There are currently no known problems that require additional documentation.
Known Issues
TinkerTool System is a collection of system utility features helping you in performing advanced administration tasks on Apple Macintosh computers. The application makes use of a self-adapting user interface which automatically adjusts to the computer model and to the version of OS X you are running.
TinkerTools.org is the community website for the Tinker suite of molecular modeling software tools. SetACL is the driving force in countless scripts, tested and proven. It is valued by administrators and developers alike. SetACL has been downloaded more than 400,000 times. Read about SetACL’s feature set. A long list of cool stuff. Now you will probably want to download the software. This will recursively set an ACL entry which will allow staff to read/write, similar to what is on a user's Public/Drop Box folder, and the entry will be inherited by all items created in the folder. Oct 17, 2019 How to Download If you need additional technical support for transferring the software to your computer, further help is available on a detailed information page. Download TinkerTool.
Release NotesFrequently Asked QuestionsWhat is TinkerTool?
TinkerTool is an application which gives you access to additional preference settings Apple has built into macOS. This allows to activate hidden features in the operating system and in some of the applications that come with the system.
TinkerTool does not provide any features itself. Its single task is to give you an extended interface to your personal preference settings. The tool will never change anything in the operating system. For this reason, the integrity of your system is not put at risk. All settings are restricted to the user accounts that launch TinkerTool. If you have multiple user accounts on your computer, settings of different users will not affect each other.
The feature set of macOS varies greatly between different operating system versions. For this reason, TinkerTool must automatically adapt to the system it is running on. The settings available in each system version are listed at the official web page.
When you detect a preference setting that causes a compatibility problem with a third-party application, you can simply reset this or all preferences to their previous values.
Can I have a manual for TinkerTool?
There is no documentation other than this English FAQ list. Because TinkerTool doesn't provide any features, there is not much that could be documented. The tool has a single function: If you click on setting “X”, TinkerTool will change your personal preference setting “X”. Apple may change the meaning of setting “X” any time at their own discretion, so we have absolutely no influence on the effects each setting may achieve.
What version of TinkerTool should I use for which version of macOS, OS X, or Mac OS X?
Versions of TinkerTool are not directly related to versions of macOS. TinkerTool uses unique technology to automatically adapt its user interface to the operating system version you are currently running. However, in order not to overload TinkerTool with dozens of styles for all the different generations of macOS and to be able to support the latest interface features of the OS, there are currently five different applications in the TinkerTool series, designed for five basic product generations of macOS:
Could you please add feature “X” to TinkerTool?
In most cases, the answer is no. TinkerTool does not provide any features, so it cannot add any. The features you are seeing are provided by macOS and controlled by Apple. TinkerTool is only a helper application to activate them.
![]()
However, if you know an additional built-in preference setting neither accessible in System Preferences nor in TinkerTool, suggestions are welcome. Note that we sometimes have to deny integration of a preference setting because the setting may have a negative effect on some applications (which is the reason why Apple did not make access to this setting publicly available).
Do I need to restart the computer for changes to take effect?
No, this is never necessary. For many applications, it is sufficient to quit and relaunch the respective programs. In all other cases, it is sufficient to log out and log in for changes to take effect.
Are there unexpected issues when disabling the Finder animations for opening Desktop icons?
Yes, there is one specific interaction with the Finder where a missing animation for opening a Desktop icon may show an unusual result: When you drag a Finder tab to the Desktop, the Finder expects that it can always show an animation to convert the dragged miniature tab into a Finder window. If that animation is switched off, the icon for the miniature tab will just stay on the Desktop, behind the new window. It will automatically disappear the next time the Finder is restarted.
Are there alternative ways to restart the Finder?
Yes, in up-to-date versions of macOS, you can hold down the option (alt) key while right-clicking the Finder icon in the Dock. An item to restart the Finder will be displayed in the context menu.
I have heard I should see .DS_Store files in many folders when I switch on the Finder's “Show all files“ option. Where are they?
The Finder puts a .DS_Store file in each folder you have opened. These files are used to save the positions of icons, the size of the respective Finder window, the window's background, and many more view options. While older versions of the Finder indeed displayed .DS_Store files after you enabled its option Show hidden and system files in TinkerTool, this will no longer happen with macOS 10.14 Mojave or later. The .DS_Store files and some other types of internal data, such as the so-called AppleDouble files (sometimes named ”dot underscore” files, because they have names beginning with the pattern ”._”) are generally considered hidden by the Finder, even if you set the preference to show all files. You will need a different file viewer or the macOS Terminal to see Desktop Services Store or AppleDouble files.
Can I use TinkerTool to change fonts in macOS?
No, this has never been a feature of TinkerTool and this would not be a good idea. Applications such as word processing or layout programs would become unusable if TinkerTool would somehow force them to replace given fonts with other fonts.
The pane “Fonts” is designed to change your personal preferred defaults for fonts. Applications designed in a user-friendly way won't request pre-specified fonts for controls in their user interface, they will ask macOS for the preferred default font settings for nine particular font categories instead. For example, an application displaying a fixed-pitch font for a specific text view in a window will not send the request to macOS to use the font “Menlo Regular 11 pt” for this text display. Instead, it will ask macOS to fetch the font the user is currently preferring for fixed-pitch use cases. This can be any font of your choice, currently set for the category Fixed-pitch in TinkerTool. The developers of applications determine for each single use of typographic output if they like to use a specific font, “hard-wired” in the application, or if they like to use a generic font, oriented at the user's personal preferences.
Can I use the default font settings to increase the size of fonts?
Yes and no. You can specify a larger font as your preferred default font for a certain usage category, as explained in the previous section. However, this might not be a good idea for certain applications, because you risk that texts will be clipped by surrounding elements, like boxes, buttons, etc. when they are rendered with larger sizes. Parts of the user interface could become unreadable.
The appropriate way to increase the size of fonts is to enlarge all parts of the user interface. This is possible by modifying the rendering resolution of the interface which is normally fixed at 72 pixels per inch. Such changes cannot be controlled by simple user preferences. For this reason, this cannot be part of TinkerTool. If you don't use a Mac with a Retina screen, you might be able to control the overall screen scaling factor by our alternative application TinkerTool System 6. Please see its official web page for more information.
When specifying preferred fonts, can I use color, shadow, or other effect settings?
No, macOS does not allow this. Although it is possible to control shadows and similar options via the system's font panel, only font types and font sizes will actually be set. All other settings you can establish for fonts will be ignored.
Can I specify typefaces for all font categories?
Preferred font sizes can be specified for all 8 font categories defined by Apple. The option to also set preferred typefaces, however, is not applicable to all font categories. In the technical specifications of macOS, Apple only defines the two use categories Application Font and Fixed-pitch Font as being user-customizable.
Can I specify font defaults for menus and the menu bar?
No, the menu-bar is a component taken over from the classic Mac OS. The predecessor of macOS, NeXT OPENSTEP for Mach, did not use a menu bar. For this reason, macOS never contained a feature to specify preferences for the fonts used in menus.
The controls on the Safari pane are blocked. How can I use them?Tinkertoy Classic
As of macOS 10.14, all data of Safari are protected by the operating system so that other applications cannot change them. This includes the preference settings. In order to work with Safari's preference settings in TinkerTool, you'll have to give your approval to do so:
Why are options for Mail, Safari, or Time Machine on other panes disabled?
The reason is the same as the one mentioned in the previous answer: These applications are critical for your privacy, so they are protected by macOS. You can only work with their preference settings after you have given your explicit approval that TinkerTool can do so. Just follow the instructions given in the preceding paragraph.
Notifications in Notification Center show black text on dark background after I have enabled the Appearance setting “Restrict dark mode to menu bar and Dock“. Can I change the notifications to white text?
Unfortunately no. The Notification Center of macOS is a peculiar mix of different applications that take their appearance settings from different components of the operating system. Unfortunately, Apple did not consider that different parts of the OS could run with different appearance preferences. For this reason, elements of Notification Center may combine colors in an inappropriate way in that case. At the moment, Apple does not provide a solution for this issue.
What is the difference between TinkerTool and TinkerTool System?
The applications share a similar user interface and internal technologies. However, the features and target audience of the applications are very different: TinkerTool is a utility that allows you to set personal preference settings Apple has built into macOS. TinkerTool is not capable of changing any system settings or other settings that may affect more than your private user account. For this reason, you don't need administrative permission to use TinkerTool. The tool can be used in professional networks where you have limited access, for example students working with the campus network.
TinkerTool System on the other hand is directed to system administrators, consultants or experienced users that need to change and optimize operating system settings. This will affect all users that share a computer. Only user accounts with administrative permission can use TinkerTool System, macOS does not allow access by standard users.
The tools do not share any duplicate settings or features. They complement one another, to have the full feature set you'll need both applications. It is not planned to offer the system tool in other languages than English and German.
How can I remove TinkerTool?
Just drag the application to the trash. Because TinkerTool doesn't install or change anything in the operating system, that's all. You might consider resetting macOS's preferences you have changed via TinkerTool to the pre-installation state before removing the tool. (See the next item.)
I used TinkerTool for a while, then I deleted it. But all of its settings are still effective, what should I do?
As mentioned above, TinkerTool just changes user preference settings of macOS. Applications will respect their settings no matter if TinkerTool is on your disk or not. If you want to reset your configuration, just open the Reset pane in TinkerTool, choose one of the reset buttons, log out and log in.
Why did Apple include so many hidden features in macOS?
Of course we cannot officially speak for Apple, but there are several reasons why some built-in preference settings of macOS are usually kept under the hood:
This list of reasons is not necessarily complete. The strategy of hiding built-in features is not unusual, you can see the same on other operating systems as well. For example, Microsoft® had a tool called Microsoft PowerToys (formerly called Tweak UI) which did a similar job on MS-Windows® XP as TinkerTool does on macOS.
The Pane ACL PermissionsIntroduction to Permissions
Every file and every folder accessed by your computer is associated with a specific set of rights that define which users are allowed to perform what operations with these objects, e.g. reading the contents of a file, or removing a file from a folder. This set of rights associated with a file system object is called permissions. macOS uses the classic permissions found on every UNIX system, the so-called POSIX Permissions, an extended set of permission-like markers, called Special Permissions, and an advanced set of right definitions used by Microsoft® Windows, most modern UNIX systems, and many other operating systems, the Access Control Lists, abbreviated ACLs. ACLs are also called POSIX.1e permissions, because they behave very similar to a draft document called POSIX.1e which was planned to become an industry-wide standard for permissions one day. However, the 1e documents have been officially withdrawn for various reasons, so actually no standard exists by that name. The 1e draft contained very good ideas, however, so permissions very similar to the intentions of 1e exist in most operating systems today. But you should keep in mind that the exact meaning of ACL permissions may differ slightly between different OS vendors.
POSIX Permissions
The minimum set of permission definitions used in all UNIX systems and many other operating systems which are compliant to the POSIX standard (IEEE 1003) is based on three predefined “parties” for which rights can be granted:
Apple identifies the third category by the term everyone. Unfortunately, this term is incorrect, because this category does explicitly not include the owner or any member of the primary group. If you grant or deny a right for “everyone” via the Finder, those users won’t be included, which is not really what the word everyone suggests. For this reason, TinkerTool System uses the correct term other only.
For each of the three categories, the following permissions can be granted:
If one of these rights is not explicitly granted for a user, this will mean that the user doesn’t have permission to access. The right is denied, although there is no possibility to explicitly define denials in this model.
By default, most applications create files with the following permission settings:
Applications can grant less rights for specific files if they have been programmed to do so. For example, an e-mail application is designed to “know” that a new mail folder should be kept confidential, so it won’t grant any group and other permissions when creating it. Only the owner should have read/write permission in this case.
Additional Permission Markers
macOS supports some other special permission settings. They can be found on most other UNIX systems as well.
Access Control ListsIntroduction to Access Control Lists
Access Control Lists, or, in short, ACLs, are a supplement to the existing POSIX permissions, so you don’t necessarily need to use ACLs. The conventional rules for access rights outlined above still apply, but some optional new rules can be added.
Technically seen, an ACL is a list of individual rights which can be attached to a file system object. The ACL can either be empty — in this case, the conventional POSIX permissions apply only —, or it can contain one or more objects called Access Control Entries (ACEs). An Access Control Entry includes the following information:
ACL Rights
ACLs allow the definition of 13 different rights to access a file-system object:
These rights can be joined in any possible combination.
ACL Inheritance Settings
Each Access Control Entry is allowed to contain additional information that specifies how this entry is inherited to objects located at deeper levels in the file system hierarchy, for example, a file in a folder which is enclosed in another folder. The top folder may have an ACL which is automatically inherited to objects inside this folder.
Inheritance operations take only place in the moment when new objects are created. For example, when a file B is created in a folder A, the file B will inherit ACEs from A only at that time. When somebody changes the permissions of B later, the system will not automatically reinforce a new inheritance operation from A to B. Also, a change in the ACEs of folder A won’t be “re-inherited” to the already existing object B.
There are four different settings which control how ACE permissions should be inherited from a certain folder onto the objects that will later be created in that folder. The settings basically control how “deep” the inheritance should take effect.
There are 16 possible combinations of these four settings, but only 12 of them really make sense in practice.
Inherited and Explicit Entries
Because ACE settings can be inherited from folders to the objects they contain, the system has to keep track which ACEs in an ACL are inherited and which are not. Only ACEs which are not inherited can be changed. Non-inherited entries are called explicit. To change an inherited entry, it is either necessary to change the entry at the parent level (where this inherited entry came from), or to delete the ACL for this object (hereby breaking the inheritance), replacing the inherited entries by explicit entries.
The Evaluation Rules for Access Control Entries
As mentioned before, an Access Control List consists of several Access Control Entries. Certain rules define how macOS evaluates the entries when a specific user wants to access an object in the file system. Note that ACEs could contradict each other. For example, if user A is allowed to access the file B, but user A is also member of a user group which is denied access to file B, we have a contradiction which must be resolved. The following rules apply:
Important Recommendations
Access Control Lists are a powerful tool to define specific rights at a low level of granularity. However, you should keep in mind that ACLs are also very complex.
There are 13 different permissions which can be granted or denied, and 12 possible ways to define inheritance. This results in a total of 2^13 * 12 = 98,304 different concepts of access rights you can define.
Each of these nearly 100,000 different access rights can be applied to a user or a user group to form an ACE, and a nearly unlimited number of ACEs can be combined into an ACL. Each file or folder in your system can be attached to a different ACL, so maintaining all these entries can easily become a nightmare. For this reason you should define ACL permissions with greatest care only.
File Systems Supporting ACLs
Access Control Lists can only be used on file systems which are capable of storing them. macOS allows using ACLs when working with the following types of file systems, under the prerequisite that the computers hosting these file systems are using an operating system version generally capable of handling ACLs:
Other file systems, e.g. disk volumes formatted using UFS, FAT, VFAT, FAT32, ExFAT, NTFS, or ZFS, and network volumes accessed via NFSv2, NFSv3, FTP, or WebDAV cannot support Access Control Lists. Not supporting ACLs over a file server connection means that the client computer cannot “see” or modify ACLs stored on the server. However, if the file server is capable of using ACLs, it will still respect them, no matter if the accessing computer may notice this or not.
Show or Set PermissionsDisplaying Permissions
TinkerTool System can display the full set of POSIX and ACL permissions which are currently set for a specific file or folder. The settings are displayed in a clear table, sorted by the same order in which evaluation of effective rights takes place. The table can also be used to change permission settings.
The Finder of macOS is not capable of displaying the “true” permission settings of a file system object. Due to several design flaws, the section Sharing & Permissions in the Get Info panel of the Finder may show a very simplified or even wrong summary of the permission settings. TinkerTool System, however, will display the true settings, as they are defined and stored by the core operating system. For this reason, some permission details shown can differ between the two applications. In such a case you should not trust the display of the Finder.
![]()
To display or change the current permission settings of a file system object, perform the following steps:
Header lines in the table show which rights are ACEs of an ACL, and which are based on the conventional POSIX settings. The columns specify the following information:
If a permission is being displayed as Custom, it will indicate that the rights cannot be described by simple terms, like read only. Remember that there are 98,304 different concepts of permissions which can be defined by combining ACL rights. To see the 13 detail rights and 4 inheritance settings (for folders) exactly, double-click a line of the table. Alternatively, you can click on the button with the pencil icon directly below the table.
In cases where ACLs or even permissions in general are not supported for the selected object, a red warning will appear below the File or folder box, together with a question mark help button. You can click the button to get detailed information why there could be issues when reviewing or editing permissions on the affected volume.
There can never be any file system object without permission settings, so macOS will automatically convert rights of other systems to “plausible” permissions for the local system if this should be necessary, or it will completely synthesize artificial settings which aren’t actually stored on the volume. TinkerTool System will show you the effective settings as macOS is simulating them for your current user account in such a case, but you should keep in mind that processes running for other users may receive different settings. It is also possible to edit and save such artificial permissions, but macOS will “re-translate” them back to the affected volume when applying them, so the results may not always be what you expect. We don’t recommend to apply new permission settings in cases where TinkerTool System shows a support warning.
Changing permissions
After you have chosen an item and TinkerTool System is displaying its permission settings in the table, every aspect of the settings can be changed. After you have made all desired changes, you can click the button Apply in the lower right corner to save the current settings. The button Revert will discard all changes you have made and TinkerTool System will go back to the original settings currently stored for the object in question.
If you like to modify the Type of an entry, or want to change one of the Permission concepts to one of the simple standard terms, you can do so by using the pop-up buttons in the table.
To change user or group of an entry, perform the following steps:
The entry type and the detail rights can be changed in the same fashion. Note that the detail sheet is grouping the rights and inheritance settings into four categories. You can enable or disable all rights in a category by setting or removing the check mark in the respective group header. Enabling all rights of an ACE is also possible by selecting the item Full Control in the Permission pop-up. The inheritance settings will be set to appropriate defaults in this case.
To add an ACE, click the button [+] below the table. To remove one or more ACEs, use the [—] button. To reorder an ACL, drag a line in the ACE section of the table and drop it at its intended new position. Note that objects always have well-defined POSIX permissions and that POSIX permissions are always evaluated in the predefined user-group-others order, so it won’t be possible to remove or reorder one of the lines below the POSIX headline.
Selecting users and groups
You may have to select a user or group account when making changes to access rights. TinkerTool System uses several dialog panels and sheets in this context which allow you to easily choose an entry from the list of all accounts available on your computer.
In large organizations, the list of available accounts can be very long. In some cases, it might not be stored on your local computer alone, but also on other computers (directory servers) in your network which need to be contacted. For efficiency, TinkerTool System may not show the complete list of accounts when you open a user or group dialog for the first time. The list can be restricted to accounts which have already been used somewhere in the operating system since the computer was started. In order to retrieve the full account list, click the button Fetch all entries in the lower left corner of the window. This makes sure the list of users or groups is complete.
Fetching all entries may take a considerable time, especially in environments with directory servers.
Additional Operations
Additional operations can be performed by selecting one of the items in the pull-down menu Operations at the bottom of the window. The operations vary depending on whether you have selected a file or a folder.
If you have selected a folder, you can:
There is an additional option when propagating Access Control Lists: It is either possible to copy the existing Access Control List from the top folder to the entire hierarchy as it is, or to let TinkerTool System simulate inheritance in retrospect. In the latter case, the inheritance attributes of the top folder may cause the results to be different. For example, if the top folder does not have the option apply to all subfolder levels enabled for a particular ACE, inheritance of that ACE will stop at the first level.
Another option controls how TinkerTool System should handle objects which have the attribute “locked” set. The default behavior of macOS is to stop the propagation, cancelling the running operation with an error when such an object is found, because macOS does not permit that a permission setting of a locked object is changed. The policy to stop the operation makes sure there won’t be any undetected security problems that could arise when the access rights for a locked object remain unchanged unexpectedly. However, you may like to ignore such cases, simply continuing the operation silently, which was the behavior of old versions of macOS Server.
When propagating permissions in folders containing symbolic links, the program will operate on the links themselves. The objects referred by the links will remain unchanged. Folders referred by a link won’t be traversed. Access Control Lists won’t be propagated to symbolic links because macOS does not support this.
If you like to ensure that no object is omitted during propagation of permissions, it is recommended to remove all protection attributes prior to the propagation. This can be done with the feature Protection on the Files pane.
A propagation is automatically limited to the volume where the top folder is located.
If you have selected a file, you can:
With exception of the propagation feature, the operations will modify the permissions table first, not the actual settings on disk. The changes will take effect after clicking the Apply button.
Effective Permissions
The combination of several Access Control Entries and the POSIX permissions can make it difficult to estimate how the final rights for a certain user will be. TinkerTool System can compute and display the effective permissions of a user. This feature is helpful if you don’t have much experience with permission settings yet. To display effective permissions, perform the following steps:
Tinkertool Acl TearSpecial Permissions
The set of POSIX permissions contains three special settings, named SUID, GUID, and sticky. For their individual meanings, please see the introductory sections earlier in this chapter. TinkerTool System can display and change any of the three settings. Perform the following steps:
Warning: As mentioned in the introduction, setting the SUID or GUID markers may cause very serious security problems affecting the whole operating system. It should never be necessary to set the SUID/GUID markers for programs when their installers have not set the flags already. Removing flags can cause the affected programs to malfunction. You should not use this feature if you don’t know exactly what you are doing.
Finding internal identifications of user and group accounts
Each user and group account is a record maintained by macOS to hold the data of individuals who have permission to access certain information. Depending on circumstances, the operating system can use different representations to identify each account:
If you specify one of these four identifications, TinkerTool System can help you to find the remaining three items for you. This can be helpful, for example, when the operating system refers to “an issue with user 502” in an internal log message and you need to find out which user account is actually affected.
A matching identification can sometimes be used for both a user and a group, even if they are completely different objects, so you also need to specify which type of account you are searching for. This is not necessary for UUIDs however, because they are always unique. Accounts may not only be stored on your Mac, but your network may keep one or more databases for accounts which are valid for all computers of the network. A server which hosts such a central account database provides a so-called directory service.
Tinkertool Acl Pain
The result of the search will be shown in the box Result.
Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2020
Categories |