AAA Different Permissions again

Similar Messages

• Unrepairable "different" Permissions After Updating iTunes

  Hello -
  First, I need to confess that I am not an Apple computer guru. However, up until today, I've never experienced any major problems with either of my two Mac computers.
  Ugh. . .
  I updated both the iTunes and Front Row programs on my MacBook Pro today. I did what I usually do after performing any major update or upgrade, I repair the permissions via the Disk Utility program. This utility almost always repairs any of the changes that may have occurred during the updating/upgrading process. It did not work this time, unfortunately.
  I am unable to repair the dozen or so differing permissions that the Disk Utility tells me exists. I click the "Repair Disk Permissions" and when it's finished it tells me, "Permissions repair complete". I, then, click "Verify Disk Permissions" and receive the same messages as before; that there are many differing permissions.
  So. . . here are my questions:
  1) Will this apparent problem of differing permissions effect the overall performance and stability of my computer in any way? (I use the MacBook Pro mainly as a slave computer for instrumental software plug-ins for sequencing projects.) (By the way. . . "So far, so good". I haven't noticed any problems, YET, when loading up my Kontakt 2 and Kontakt 2 Player instrumental software programs.)
  2) Will this apparent problem leave my MacBook Pro vulnerable to future problems (like future program updates, computer viruses, etc)?
  3) Is there any way to fix this apparent problem??
  Thankfully, I did NOT upgrade the iTunes on the larger MacPro computer which houses main audio and video editing software programs. In fact, I very rarely use the iTunes program. The only reason I keep it on the MacBook Pro is because my wife owns an iPod device. But she keeps her iPod hooked up to her aging yet dependable Dell laptop computer. (I don't think she even updated her Windows version of iTunes yet! LOL!) Silly, silly me for updating a program I don't even use. Now, I humbly wish to fix this problem before it get worse. I use the MacBook Pro all the time for my music-sequencing projects (as a slave computer to my MacPro).
  Thank you in advance. . .
  Embarrassed. . . . and GRATEFUL for any solutions to this apparent problem. . .
  Ted

  Thank You!!
  I read the entire link that you supplied. Very Informative!! It also relieved my anxiety quite a bit!
  Again, thank you!
  Ted

• Pure-ftpd - different permissions for virtual users?

  I seem not to be able to find out how I could declare different permissions for different virtual users. In /etc/pure-ftpd.conf exists one line to declare permissions using
  #umask file:folder
  umask 133:133
  umask matches the numbers to 'UserGroupOthers'.
  Now that virtual ftp users belong to a real existing unix user / group, I wonder who is Users, Group and Others?
  Users = virtual ftp user ?
  Group = virtual ftp group ?
  Others = anonymous visitors?
  How can I tune it, so one virtual user can add files - f.e. to be used by a scan station - while others shall only read, having anonymous disabled?
  This gives me a headache.

  Ok, let me think.  What did I do? 
  I had different users.  User X, Y and Z.
  Then, I had a shared directory above their home directories.
  While in the system, (not in pure-ftpd) I symlinked.
  (Note that doing something in user X's directory, like ln -s ../shared didn't work---I had to do ln -s /usr/home/ftpuser/shared).
  Then, I ~think I played with the permissions on shared and got what I wanted. 
  Then, after a few hours on this, they changed their minds about what they wanted, everyone was allowed to use shared, but different companies had to have their own directories, so I no longer have that config.
  For what it's worth, you can take a quick look at my page
  http://www.scottro.net/qnd/qnd-pureftpd.html
  but I don't think it covers that situation.
  HTH, though I doubt that it did.

• After repairing permissions, in Mac OS X, I ask the utility to verify permissions again and the same problems are shown, as if I had not repaired anything. What's happening?

  After repairing permissions, in Mac OS X, I ask the utility to verify permissions again and the same problems are shown, as if I had not repaired anything. What's happening?

  What you are seeing are messages. It's ok.. it won't do any good to repeatedly repair permissions. As long as you see Repair Permissions Complete when it's finished, you are good to go.
  Also, if you see any messages that say: SUID: That can be ignored.
  Mac OS X: Disk Utility's Repair Disk Permissions messages that you can safely ignore
  Keep in mind, the only time you need to repair permissions is for troubleshooting.

• How to gain different permissions than the user's current logon provides?

  I have a computer on a local network which contains a shared folder, and I've granted reading permissions for all users.
  How can I grant a certain Java application, or gain from a certain application, which a user running on a different computer, permission to write to that folder without granting this user the permission?
  Basically I need to create a situation when the other users can add files to the folder only through my Java application.
  Thanks.

  You are right i wouldn't like to change owner. But I would like the program to be able identify itself as a different user who has writing privileges, or something of that sort, in order for it to have permissions. Something similar to the 'runas' command in windows.

• Granting different permissions to different codebases : policy file problem

  Hi all. I'm having a bit of a problem with policy files and granting different persmissions to different codebases. What I have at the moment is a server app that copies a class file from the client to a specified directory on the server, and then dynamically loads and runs that class. This all works fine, but obviously as user submitted code is going to be run on the server I want to restrict what they are allowed to do. My app is going to be bundled up in a single jar file, and the directory that the client code is being copied to a subdirectory of the app installtion (not that this should make much difference). What i want to do is grant all permissions to my code in the jar file and resrict the permssions granted to code in the strategies directory. I assumed i would just be able to do this using my own policy file, but at the moment i'm not having much luck.
  Directory structure:
  c:/project/code/
  |
  |-labyrinth.jar
  |-strategies/
  Contents of labyrinth.policy:
  grant codeBase "file:../code/labyrinth.jar" {
  permission java.security.AllPermission;
  Command line arguments:
  java -Djava.security.manager -Djava.security.policy==./labyrinth.policy -classpath .;./labyrinth.jar;./strategies/;%CLASSPATH%; labyrinth.LabyrinthServer
  I've tried specifiying the absolute path to the jar file in the policy file as well as the relative path, i've tried including -Xbootclasspath/a and appending the jar file. All I seem to be able to manage though is either granting all permissions system wide, including the strategies dir, or none and getting security exceptions within my code. Anyone tried doing anything similair or got any idea where I might be going wrong? Any help would be appreciated as its really starting to doing my head in.
  TIA. Matt.

  Did you try putting a slash at the beginning of your "file" specification? e.g., instead of saying
  grant codeBase "file:../code/labyrinth.jar" {
  permission java.security.AllPermission;
  say
  grant codeBase "file:/../code/labyrinth.jar" {
  permission java.security.AllPermission;
  Hope this helps.

• Installed programs have different permissions than package

  I am using testing, so I installed the new kernel and nvidia driver today.  The directories in the kernel and nvidia packages are all 755.  However, when the package was installed and the new directories were created, the permissions were 2755.  This isn't a problem, but something is happening to cause the kernel to be installed with different folder permissions than are in the package.
  The kernel is the only package I am having this issue with.
  Edit:
  This only happened on one of my computers, and if I try to correct the permissions with chmod, nothing happens and the permissions remain the same...
  Last edited by sinister99 (2008-01-26 16:37:29)

  This happens to me on my workstation. Every PKG I install have that permission warning message, but my stuff still works... don't really care. Perhaps the dev can look into it when they have time.

• I repair permissions, run Onyx, repair permissions again, but doesn't work

  The same permissions--a large number of them--need re-repairing again after each of these.
  What's wrong here?

  permissions messages you can safely ignore

• Shared folder permissions (again)

  Previous topic -> http://discussions.apple.com/thread.jspa?threadID=2745102&tstart=0
  So that went okay.
  However, I noticed that the iTunes in the Shared folder had moved everything into /iTunes/iTunes media/Artist/ folders.
  New files go directly there also.Tried to Organize library and it would go through the motions but would not actually do anything
  In my user folder /Library/Preferences/, I found a bunch of temp files for com.apple.iTunes.plist.
  Deleted those and it simply create new ones.
  Shared/iTunes/ folder shows me as Read/Write and everyone else as *Read Only*.
  Looking again and I was not able to change any filenames.
  I booted from a SD! backup and repaired permissions on this drive but no help.

  This is /Users/Shared/iTunes.
  Beth:iTunes ChrisCA$ whoami
  ChrisCA
  Beth:iTunes ChrisCA$ ls -lea
  total 132112
  drwxrwxrwt@ 12 root wheel 408 Feb 9 17:11 .
  drwxrwxrwt+ 18 root wheel 612 Feb 9 01:07 ..
  0: group:everyone deny delete
  -rwxrwxrwt@ 1 root wheel 21508 Feb 10 18:36 .DS_Store
  drwxrwxrwt 5 root wheel 170 Feb 9 07:45 Album Artwork
  drwxrwxrwt 56 root wheel 1904 Dec 19 15:08 Mobile Applications
  drwxrwxrwt 22 root wheel 748 Nov 22 22:04 Previous iTunes Libraries
  -rw-rw-rwT@ 1 root wheel 3908484 Feb 9 17:11 iTunes Library
  -rwxrwxrwt 1 root wheel 696320 Feb 9 17:09 iTunes Library Extras.itdb
  -rwxrwxrwt 1 root wheel 45309952 Feb 2 20:15 iTunes Library Genius.itdb
  drwxrwxrwt@ 13 root wheel 442 Feb 9 07:51 iTunes Music
  -rw-r--r--@ 1 ChrisCA wheel 17693385 Feb 9 17:10 iTunes Music Library.xml
  -rwxrwxrwt@ 1 root wheel 8 Feb 9 17:11 sentinel
  This is /Users/Shared
  Beth:Shared ChrisCA$ ls -lea
  total 56
  -rw-rw-rwT 1 root wheel 2048 Aug 13 19:04 *.db
  drwxrwxrwt+ 18 root wheel 612 Feb 9 01:07 .
  0: group:everyone deny delete
  drwxr-xr-x 8 root admin 272 Dec 12 22:27 ..
  -rw-rw-rwT@ 1 root wheel 21508 Feb 10 18:36 .DS_Store
  -rw-rw-rwT 1 root wheel 0 Oct 3 12:30 .com.apple.timemachine.supported
  -rw-r--r-- 1 root wheel 0 Jan 26 2010 .localized
  -rw-rw-rwT 1 root wheel 0 Jan 26 2010 .localized (from old Mac)
  drwxrwxrwt@ 3 root wheel 102 Jul 20 2009 CanoScan LiDE 60
  drwxrwxrwt+ 3 root wheel 102 Jul 9 2010 Library
  0: group:everyone deny delete
  drwxrwxrwt 9 root wheel 306 Jan 31 17:41 MTRKeyCache
  drwxrwxrwt+ 3 root wheel 102 Nov 19 23:35 Movies
  0: group:everyone deny delete
  drwxrwxrwt@ 35 root wheel 1190 Feb 9 17:44 Photo Library
  drwxrwxrwt 4 root wheel 136 Feb 5 21:50 Punch!
  drwxrwxrwt@ 4 root wheel 136 Nov 5 21:41 SC Info
  drwxrwxrwt 3 root wheel 102 Dec 19 15:06 iMovie Original Movies.localized
  drwxrwxrwt@ 12 root wheel 408 Feb 9 17:11 iTunes
  drwxrwxrwt 12 root wheel 408 Feb 9 01:34 iTunes 9
  drwxrwxrwt 52 root wheel 1768 Oct 31 18:09 untitled folder

• File permissions -AGAIN

  Sorry to raise this issue yet again.
  I am using Mavericks 10.9.1.
  Permissions are still a damned mess.
  I have now experienced this problem from Leopard onwards.   Never any realible answers.  This is a problem the Apple consistently ignores.
  Example:
  All my files are kept on a NAS - setup properly with permissions setup correctly.
  I create a file on my iMac (for this example - a keynote file) - I save this to my NAS - fine so far.  5 mins later I try to save my edits to the NAS. Now I don't have the correct permissions - checking the drive, folder and specific files shows me I have 'custom access' again.  Ridiculous - my NAS, my Mac - no-one else uses it.
  I am sick and tired of this damned issue that wastes enormous amounts of users time.  The user should not be required - to constantly repair permissions (usually doesn't  work)  or enter arcane code into the  Terminal just to get the OS to work properly.
  This is meant to be the 'most advanced OS' - really?
  Sorry for the rant - but this is intolerable.
  Any help greatly appreciated.
  Thanks,
  Mike

  repost, i want know this...

• Acs4.1 & aaa authorization & permit show

  Selam,
  I want to deny all commands except "show run" for a group and for all network devices.
  So I created a group on acs4.1 and attached with a "Shell Command Authorization Set" ("permit show runnig-config" - "deny unmatched commands")
  than I used commands which you can see below:
  aaa authorization exec default group tacacs+ local
  aaa authorization commands 1 default group tacacs+ if-authenticated
  aaa authorization commands 15 default group tacacs+ if-authenticated
  NOW: rules are runnig for my new group but other groups which have full access for all devices are failing (% Authorization failed)
  what can be the problem?
  Thanks
  Ozlem

  create another shell command authorization set for full access group and configure it for "unmatched commands - permit"
  and do not enter any command for it.
  That will work for you.
  ~Rohit

• Different permissions on separate Airdisk volumes

  Hi there. I have a Drobo connected to an 802.11n Airport Extreme which acts as a Media Server. I'm in the process of ripping CDs and DVDs to it and want to try and make the files as secure as possible.
  I have set up the Drobo with two volumes. One 'Shared' volume, which I would like everyone to have read/write access to (our iTunes library is stored on here and won't work on a read only volume). I have also set up a 'Media Server' volume, which I would like to have as Read Only (except for myself), to make sure movies don't get accidentally deleted. I'm using Plex Media Server to view the files.
  I can only get the security settings in the Airport Utility to apply the same password to both volumes. Is there a way to set up custom access to each volume?
  Thanks for your assistance.

  mbeauchamp,
  It appears that in the past few days you have not received a response to your
  posting. That concerns us, and has triggered this automated reply.
  Has your problem been resolved? If not, you might try one of the following options:
  - Visit http://support.novell.com and search the knowledgebase and/or check all
  the other self support options and support programs available.
  - You could also try posting your message again. Make sure it is posted in the
  correct newsgroup. (http://forums.novell.com)
  Be sure to read the forum FAQ about what to expect in the way of responses:
  http://forums.novell.com/faq.php
  If this is a reply to a duplicate posting, please ignore and accept our apologies
  and rest assured we will issue a stern reprimand to our posting bot.
  Good luck!
  Your Novell Product Support Forums Team
  http://support.novell.com/forums/

• Multiple groups with different permissions on a sharepoint

  Let me start by saying that I am fiarly new to OS X Server. In my school district we are running server 10.3.3, and I am having one heck of a time trying to figure out how to give access to a sharepoint to more than one group, and give them different access ie: the students have the ability to read what is in the folder, but the teachers can put things in there or make changes to the items in there, the main reason we are trying to get this done is for our accounting department. The ladies in the accounting office need to share some documents with the office managers at the different schools, but don't want them accidentally changing them, and we don't want anyone/everyone to be able to access them.
  If there are any free updates available that can fix this I would be willing to download them, but I don't think we have the money to upgrade to 10.4 server.

  As you surmised, all the tools to make this easy are in 10.4 (ACLs, nested groups etc...)
  Since you need a solution that works with 10.3.3, Id try the following:
  A = accounting office users
  B = office mangers
  C = all users in A + all users in B
  Folder 1 is the folder of shared documents.
  Volume 1 is the sharepoint containing Folder 1
  in WGM
  share Volume 1, with Owner: root R/W Group: C R/W Everyone: none
  Set the privs on Folder 1 to Owner: root R/W Group: A R/W Everyone: R
  This allows members of group C to mount the volume , but only the accounting folks (A) can write to the files in Folder 1. All other users (the folks in group B) will only have read access to folder 1. The public at large won't be able to mount the volume in the first place.
  Hope this makes sense
  - Leland

• AAA, different groups, different roles, same equipment

  Hello,
  I have a tricky authentication case to submit:
  My users are on Active Directory in two groups
  - VPN Users
  - Network admins
  The groups are mirrored (binded) in the ACS,
  I have a PIX configured as a VPN server. Both the VPN users and the network admins are authenticated by ACS (Radius for VPN, and TACACS+ or Radius for admins).
  I only want my network admins to be able to log on my PIX, and only my VPN users to be able to connect by VPN.
  Here's the question:
  how to you segregate those two groups so they only have access to whats permitted for them. NAR doesn't work because only the PIX does the requests....
  Right now, as configured above, both groups can do everything.
  thanks for you help
  Antoine

  Hi
  Try this. In the vpn group create an IP based NAR that doesnt permit anything. This will get applied to any TACACS+ device admin type authentication.
  In the admin users group, create a cli/dnis NAR that doesnt allow anything.
  Generally, IP NARs get applied to TACACS+ and DNIS/CLI to RADIUS.
  In theory a T+ login from a vpn user will get filtered and a RADIUS login from an admin user will get filtered.
  The possible stumbling point is how ACS applies the NAR to RADIUS VPN authentications. It uses some tortuous logic, but generally:
  if ip address in authen rq ---> apply ip filter
  if no ip address ----> apply dnis/cli filter
  fingers x'd the vpn auths dont include framed-ip-address!!
  Dont think even ACS v4.0 helps a huge amount, because network access profiles (NAP) are RADIUS only.
  Darran

• Repairing permissions again

  I'm having trouble repairing permissions with disk utility. It's these permissions that won't seem to repair if you have any suggestions I would appreciate them.
  Thank you, Jack.

  Unless you are having problems with your Mac, there is no reason to repair permissions repeatedly. You can ignore the messages, nothing to be concerned about. Repairing permissions is used for troubleshooting.