LR Classic on macOS - default photo file & folder permissions/ACLs

  • 1
  • Question
  • Updated 5 months ago
  • (Edited)
Hi Folks!

Is there any Adobe advice on what the permissions should be for folders
containing LR Classic raws (and the photo files themselves) on macOS Mojave or later?

I'm holding off on moving to Catalina til it plays nicer with the newer versions of LR & Wacom software, so I've still got Mojave. I always presumed that Adobe's software on macOS was configured by default to run securely, so photo files imported with or folders created through LR Classic won't be given ACL settings that allow unlimited access. However, a recent thread regarding permissions on Catalina made me actually check, and I found several different ACL settings.

Import folders
My LR Classic directories are all drwxr-x--- so only the account used to install LR Classic has read/write/execute access to the folders, while any account in the same macOS group for has read/execute access.

Export folders
My LR Classic export folders – which get created by LR Classic – all have drwxr-xr-x – which seems insecure and differs from what LR Classic creates during import.

Imported raw files
However, I noticed that the photo files themselves (including any accompanying .xmp files) are typically set to -rwxrwxrwx – which is unlimited access to anyone (and potentially insecure). I use LR Classic's Copy import option, so photos are copied from SD cards to disk by LR Classic (as opposed to separately by me before using the Add import option).

Exported files
All my exported files (.jpgs) are -rw-r--r-- – which seems insecure.

External editing files
Finally, LR Classic seems to apply different default ACLs to photo files created when transferring from LR Classic to an external editor (e.g. PS). For example, my .tif files – which are only created by transferring photos from LR Classic to PS (via the Edit in ... menu option) for further editing (and, thus, are created by LR Classic) have -rw-r-----@ – which is reasonable. I don't use any other software to process my photos.



I'd have thought the following default ACLs to apply for any files/folders created by LR Classic & PS:
  • all folders – for import or export – should be drwxrwx--- as the least (or drwx------ at the most) secure permission
  • all photo files (i.e. raws, .xmp sidecars, .tif, .psd, .psb files created by LR Classic or PS) should be -rw-rw---- by default to limit access to at least the user account and group used to install LR Classic (if not -rw------- for the most secure settings).

The only official Adobe suport link I can find addressing this is for LR Classic 2015.5 (so very old software): https://helpx.adobe.com/lightroom-classic/kb/user-permissions-issues.html

This suggests that folders & files should be drwxrwx--- for folders and -rw-rw---- for photo files.

Is this still applicable for all versions of LR Classic since then?

Is the assignment of inconsistent ACLs to photo files by LR Classic in macOS expected behaviour, or a bug?

I'm using LR Classic 8.4.1 on macOS 10.14.6.

Thanks in advance for your advice!
Ed...

Photo of Edmund Gall

Edmund Gall

  • 157 Posts
  • 55 Reply Likes

Posted 5 months ago

  • 1
Photo of Jack Nilles

Jack Nilles

  • 33 Posts
  • 8 Reply Likes
Please correct me if I'm wrong. I think that files with -rw-r----- may be too secure in that no one except the owner and owner's group can read them. You need to have them world readable (-rw-r--r--) if you're sending them to a client. Intricate complexities.
Photo of Edmund Gall

Edmund Gall

  • 157 Posts
  • 55 Reply Likes
To put it in layman's terms, file permissions are not transferred with the files to clients. For example, if you download a file from the Internet the permissions that are applied to it when it lands on your disk are based on ACL settings in your computer - they are not based on the settings on the computer you downloaded from.

So, making a file on macOS world readable (i.e. readable by Others) has no effect on whether a client can open the file after it is sent to them: it only has an effect on whether that client can view the file if they connect to your computer to access it via a local user account that is not the owner of the image (i.e. your macOS login account) or part of the same macOS group as the macOS owner account...
Photo of Jack Nilles

Jack Nilles

  • 33 Posts
  • 8 Reply Likes
Thanks! It would be nice if LR/Photoshop would produce a short course on permissions as used by them.