Mac OS X 10.7 Lion sets, finds, corrects insecure folder permissionsMac OS X 10.7 Lion makes system wide changes to standard folder ownership and permissions to enhance security, finding and recommending changes where necessary.
Apple reportedly informed developers that a number of folders in the System and Local file system domains would be changing their default permissions in Lion. This includes many system and Library folders moving from 775 (writable by the admin group) to 755 (writable only by root). This change prevents modification of core system files without authenticating as the root user.
The only remaining local Library folders that will support admin group writing include Caches, Fonts, Java, QuickTimeStreaming, Receipts and Tomcat; all others require root access to modify.
A developer reports to AppleInsider that this changes the required permissions on installed printer queues, but that the system handles this by simply noting after installation that a correction is needed. Once the user approves of the change, the system adjusts the permissions as it records the issue in the CUPS error log (below).
Another Mac OS X Lion, feature related to Auto Save (described earlier in our report on Auto Save, Versions and Time Machine), is also getting a new setting in System Preferences.
Under the Appearance pane, a new option to lock Auto Save documents after a specific time interval has been added in Lion DP2. The previous setting was to default at two weeks, with no option to turn the lock feature off.