDAgent doesn't even exist any more, having long since been changed to System/Library/CoreServices/RemoteManagement/ARDAgent.app.)"

FWIW: In my computer, that app/file was located exactly where the article said it was and I am using Yosemite 10.10

Top
#33590 - 03/29/15 12:21 PM Re: Recent COMBO Update [Re: MG2009]
artie505 Online


Registered: 08/04/09
Originally Posted By: MG2009
"(It looks to me [in OS X 10.6.8] like the file to which the article directs you, /System/Library/CoreServices/RemoteManagement/ARDAgent doesn't even exist any more, having long since been changed to System/Library/CoreServices/RemoteManagement/ARDAgent.app.)"

FWIW: In my computer, that app/file was located exactly where the article said it was and I am using Yosemite 10.10 (Emphasis added)

The article did not direct you to an app, rather it directed you to ARDAgent(Period!), while your Disk Utility warning tells that ARDAgent.app now lives at the location to which you were directed... a subtle difference, but an important one.

Edit: "app/file" is sort of an oxymoron; the two terms are mutually exclusive. An app is a folder, and if you control-click on one and select "Show Package Contents" you'll see that it displays as one.


Edited by artie505 (03/29/15 12:36 PM)
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#33593 - 03/29/15 12:51 PM Re: Recent COMBO Update [Re: artie505]
dkmarsh Offline

Moderator

Registered: 08/04/09

Originally Posted By: artie505
(It looks to me [in OS X 10.6.8] like the file to which the article directs you, /System/Library/CoreServices/RemoteManagement/ARDAgent doesn't even exist any more, having long since been changed to System/Library/CoreServices/RemoteManagement/ARDAgent.app.)

It's a moot point, given the obsolete nature of the threat, but I think the Macworld article was a little sloppy. It's ARDAgent.app on both my 10.4 and 10.5 volumes.
_________________________

dkmarsh • member, FineTunedMac Co-op Board of Directors

Top
#33594 - 03/29/15 12:59 PM Re: Recent COMBO Update [Re: dkmarsh]
artie505 Online


Registered: 08/04/09
Sloppy? To say the least! (But it doesn't change the fact that MG2009's misunderstanding needed correction.)
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#33598 - 03/29/15 02:24 PM Re: Recent COMBO Update [Re: artie505]
MG2009 Offline


Registered: 08/05/09
Not sure I misunderstood anything. But for clarification, here is what happened:

1. I ran D/U and got the following Permission Repairs message . . .

Warning: SUID file “System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent”

2. That "problem" SUID FILE did exist in my computer in the path shown above (using Yosemite 10.10)

3. I followed the directions in the article (creating the ZIP file of the app and leaving it compressed)

4. Now that "problem" SUID FILE warning no longer shows up in DU repairs log.

P.S. As far as my use of app/file is concerned . . . "app" referred to ARDAgent and "file" referred to SUID file "System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent".

Top
#33630 - 03/31/15 12:53 AM Re: Recent COMBO Update [Re: MG2009]
artie505 Online


Registered: 08/04/09
OK, let's review what really happened:
  1. Permission Repair generated a warning message that general, but not specific, wisdom said to ignore.
  2. You elected, and it was an admirable pursuit, to search for specific wisdom.
  3. Your search for specific wisdom located a 7 year old article that dealt with a long since patched security vulnerability in OS X 10.4 & 5.
  4. You elected to apply the article's "fix" (which was not a fix, but a preventive measure) to your OS X 10.10 installation.
Of course the warning message disappeared!

By compressing the app, your "fix" removed it from the OS X mix (In effect, you deleted it.), so your next Permission Repair pass didn't flag it because as far as PR was concerned, it didn't exist.

What you did was apply an irrelevant "fix" to something that, as far as anybody knows, wasn't broken, and actually broke (although, happily, not irreparably), rather than fixed, something in the process.

"Misunderstanding" may not have been an on-the-mark word, but I'm still at a loss for a better one.


Edited by artie505 (03/31/15 04:45 AM)
Edit Reason: Clarity
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#33642 - 03/31/15 09:16 AM Re: Recent COMBO Update [Re: artie505]
MG2009 Offline


Registered: 08/05/09
I realized the message in the D/U could be safely ignored from another article link in this thread, but I wanted to clear it from the list (if possible). I like things tidy. grin

Not to get bogged down on words . . . There was a message in the D/U log which is now gone. For me, THAT matter was "fixed" as far as the Repair Permissions log is concerned.

Top
#33653 - 03/31/15 01:07 PM Re: Recent COMBO Update [Re: MG2009]
artie505 Online


Registered: 08/04/09
OK, but just file away what you've done somewhere in the back of your head, so if you ever need to use Apple Remote Desktop you'll know why it doesn't work.
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top

Moderator:  alternaut, dkmarsh, joemikeb