I wanted to share my root file system and in Server.app I set up / as a share. Unfortunately it wrote ACLs across the system that have caused a lot of various problems.
sudo chmod -RN /* has resolved most of the issues, but there are still some permission issues on 10.12.2.
sudo /Applications/OnyX.app/Contents/Resources/repair_packages --repair --standard-pkgs --volume / is still reporting a few folders as still having ACLs that it can't repair with repeated executions, example:
ACL missing on 'System/Library/User Template/ro.lproj/Library'.
Repaired "System/Library/User Template/ro.lproj/Library".
ACL missing on 'System/Library/User Template/ro.lproj/Public'.
Repaired "System/Library/User Template/ro.lproj/Public".
ACL missing on 'private/etc/pam.d'.
Repaired "private/etc/pam.d".
ACL missing on 'private/etc/ssh'.
Repaired "private/etc/ssh".
ACL missing on 'System/Library/User Template/Dutch.lproj/Desktop'.
Repaired "System/Library/User Template/Dutch.lproj/Desktop".
ACL missing on 'System/Library/User Template/Dutch.lproj/Library'.
Repaired "System/Library/User Template/Dutch.lproj/Library".
ACL missing on 'System/Library/User Template/Dutch.lproj/Library/Application Support'.
…
It seems that I'm going to need to issue some other commands to remove the new ACL accident. What other commands and / or options exist to reset everything back to a pristine state and thus allow repair_packages to execute and repair permissions properly?
Following the above, I then managed to execute:
sudo chflags -R nouchg,nouappnd /System/Library/User\ Template/
…and that seems to have resolved most of the issues now at least in that folder, but when I execute it on the remaining folders I still don't see any help. Example, here are the ones that are remaining unprepared:
ACL found but not expected on 'installer.failurerequests'.
Repaired "installer.failurerequests".
ACL found but not expected on 'private/etc/aliases'.
Repaired "private/etc/aliases".
ACL found but not expected on 'private/etc/localtime'.
Repaired "private/etc/localtime".
ACL found but not expected on 'private/etc/resolv.conf'.
Repaired "private/etc/resolv.conf".
Best Answer
Everything is fine and the ACL repair is working as it should. Take the first two lines of the output:
The first line is logged when an incorrect ACL has been found. The second line is logged when the repair is a success. If the ACL couldn't be repaired, this second line would say something different. Everything is good!