Can't chmod or chown a file in TimeMachine backup directory

Solution 1:

Reading up a bit on ACLs[1] I found that I could change ownership by first removing the file ACL with the following commands:

sudo chmod -a "everyone deny write,delete,append,writeattr,writeextattr,chown" problem_group_file.png
sudo chown :staff problem_group_file.png

After that the directory could be restored from TimeMachine backup without errors. This doesn't however explain why the problem occurred in the first place.

Solution 2:

Based on seron's answer I was able to come up with the following solution:

Background

ACLs are rule based and the first rule to match is the rule that defines how a request for chown is handled. There can be more than one rule and the rules are ordered. ls -le problem_group_file.png will list all ACL rules for that file. In TimeMachine every file seems to have an ACL rule like this:

 0: group:everyone deny write,delete,append,writeattr,writeextattr,chown

That means as soon as a user who's in the group everyone tries to modify the file in any way, the ACL mechanism will prevent it.

The ACL rules are all modified via chmod's a command. The command can be used with various different modifiers (see below).

Solution

To allow chown for the admin (or for some other specifically named user) the following command can be used:

chmod +a# 0 "admin allow chown" problem_group_file.png

Afterwards (in case of admin) a sudo chown will work. The +a# 0 parameters tell chmod to insert (via +) the rule before (via # 0) the first rule. That means rule 0 will then be rule 1 and the new rule will be rule 0.

After chmod was run, it is safe (and simple) to remove this rule via: