Terminal Permissions

Similar Messages

• What's with the @ symbol in permissions

  I don't recall seeing anything like this in pre-Leopard systems. After the upgrade to Leopard, many of my Terminal permissions listings now include the @ symbol at the end, as in drwxr-xr-x@. I'm not concerned or anything, just curious as to its meaning and any significance related to the new OS.
  Thanks,
  Greg

  Actually, "+" indicates the richer permission model (also known as ACLs).
  The "@" sign -- which is not documented in the manual page for ls(1) -- indicates that the file has extended attributes. You can use the command 'xattr -l <filename>' to show them. It seems that a lot of Finder information, which ought to be stored in the catalog, is now in extended attributes. (Hmmm, or maybe it's actually still in the catalog file and just being exposed as extended attributes, which would make a lot of sense.)

• [SOLVED] How to disable "No mail." message upon login?

  This one's really stumping me. I disable the mail message a few months ago by creating a .hushlogin file in my home directory. That did the trick. Now, I am seeing the message again, and I don't know why. .hushlogin still exists in my home directory. Here's my /etc/login.defs:
  # /etc/login.defs - Configuration control definitions for the login package.
  # Three items must be defined: MAIL_DIR, ENV_SUPATH, and ENV_PATH.
  # If unspecified, some arbitrary (and possibly incorrect) value will
  # be assumed. All other items are optional - if not specified then
  # the described action or option will be inhibited.
  # Comment lines (lines beginning with "#") and blank lines are ignored.
  # Modified for Linux. --marekm
  # Delay in seconds before being allowed another attempt after a login failure
  FAIL_DELAY 3
  # Enable display of unknown usernames when login failures are recorded.
  LOG_UNKFAIL_ENAB no
  # Enable logging of successful logins
  LOG_OK_LOGINS no
  # Enable "syslog" logging of su activity - in addition to sulog file logging.
  # SYSLOG_SG_ENAB does the same for newgrp and sg.
  SYSLOG_SU_ENAB yes
  SYSLOG_SG_ENAB yes
  # If defined, either full pathname of a file containing device names or
  # a ":" delimited list of device names. Root logins will be allowed only
  # upon these devices.
  CONSOLE /etc/securetty
  #CONSOLE console:tty01:tty02:tty03:tty04
  # If defined, all su activity is logged to this file.
  #SULOG_FILE /var/log/sulog
  # If defined, file which maps tty line to TERM environment parameter.
  # Each line of the file is in a format something like "vt100 tty01".
  #TTYTYPE_FILE /etc/ttytype
  # If defined, the command name to display when running "su -". For
  # example, if this is defined as "su" then a "ps" will display the
  # command is "-su". If not defined, then "ps" would display the
  # name of the shell actually being run, e.g. something like "-sh".
  SU_NAME su
  # *REQUIRED*
  # Directory where mailboxes reside, _or_ name of file, relative to the
  # home directory. If you _do_ define both, MAIL_DIR takes precedence.
  # QMAIL_DIR is for Qmail
  #QMAIL_DIR Maildir
  MAIL_DIR /var/spool/mail
  # If defined, file which inhibits all the usual chatter during the login
  # sequence. If a full pathname, then hushed mode will be enabled if the
  # user's name or shell are found in the file. If not a full pathname, then
  # hushed mode will be enabled if the file exists in the user's home directory.
  HUSHLOGIN_FILE .hushlogin
  #HUSHLOGIN_FILE /etc/hushlogins
  # *REQUIRED* The default PATH settings, for superuser and normal users.
  # (they are minimal, add the rest in the shell startup files)
  ENV_SUPATH PATH=/sbin:/bin:/usr/sbin:/usr/bin
  ENV_PATH PATH=/bin:/usr/bin
  # Terminal permissions
  # TTYGROUP Login tty will be assigned this group ownership.
  # TTYPERM Login tty will be set to this permission.
  # If you have a "write" program which is "setgid" to a special group
  # which owns the terminals, define TTYGROUP to the group number and
  # TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign
  # TTYPERM to either 622 or 600.
  TTYGROUP tty
  TTYPERM 0600
  # Login configuration initializations:
  # ERASECHAR Terminal ERASE character ('\010' = backspace).
  # KILLCHAR Terminal KILL character ('\025' = CTRL/U).
  # UMASK Default "umask" value.
  # The ERASECHAR and KILLCHAR are used only on System V machines.
  # The ULIMIT is used only if the system supports it.
  # (now it works with setrlimit too; ulimit is in 512-byte units)
  # Prefix these values with "0" to get octal, "0x" to get hexadecimal.
  ERASECHAR 0177
  KILLCHAR 025
  UMASK 077
  # Password aging controls:
  # PASS_MAX_DAYS Maximum number of days a password may be used.
  # PASS_MIN_DAYS Minimum number of days allowed between password changes.
  # PASS_WARN_AGE Number of days warning given before a password expires.
  PASS_MAX_DAYS 99999
  PASS_MIN_DAYS 0
  PASS_WARN_AGE 7
  # Min/max values for automatic uid selection in useradd
  UID_MIN 1000
  UID_MAX 60000
  # System accounts
  SYS_UID_MIN 500
  SYS_UID_MAX 999
  # Min/max values for automatic gid selection in groupadd
  GID_MIN 1000
  GID_MAX 60000
  # System accounts
  SYS_GID_MIN 500
  SYS_GID_MAX 999
  # Max number of login retries if password is bad
  LOGIN_RETRIES 5
  # Max time in seconds for login
  LOGIN_TIMEOUT 60
  # Which fields may be changed by regular users using chfn - use
  # any combination of letters "frwh" (full name, room number, work
  # phone, home phone). If not defined, no changes are allowed.
  # For backward compatibility, "yes" = "rwh" and "no" = "frwh".
  CHFN_RESTRICT rwh
  # List of groups to add to the user's supplementary group set
  # when logging in on the console (as determined by the CONSOLE
  # setting). Default is none.
  # Use with caution - it is possible for users to gain permanent
  # access to these groups, even when not logged in on the console.
  # How to do it is left as an exercise for the reader...
  #CONSOLE_GROUPS floppy:audio:cdrom
  # Should login be allowed if we can't cd to the home directory?
  # Default in no.
  DEFAULT_HOME yes
  # If defined, this command is run when removing a user.
  # It should remove any at/cron/print jobs etc. owned by
  # the user to be removed (passed as the first argument).
  #USERDEL_CMD /usr/sbin/userdel_local
  # Enable setting of the umask group bits to be the same as owner bits
  # (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid is
  # the same as gid, and username is the same as the primary group name.
  # This also enables userdel to remove user groups if no members exist.
  USERGROUPS_ENAB yes
  Please help.
  Last edited by nbtrap (2012-07-14 21:59:46)

  orbisvicis wrote:see "pam_mail.so" in /etc/pam.d/* and "man pam_mail". You most likely need the nopen argument.
  Thank you. I fixed it by changing a line in /etc/pam.d/system-login. Specifically, I changed
  session optional pam_mail.so dir=/var/spool/mail standard
  to
  session optional pam_mail.so dir=/var/spool/mail nopen

• 10.5.5 sets external volume to read-only

  Bizarre.
  I have 4 external volumes (2 FW800, 2 USB 2.0) and one of the volumes suddenly shifted to read-only status after updating to 10.5.5 this afternoon. At least, that's the error message I get when I try to touch a file anywhere on the volume.
  Problem started when I tried to open iTunes and got the error message "The folder 'Music' is on a locked disk or you do not have write permissions for this folder." Get Info indicates that this user account does, in fact, have Read & Write permissions. Group and Other permissions are set to Read Only. Get Info does not allow me to select the lock to make changes, however, but nor is the "Locked" checkbox selected.
  In Terminal, permissions for Volume "Little Brother" are indicated as:
  drwxrwxr-x 11 <adminuser> staff 442 Aug 13 13:11 Little Brother
  The Music folder in question appears to have the appropriate permissions as well:
  drwxr-xr-x 14 <adminuser> staff 476 Sep 18 11:17 Music
  Aside from the 10.5.5 update there have been no changes to the filesystem, and no files written to this drive.
  I can touch files on each volume except for "Little Brother". Aside from chmodding the **** thing, does anyone have any recommendations for what I can do?
  Thanks.

  I think Ill just keep responding to this, every time Apple issues an update (patch) that causes the problem to resurface. I have contacted tech support. And they tell me they no nothing about this and have never heard about it. Then I tell them to check my support records. The issue is well documented there and goes back for many, many months.
  So, today I came home to find that apparently my software update utility (which is set to NOT update the software) has updated my software. My brand new Western Digital external 2TB disk is off line and my Time Machine drive (1.5TB Maxtor) now appears to be completely after being kicked from the USB ever friggin time there is a software patch.
  I'm trying one last time to recover following the procedure above - but once again I am running the procedure above against my 2TB user disk - so hopefully in 8 or 12 hours Ill know something. Thanks again to all the Windows developers who are now obviously working at Apple.

• Cloning Time Machine using Disk Utility

  I understand this is possible, and I have been largely following instructions on pondini.org (great resoruce for a lot of Time Machine related issues) at this link:
  http://pondini.org/OSX/DU7.html
  What I want to do is transfer my current set of Time Machine backups (let's say Drive1) to a different drive (Drive2) and reuse the original drive as a new Time Machine from scratch.
  So what I have been doing is this:
  Repartition the destination drive, Drive2, so it is GUID and then checking OFF "ignore ownership" under the get info window.
  Opening Disk Utility and selecting Drive1, and clicking the RESTORE tab.
  Dragging the VOLUME for Drive1 into the source box.
  Dragging the VOLUME for Drive2 into the destination box.
  Go.
  Everything actually seems fine (well, teh destination drive is slightly less occupied, but maybe that has to do wit .fsevents stores, and indexing) - I'm able to browse other Time Machine files and report to the new Drive2 to see in the Time Machine interface.
  HOWEVER, my issue is this:
  The permissions appears to be all wrong for the new clone on Drive2.
  On Drive1, the proper Time Machine drive, using 'get info' on files on the drive, the listed users and permissions are correct, for example, the listed users are system (read & write), staff (read only) etc, and in terminal, permissions are under root, wheel, etc as I assume they need to be.
  However, on the new Time Machine clone, Drive2, the permissions on all files all list my username (read & write) and staff(read & write). In addition, properties of the volume differ from the source, including things like whether ownership is enabled, or if permissions are repairable (get info in Disk utility pane - yes I understand that in Disk Utility, it used to say 'no' on drives when it sometimes meant yes, but this seems to be rectified in Mavericks).
  In other words, it looks like the cloned volume belongs to my user.
  Now is this all normal? If I were to associate the new Time Machine clone, Drive2 as my TM drive, would it fix this? Would restores from this Drive2, where all the permissions for my user are enabled would restore incorrectly to a new machine? It probably means I can restore individual user files, but would the system be broken?
  Otherwise, did I not do the procedure correctly? Was I supposed to NOT check off 'ignore ownership' on the destination drive? (I'm assuming it doesn't matter as teh clone would inheret properties from teh source). Was I NOT supposed to clone VOLUMES, but use DISKs instead?
  Or was I supposed to use Disk Utility not as my user, but from the Recovery HD or something?
  I'm running 10.9, but a similar procedure I did under 10.8 has the same outcome.
  Any help or insight would be appreciated.

  mrkgoo wrote:
  I understand this is possible, and I have been largely following instructions on pondini.org (great resoruce for a lot of Time Machine related issues) at this link:
  http://pondini.org/OSX/DU7.html
  What I want to do is transfer my current set of Time Machine backups (let's say Drive1) to a different drive (Drive2) and reuse the original drive as a new Time Machine from scratch.
  Please following these instructions from Apple: http://support.apple.com/kb/HT5096
  Once your Time Machine data is migrated, you can just erase the old drive and start from scratch.
  Unfortunately, the owner of pondini.org has passed away and there is no one to support any instructions you will find on that site.

• SMB -36 ioErr when opening files

  After installing Snow Leopard and connecting using SMB to my network harddive, I am unable to open any of the files on the drive. I can log into the drive fine and see all the files but they are bigger than normal; eg. a 126kb file shows up as 132kb and a 6.91gb file shows up as 7.3gb. When attempting to open any file, Snow Leopard gives me the error: Error -36. Unable to open file. I checked using Windows and all files can be opened without any problems. The harddrive is 1Tb and formatted as FAT32. Any advice?

  to recap:
  I cannot copy from Mac SL to an OpenSolaris ZFS shared via smb. Get the -36 error.
  I can delete files via Finder
  I can create new folders via Finder
  I can copy via Terminal
  Perms etc look good on the file copied via Terminal from Mac and doing an ls -V on the Solaris box. I can read and write according to perms.
  That file, when viewed in Finder cannot be opened, but can be played in the "Get Info" preview box
  I can drag the greyed out file into iTunes
  I can change metadata on that file via iTunes (i.e. write to the file)
  I can play it through iTunes and AppleTV
  I can write a file via TextEdit, for example, and it all looks good.
  I can mount, read, copy, play from my MacBook on 10.5.8.
  The time on my Solaris box had slipped to more than 5 mins from the time on my Mac, so I updated that. Can cause issues apparently.
  I've turned the firewall off. No change.
  Only error I can see in the Mac logs that might be related:
  smb_maperr32: no direct map for 32 bit server error (0xc00000e5)
  I found this:
  http://spiralbound.net/2005/09/22/macintosh-finder-copy-to-samba-share-problem
  Says that he set posix locking = no on his smb share and it was all good.
  Will give that a go.

• Private/var folder (5.66GB) on my desktop; can I delete it?

  It got there as I was copying ApplicationSupport/CrashReporter, Logs/DiagnosticReports from the root Library,and Application Support/CrashReporter, Application Support/Rapport/User/Logs from the Home/User/(Me)  Library folder. The invisible private/var folder appeared as I was dragging copies of these to the desktop.
  I emailed these to Trusteer for troubleshooting, because of Rapport conflict prblms with other Safari extentions (see other discussions on this).
  The prblm is I now can't remember where this private/var folder came from, and I'm afraid I might have dragged the original rather than a copy, and I don't want to trash it until I'm sure.
  My MacBk Pro has been booting up and acting normally since this folder is on the desktop, so I guess this is a good sign. My understanding is that a folder/file on the desktop is inactive anyway.
  Can I trash it w/o consequences????

  Thnx baltwo, did that, got:
  Charless-MacBook-Pro:~ ChasM$ chflags hidden /private
  chflags: /private: Permission denied
  Charless-MacBook-Pro:~ ChasM$
  This despite that I'm logged in as Administrator, and that I added "Administrator" and "Me" to Terminal Permissions Read/Write priveleges; "System" already had Read/Write.
  By the way, I assume that when it works, this is supposed to make my invisible Private folder visible??
  Also, I tried typing in these commands rather than pasting - same result

• After trying to change permissions on my computer so others on my network can access files, my external Hard Drive has a lock on it and I can't access files. I've tried repairing permissions, logging in under another Administrator account, using Terminal

  After trying to change permissions on my computer so others on my network can grab files, my external Hard Drive has a lock on it and I can't access files. I've tried repairing permissions, logging in under another Administrator account, using Terminal to fix the problem, downloaded BatChmod but nothing works… Any other suggestions? I have an Imac running OS10.6.8.

  There is suddenly a lock icon on my external backup drive!
  Custom Permissions

• Terminal/X11 permissions problems

  I should begin by saying that I know NOTHING about unix or the terminal, so keep responses simple and/or easy to follow instructions.
  I'm using a program called MELTS (OSX version and instructions at http://melts.ofm-research.org/macosx.html) and I am unable to get it to launch on my new intel 2.16 core 2 duo iMac. This program worked like butter on my G4 MDD with OSX 10.3 and 10.4 (different versions of MELTS required for each OS). After the initial installations according to the instructions, the program would launch X11 and pop up in a window without trouble, just by double clicking on it like any other app. This is not so with my new beasty. So what I have done so far is...
  I placed the file inside my main hardrive and opened an X11 terminal. I attempt to launch the program by typing "/MELTS" and "./MELTS" this results in the following messages from X11
  Homer:~ homer$ /MELTS
  bash: /MELTS: Permission denied
  Homer:~ homer$ ./MELTS
  bash: ./MELTS: No such file or directory
  Homer:~ homer$
  I have already attempted to change the files permissions both through the terminal using "chmod 755MELTS", "chmod ugo+rwxMELTS" both with and without using the sudo trick (I barely understand what that really does, but I tried it anyway) and got the same results for each.
  Homer:~ homer$ sudo chmod 755MELTS
  Password:
  usage: chmod [-fv] [-R [-H | -L | -P]] [-a | +a | =a [# [ n]]] mode|entry file ...
  Homer:~ homer$ chmod ugo+rwxMELTS
  usage: chmod [-fv] [-R [-H | -L | -P]] [-a | +a | =a [# [ n]]] mode|entry file ...
  Homer:~ homer$
  I've done all of the above, restarted the apps, restarted the computer, and tried to set the permissions in the "Get Info" window. After doing each of the former in every concivievable order and combination, I'm stuck.
  Any ideas or suggestions? Anyone with an intel Mac out there who can successfully get the MELTS program to work on their machine?

  Typing "./MELTS" only works if you are in the directory that contains MELTS at the time you type it. Before trying the ./MELTS commad, type "ls" to get a listing of files in the current working directory (the directory you are in). If you don't see MELTS listed, you aren't in the correct directory. ("directory" is the unix word for "Folder")
  When you open a new terminal window in X11, you are normally in your "home" directory, which is not normally where applications get put. You have to find out where the installer puts MELTS. If you can double-click on it, you know where it is. Perhaps the Applications folder? If so, then type "cd /Applications", then do the "./MELTS" command.
  For the chmod commands, it looks like you need a space before the "MELTS", i.e., "chmod ugo+rwx MELTS" not "chmod ugo+rwxMELTS". That's what all that "usage" stuff is about. But it is doubtful that this is the fix, anyway. The permission denied messages is because you told it the wrong thing, not because MELTS has the wrong permissions.
  Do the MELTS people say that it has been updated for the intel Macs? Are you downloading a pre-compiled binary, or installing from source code? (Probably a binary)

• Permissions will not set, even after using terminal commands?

  Hey,
  I found a thread on here for using the terminal to type in commands for the user permissions and for the PSIX permissions on Leopard (10.5) server.  These commands are supposed to clean the server of all underlying(hidden) permissions that you cant see and then you are supposed to be able to then set the permissions again and finally, to hit "Propagate Permissions" so that all the permissions set for the shared volume then get farmed out to all sub files/folders.  This did not work when I tried it in the terminal, it said "Command not found" even after I typed in the admin password.  Is there anyone out there who can tell me the actual way to fix the old permissions and get new ones set?
  The story is:  We had an old server on a G4 when i first took control of the server, I took the shared hard drive out of the G4 and inserted it into a G5 and started using it with the leopard server.  the permissions did not really need to be set on that volume because they had carried over from the last time they were shared.  But we recently just got a Drobo unit for our server and I recently transferred all the shared files and folders over to the new volume, but ever since I cant get the permissions to farm out to all the stations, it shows me that its done on the server.  But when I go to access the files I am able to delete faculty folders where I had set the permissions to "read only" so I am wondering if there is a streamlined way of going about this or if I should just start from scratch and use all brand new HDD's?
  Please Help!

  Hi ..
  Try the tips mentioned here > Mini-tutorial: Force-deleting stubborn or problematic files in Mac OS X

• My trash won't empty since I upgraded to Lion. Other than using rm -rf ~/.Trash/* in the terminal what can I do. Reparing permissions didn't hpl.  regards  robin

  My trash won't empty since I upgraded to Lion.
  Other than using rm -rf ~/.Trash/* in the terminal what can I do. Reparing permissions didn't hpl.
  regards
  robin

  I have the same problem. I can put things into the trash, but when i empty the trash it makes the crumple noise like its throwing it away and the files stay in the trash and the icon stays full. I have 10.7.2. I also have Parallels installed on my machine.
  Before this problem, I was unable to add files to my trash can and then I removed this program called CleanMyMac, which I guess wasn't compatible with Lion, and now I can at least add items to the trash can. It seems I am having a lingering issue due to that program.
  I have a case with Apple Senior Support Analysts and they can't figure it out...
  Please help!! I do not want to format and start all over just to empty my trash can
  I also do not want to install Trash It (which would empty the trash i've heard) but will not resolve my issue only cover it up.
  Thanks!!

• Add user to permissions through terminal

  This is killing me. Seems like it should be such a simple task in the terminal but I just can't figure it out.
  What I would like to do is to give another user on my computer write permissions to a file that I own.
  I have tried several different things to no avail. Anyone have ideas? I know how to change the owner of the file, change the group or change my permissions but I just can't figure out how to add another user and set their permissions.
  Thanks for help!

  I am not doing this to one file. I know how to do this from the UI but I am trying to write a script to loop through the files in a folder and allow other specific users to read and write the files.
  Here is what I have tried
  chmod -R 775 nameOfFile
  ## This only changes the permissions for me as the admin
  chgrp -f group nameOfFile
  ## this only changes the group that has access
  chown newOwner nameOfFile
  ## this works but just removes me from ownership instead of adding a user that has read capabilities
  Thanks for your help

• Using terminal if permissions are refused

  ... this'll sound like a question 'how can I hack ?', but bear with me..
  My iBook was stolen out of my hand - literally - in the street last August. I don't have the means to buy a new one, so I use the iMacs in the University where I'm a student. The admin here is an a**hole. I saw him struggling one day with Terminal, and offered advice (I administer Solaris). He didn't take kindly to it. Since then, he's changed the permissions on all of the iMacs to stop me using Terminal. I used it for ssh and vim, that's all.
  His colleague (who is on vacation) changed the permissions back, but as soon as bozo saw that, he freaked, and banned me from using Terminal. I've e-mailed the head of the University to ask if I can use Terminal, but in the meantime, is there any way to open it, if the permissions have been set to prevent it?
  I repeat: I'm not trying to hack into one of these machines.
  Thanks.

  You can bypass the GUI and directly login to your
  shell if the login window is set to name and
  password. Type: >console and press return. Now enter
  your user name and password. Expect your friendly
  admin to go bonkers!
  I found another method.. in TextEdit, I do..
  do shell script "open /Applications/Utilities/Terminal.app"
  ... select that line and tell Mac-OSX to run it as a shell script. Sorted.

• How do you give user permissions to access a terminal server?

  How do you give user permissions to access a terminal server?

  Refer : http://technet.microsoft.com/en-us/library/cc781509(v=ws.10).aspx
  Arnav Sharma | http://arnavsharma.net/ Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading
  the thread.

• Terminal Server User Profile - Delete Permissions

  One frequent problem our help desk encounters is corrupted user profiles on the terminal servers.  Today those tickets are escalated to the server team to have the local user and roaming profiles deleted.  That team wishes to have this task moved
  to the desktop / help desk.
  I've built a script to perform this action, but desktop and help desk AD groups do not have sufficient rights on these servers to delete the user profiles.  NTFS permission changes will allow them the ability to delete the roaming profiles, but I don't
  beleive this would be sufficient to delete the local profiles from the terminal servers (properly).
  The script command I'm using to delete the local profiles is:
  takeown /f $LPath.FullName /r /d y
  I attempted using a service account to run the command within the script but I couldn't find a secure way to nest the password.  Can someone point me to the correct permissions needed for a regular user to properly delete a remote user profile?
  Thanks!
  There's no place like 127.0.0.1

  Hi,
  Thank you for posting in Windows Server Forum.
  What kind of permission is assigned to your help desk users?
  Firstly please check that your help desk users can delete the profile via “System Properties--Advanced tab--User Profiles--Settings button”. By deleting user profiles will delete the corresponding registry entries in addition to the folder under C:\Users
  Apart still if you want to check the registry setting, we can verify and delete under below mention path.
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
  Here need to find the respective SID for the users and the delete that SID and then again ask users to log back in which will create a new user profile.
  Else your help desk user can get the permission for running below script through which they can delete the user profile.
  Remove RDS Profiles
  http://gallery.technet.microsoft.com/scriptcenter/5146833f-dd54-47a8-9941-b0889a456571
  Hope it helps!
  Thanks.
  Dharmesh Solanki