External Disk Permissions and Disk Usage
A practical runbook for ownership and access problems on macOS external volumes and for interactive disk usage with dua and related CLI tools (Homebrew, Apple Silicon). Replace /Volumes/YourDrive and example UIDs (44222) with your volume path and orphaned IDs.
Install Tools
Section titled “Install Tools”# Interactive disk usage analyzerbrew install dua-cli
# eza (icons + tree listing)brew install eza
# Alternative TUI disk analyzerbrew install ncduDiagnose the Drive
Section titled “Diagnose the Drive”Before changing ownership, inspect the current state:
# List top-level files and ownerssudo /bin/ls -lhA /Volumes/YourDrive
# Filesystem type and ownership statusdiskutil info /Volumes/YourDrive | grep -E "Type|File System|Owners"
# How the volume is mountedmount | grep YourDrive
# Orphaned UIDs often show as numbers, not namessudo /bin/ls -lhA /Volumes/YourDrive | awk '{print $3}' | sort | uniq -c | sort -rnCommon owner states:
| Owner shown | Meaning |
|---|---|
yourname | Owned by your current login |
root | System metadata — usually leave as-is |
44222 | Example orphaned UID — from a deleted or migrated account |
_unknown | macOS cannot resolve the UID |
| Previous Mac username | Migration or copy from another machine |
Fix TCC / Full Disk Access
Section titled “Fix TCC / Full Disk Access”If tools report Operation not permitted (os error 1) even when using sudo, macOS is enforcing TCC, not Unix permissions. sudo does not bypass TCC.
Grant Full Disk Access to your terminal app when bulk reads (find, indexing tools) hit protected locations — otherwise commands fail regardless of UID 0.
Steps:
- Open System Settings → Privacy & Security → Full Disk Access
- Use
+and add your terminal (iTerm2, Terminal.app, Warp, and so on) - Add
/usr/bin/sudoif your workflow relies on escalation helpers TCC associates with it - Turn the entries On
- Quit fully and reopen the terminal session
Test:
/bin/ls /Volumes/YourDriveDisable Volume Ownership
Section titled “Disable Volume Ownership”External volumes often enforce POSIX ownership. That can block access until metadata is repaired or ownership behavior is relaxed for that volume:
diskutil info /Volumes/YourDrive | grep "Owners"
sudo diskutil disableOwnership /Volumes/YourDrive
diskutil info /Volumes/YourDrive | grep "Owners"# Owners: DisabledDisabling ownership is a normal choice for removable or backup disks you administer yourself.
Do not run disableOwnership on your Macintosh HD / system volume. Use this only on external volumes you intend to manage as bulk data stores.
Fix Orphaned File Ownership
Section titled “Fix Orphaned File Ownership”Identify Orphaned Files
Section titled “Identify Orphaned Files”# Files owned by a known old UID (example: 44222)sudo find /Volumes/YourDrive -user 44222 2>/dev/null | wc -l
# Paths with no valid user mappingsudo find /Volumes/YourDrive -nouser 2>/dev/null | wc -lFix Ownership — Targeted Approach (Fastest)
Section titled “Fix Ownership — Targeted Approach (Fastest)”Prefer this when ls -lhA shows a small set of top-level folders carrying bad ownership:
#!/usr/bin/env bashset -euo pipefail
VOLUME="/Volumes/YourDrive"ME="$(whoami)"
DIRS=( "data-from-old-mac" "Dropbox_archive" "Documents" "Projects")
echo "Fixing ownership as: $ME"for dir in "${DIRS[@]}"; do full_path="$VOLUME/$dir" if [ -d "$full_path" ]; then echo "Processing: $dir" sudo chown -R "$ME" "$full_path" 2>/dev/null & else echo "Skipping (not found): $dir" fidone
waitecho "Done!"Save and run:
chmod +x ~/fix_ownership.sh~/fix_ownership.shFix Ownership — Bulk Approach (Slower but Thorough)
Section titled “Fix Ownership — Bulk Approach (Slower but Thorough)”sudo find /Volumes/YourDrive -user 44222 -print0 | \ xargs -0 -P 8 -n 500 sudo chown "$(whoami)" 2>/dev/null
sudo find /Volumes/YourDrive -nouser -print0 | \ xargs -0 -P 8 -n 500 sudo chown "$(whoami)" 2>/dev/nullParallelism raises I/O load; reduce -P on slow disks.
Fix Specific Paths
Section titled “Fix Specific Paths”sudo chown "$(whoami)" /Volumes/YourDrive/SomeFile.zip
sudo chown -R "$(whoami)" "/Volumes/YourDrive/Some Folder"
sudo chown "$(whoami)" \ "/Volumes/YourDrive/file1.zip" \ "/Volumes/YourDrive/Folder Name" \ "/Volumes/YourDrive/another-file"Unlock macOS-Locked Files (If chown Still Fails)
Section titled “Unlock macOS-Locked Files (If chown Still Fails)”sudo chflags -R nouchg /Volumes/YourDrive 2>/dev/nullsudo chown -R "$(whoami)" /Volumes/YourDrive 2>/dev/nullVerify Ownership Is Clean
Section titled “Verify Ownership Is Clean”sudo find /Volumes/YourDrive -user 44222 2>/dev/null | wc -l
sudo find /Volumes/YourDrive -nouser 2>/dev/null | wc -l
/bin/ls -lhA /Volumes/YourDrive | awk '{print $3, $4, $NF}' | column -t
/bin/ls -lhA /Volumes/YourDrive/SomeFolder | grep "44222\|_unknown"Expected clean state:
| Path type | Expected owner |
|---|---|
| Your data dirs/files | Your login |
.Spotlight-V100 | root |
.fseventsd | root |
.Trashes | root |
.DocumentRevisions* | Often root |
Backups.backupdb | root (Time Machine layout) |
View Folder Sizes with dua
Section titled “View Folder Sizes with dua”A fuller dua walkthrough (install, aggregate mode, troubleshooting) lives in dua (disk usage). The following stays oriented to external volumes once access works.
Basic Usage
Section titled “Basic Usage”dua i /Volumes/YourDrive
dua i ~Keyboard Shortcuts inside dua
Section titled “Keyboard Shortcuts inside dua”| Key | Action |
|---|---|
↑ / ↓ | Move selection |
Enter | Open directory |
d | Mark for deletion |
u | Undo mark |
q | Quit |
? | Help |
Skip System Metadata Directories
Section titled “Skip System Metadata Directories”dua i /Volumes/YourDrive \ --ignore-dirs /Volumes/YourDrive/.DocumentRevisions-V100 \ --ignore-dirs /Volumes/YourDrive/.Spotlight-V100 \ --ignore-dirs /Volumes/YourDrive/.fseventsdAdjust paths if your volume uses slightly different Spotlight or revisions folder names.
Non-Interactive Output
Section titled “Non-Interactive Output”dua /Volumes/YourDriveBonus: eza Tree View
Section titled “Bonus: eza Tree View”eza lists trees with flair; combine with dua when you care about recursive directory totals:
eza --tree --long -h --level=2 /Volumes/YourDrive
eza --tree --long -h --level=2 --icons /Volumes/YourDriveRecommended Aliases for ~/.zshrc
Section titled “Recommended Aliases for ~/.zshrc”alias ls='eza --icons --group-directories-first'alias ll='eza -lhA --icons --group-directories-first'alias lt='eza --tree --icons --level=2'alias lta='eza --tree --icons --long -h --level=3'Individual file sizes in eza are not rolled-up folder sizes — use dua when choosing what to delete or archive.
Quick Folder Summary without dua
Section titled “Quick Folder Summary without dua”du -sh /Volumes/YourDrive/* 2>/dev/null | sort -rhTroubleshooting
Section titled “Troubleshooting”Operation not permitted (os error 1) Even With sudo
Section titled “Operation not permitted (os error 1) Even With sudo”TCC restriction. Configure Full Disk Access as in Fix TCC / Full Disk Access above.
chown: /Volumes/YourDrive: Operation not permitted at the Volume Root
Section titled “chown: /Volumes/YourDrive: Operation not permitted at the Volume Root”Harmless: macOS guards the synthetic mount-point; chown targets inside the volume still work.
find Is Too Slow on a Large Drive
Section titled “find Is Too Slow on a Large Drive”Use Fix Ownership — Targeted Approach (Fastest) for known folder names instead of scanning the entire tree repeatedly.
colorls or Ruby Gems Break Your Shell Prompt
Section titled “colorls or Ruby Gems Break Your Shell Prompt”Prefer eza (Homebrew-maintained C/Rust toolchain, no Rubygems requirement):
brew install ezadua Errors on .Spotlight or .DocumentRevisions
Section titled “dua Errors on .Spotlight or .DocumentRevisions”Add matching --ignore-dirs paths; those trees are indexed or versioned outside normal cleanup workflows.
_unknown Still Appears After chown
Section titled “_unknown Still Appears After chown”If ownership semantics are relaxed but Finder or ls still looks odd, re-run a -nouser sweep:
sudo find /Volumes/YourDrive -nouser -print0 | xargs -0 -P 4 sudo chown "$(whoami)" 2>/dev/nullGenerated for macOS with Homebrew; workflows were validated on Apple Silicon Macs running recent macOS versions.