I thought about getting that book for my iPad. Doesn't this work?

sudo chown -R username:staff /Users/username

I think the above only works with local accounts, linked with AD accounts too : http://macmule.com/2013/02/18/correct-ad-users-home-mobile-home-folder-permissions/

This is what we use in Self Service. The user (all AD accounts) can run the following, then reboot. After that all is good.

#!/bin/sh



#  correct_home_folder_ownership_and_permissions.sh

#  Correct home folder ownership and permissions

#

#  Created by Knackstedt, Greg on 12/12/12.

#  Copyright (c) 2012 Limited Brands, Inc. All rights reserved.



##########################

#       Variables        #

##########################

#Current user

CurrentUser=$(logname)





###### Paths #####

SysVol=("/Volumes/System")

UserDataVol=("/Volumes/User Data")

UsersFol=("/Volumes/System/Users")

CurrentUserHome=("$UsersFol"/"$CurrentUser")



######## Functions #########



function CorrectOwnership {

chown -Rf "$CurrentUser" "$CurrentUserHome"

}



function CorrectPermissions {

chmod -Rf 755 "$CurrentUserHome"

}



########## Script ###############

CorrectOwnership

CorrectPermissions

@gnacks - that doesn't really reset it to the correct permissions, although it WILL work. That will give everyone read access to the ~/Library/Safari folder, as one example, or the ~/Documents/Microsoft User Data/ folder as another.

What we use to set permissions to what a fresh user copied from the user template has:

cd /Users



  for i in `ls | grep -v [.]` ; do



    if [ $i == "Shared" ]; then

        chmod -R 777 /Users/"$i"

        continue;

    fi

    if [ $i == "localadmin" ]; then

        chown -R $i:staff /Users/$i

        chmod 755 /Users/$i

        chmod -R 700 /Users/$i/AG Applications/

        chmod -R 700 /Users/$i/Desktop/

        chmod -R 700 /Users/$i/Documents/

        chmod -R 700 /Users/$i/Downloads/

        chmod -R 700 /Users/$i/Library/

        chmod -R 700 /Users/$i/Movies/

        chmod -R 700 /Users/$i/Pictures/

        chmod 755 /Users/$i/Public/

        chmod -R 733 /Users/$i/Public/Drop Box/

        chmod 755 /Users/$i/Sites/

        chmod 644 /Users/$i/Sites/*

        chmod -R 755 /Users/$i/Sites/images/

        continue;

    fi



     echo "Setting $i home folder permissions 

"



    chown -R $i:"domaindomain users" /Users/$i

    chmod 755 /Users/$i

    chmod -R 700 /Users/$i/AG Applications/

    chmod -R 700 /Users/$i/Desktop/

    chmod -R 700 /Users/$i/Documents/

    chmod -R 700 /Users/$i/Downloads/

    chmod -R 700 /Users/$i/Library/

    chmod -R 700 /Users/$i/Movies/

    chmod -R 700 /Users/$i/Pictures/

    chmod 755 /Users/$i/Public/

    chmod -R 733 /Users/$i/Public/Drop Box/

    chmod 755 /Users/$i/Sites/

    chmod 644 /Users/$i/Sites/*

    chmod -R 755 /Users/$i/Sites/images/



  done

@acdesigntech Nice! Thanks for sharing Def like the idea to use the same permissions as the user template.

@McAdams Have you had any issues with that command since your original post? I gave it a try and I may use it going forward.

@bentoms Is it necessary to apply the UserDomainPrimaryGroupID recursively? When a mobile user logs in that ownership is only set to the top level of the home folder directory. Seems like it might be a security issue?

Just trying to get my head around this, everyone seems to do it differently.

Thanks!

FYI, this seems to be gone in macOS Sierra. The whole 'reset permissions and ACLs' and its underlying framework is gone. Not sure why and that leaves the question of exactly how to do this for a restored user home directory where the permissions are incorrect.

It's easy to ignore the ACL aspect of home directory permissions but you do so at your peril. ;)