edmund_gall's profile

174 Messages


3K Points

Sun, Mar 1, 2020 6:12 PM

LR Classic on macOS - default photo file & folder permissions/ACLs

Hi Folks!

Is there any Adobe advice on what the permissions should be for folders
containing LR Classic raws (and the photo files themselves) on macOS Mojave or later?

I'm holding off on moving to Catalina til it plays nicer with the newer versions of LR & Wacom software, so I've still got Mojave. I always presumed that Adobe's software on macOS was configured by default to run securely, so photo files imported with or folders created through LR Classic won't be given ACL settings that allow unlimited access. However, a recent thread regarding permissions on Catalina made me actually check, and I found several different ACL settings.

Import folders
My LR Classic directories are all drwxr-x--- so only the account used to install LR Classic has read/write/execute access to the folders, while any account in the same macOS group for has read/execute access.

Export folders
My LR Classic export folders – which get created by LR Classic – all have drwxr-xr-x – which seems insecure and differs from what LR Classic creates during import.

Imported raw files
However, I noticed that the photo files themselves (including any accompanying .xmp files) are typically set to -rwxrwxrwx – which is unlimited access to anyone (and potentially insecure). I use LR Classic's Copy import option, so photos are copied from SD cards to disk by LR Classic (as opposed to separately by me before using the Add import option).

Exported files
All my exported files (.jpgs) are -rw-r--r-- – which seems insecure.

External editing files
Finally, LR Classic seems to apply different default ACLs to photo files created when transferring from LR Classic to an external editor (e.g. PS). For example, my .tif files – which are only created by transferring photos from LR Classic to PS (via the Edit in ... menu option) for further editing (and, thus, are created by LR Classic) have -rw-r-----@ – which is reasonable. I don't use any other software to process my photos.

I'd have thought the following default ACLs to apply for any files/folders created by LR Classic & PS:
  • all folders – for import or export – should be drwxrwx--- as the least (or drwx------ at the most) secure permission
  • all photo files (i.e. raws, .xmp sidecars, .tif, .psd, .psb files created by LR Classic or PS) should be -rw-rw---- by default to limit access to at least the user account and group used to install LR Classic (if not -rw------- for the most secure settings).

The only official Adobe suport link I can find addressing this is for LR Classic 2015.5 (so very old software): https://helpx.adobe.com/lightroom-classic/kb/user-permissions-issues.html

This suggests that folders & files should be drwxrwx--- for folders and -rw-rw---- for photo files.

Is this still applicable for all versions of LR Classic since then?

Is the assignment of inconsistent ACLs to photo files by LR Classic in macOS expected behaviour, or a bug?

I'm using LR Classic 8.4.1 on macOS 10.14.6.

Thanks in advance for your advice!


34 Messages


598 Points

1 y ago

Please correct me if I'm wrong. I think that files with -rw-r----- may be too secure in that no one except the owner and owner's group can read them. You need to have them world readable (-rw-r--r--) if you're sending them to a client. Intricate complexities.