First, a bit of background to explain what's going on: Files in OS X can have two quite different kinds of permission settings applied to them: POSIX and ACLs.
Files always (well, almost always) have POSIX permissions applied, consisting of an owner, group, and others (with some combination of read, write, and execute for each of those). There is no way to control inheritance of POSIX permissions: new items are always owned by whatever user created them, the group assignment is inherited from the folder they're in, and the access is determined by the umask (which is pretty much always: owner gets full access, group and others read only + execute for folders). So POSIX permissions won't work for what you're trying to do.
Files can also have an access control list (ACL) applied. This is a list of access control entries (ACEs), each of which applies to a user or group, specifies types of access (in great detail), whether they're being allowed or denied, and whether the ACE should also be copied to items created inside the folder. That last bit is the part that makes this useful for you; you need to create an ACE on the folder that specifies the group you want, the types of access you want, and full inheritance.
chmod on OS X can manipulate ACEs with the +a, -a, etc permissions options. If I understand what you want, you'd use this (with your group name and folder path substituted) to create the ACE:
chmod +a "group:examplegroup allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit" /path/to/folder
Note that the inheritance is not "live", i.e. it doesn't apply to items created before you assigned the ACE, and it doesn't apply to items created somewhere else and then moved into the folder. You can apply it to existing contents by using -R (
chmod -R +a ...). I don't know of a way (except Apple's server admin tools) to force inheritance to items moved into the folder.
You can check and re-assign ownership recursively over a directory tree with
olduser=<oldusername> # replace this with your old username
newuser=<newusername> # replace this with your new username
dir=<dir> # replace this with the directory you want to run through
find $dir | while read filename
owner=$(stat "$filename" | cut -d ' ' -f 5)
if [ $owner == $olduser ]
chown $newuser $filename
Sure - the
fsusagetool can show all filesystem operations live and you can sort on that path to determine what is doing the writing and back into the details.
As you mention, the system can self fix by restart and updates. I’d guess OnyX didn’t help, but we’ll need to wait to get it to recur to know for sure.
Also, that directory is where the unified logs are stored, so you could also just inspect your normal logs in console app - if you have a high volume of logs, then your growth is normal and you’d uninstall / fix / suppress whatever is generating all the volume in the logging system.
Also, most people are stunned and shocked to see how many thousands of info and debug messages get logged each and every second on a perfectly healthy mac, so don’t worry if you feel the volume is high without comparing to other computers. Maybe getting stats would be a better indicator:
So 26 million events logged on a computer over a month and it was powered off for 2 weeks this month and lightly used the other couple weeks. On a busy computer I’d see this volume every week and not worry.