Access Permissions

Similar Messages

• I am trying to import developed images from LightRoom 5 in o Photoshop 6.  I am receiving this message and the images will not open.....'Could not open scratch file because the file is locked, you do not have necessary access permissions or another progra

  I am trying to import developed images from LightRoom 5 Photoshop 6 for further editing.  I am receiving this message and the images will not open.....'Could not open scratch file because the file is locked, or you do not have necessary access permissions or another program is using the file.  Use the 'Properties' command in the Windows Explorer to unlock the file. How do I fix this?  I would greatly appreciate it if you would respond with terms and procedures that a computer ignorant user, such as me, will understand.   Thanks.

  Have you tried restoring the Preferences yet?

• I am trying to import developed images from LightRoom 5 into Photoshop 6.  I am receiving this message and the images will not open.....'Could not open scratch file because the file is locked, you do not have necessary access permissions or another progra

  I am trying to import developed images from LightRoom 5 into Photoshop 6.  I am receiving this message and the images will not open.....'Could not open scratch file because the file is locked, you do not have necessary access permissions or another program is using the file.  Use the 'properties' command in the Windows Explorer to unlock the file'.  This has not happened before.  How do I change this?

  Could not open a scratch file because the file is locked or you do not have the necessary access privileges. (…) | Mylen…
  Mylenium

• I have PS 6 and just purchased an iMac and am running OS 10.10.1 (Yosemite).  When i try to Save or Save As a file I get the following message:  Could not save as "Whatever.psd" because this file is locked, you do not have necessary access permissions, or

  I have PS 6 and just purchased an iMac and am running OS 10.10.1 (Yosemite).  When i try to Save or Save As a file I get the following message:  Could not save as "Whatever.psd" because this file is locked, you do not have necessary access permissions, or another program is using the file.  Use the Get Info command in the Finder to ensure the file is unlocked and you have permission to access the file.  If the problem persists, save the document to a different file or duplicate it in the Finder.  Any suggestions?  Thanks.

  Photoshop: Basic Troubleshooting steps to fix most issues
  Look under Troubleshoot User Permissions.
  Gene

• When I close Photoshop CS6, the following message appears: "Could not save Preferences because the file is locked, you do not have necessary access permissions, or another program is using the file.

  When I quit Photoshop CS6, the following message appears:
  " Could not save Preferences because the file is locked, you do not have necessary access permissions, or another program is using the file. Use the ‘Get Info’ command in the Finder to ensure the file is unlocked and you have permission to access the file. If the problem persists, save the document to a different file or duplicate it in the Finder."
  If I try to change the Workspace in PS6 from Essentials to any other Workspace, the following messsage appears:
  "Could not apply the workspace because the file is locked, you do not have necessary access permissions, or another program is using the file. Use the ‘Get Info’ command in the Finder to ensure the file is unlocked and you have permission to access the file. If the problem persists, save the document to a different file or duplicate it in the Finder."
  I have checked the Sharing and Permissions section of the "Get Info" panel accessed from the Finder and I have set Read and Write Privileges for my user account for Photoshop CS6. System and Admin are also set to Read and Write.
  I have a MacBook Pro with OS X Version 10.9.5 and have all available updates for Photoshop CS6, Lightroom 5 and Bridge CS6.
  I tried uninstalling the program and downloading it again and reinstalling, but nothing changed.
  Can you help?
  Thanks,
  cjpnm

  You may get better help in Photoshop General Discussion
  The Cloud forum is not about using individual programs
  The Cloud forum is about the Cloud as a delivery & install process
  If you will start at the Forums Index https://forums.adobe.com/welcome
  You will be able to select a forum for the specific Adobe product(s) you use
  Click the "down arrow" symbol on the right (where it says All communities) to open the drop down list and scroll
  If FINDER means Mac, read below (and try to give more information when asking a question)
  Mac 10.9.3 workaround https://forums.adobe.com/thread/1489922
  Enable Mac Root User https://forums.adobe.com/thread/1156604
  -more Root User http://forums.adobe.com/thread/879931
  -and more root user http://forums.adobe.com/thread/940869?tstart=0

• Photoshop won't start: Could not open a scratch file because the file is locked, you do not have necessary access permissions, or another program is using the file.

  Adobe Photoshop CS6 Extended
  "Could not open a scratch file because the file is locked, you do not have necessary access permissions, or another program is using the file."
  I've tried finding and checking and fixing permissions but no success.
  This happened from one day to the next. I think it has to do with the sn attached to the disk rather then the motherboard. I have the suite co-installed with Symphony 5.05. I've tried reinstalling.
  What's to b done? The rest of the Creative Suite 6 (AE, AI etc.) works fine.
  Anyone...?
  Loui

  Have you tried restoring the Preferences yet?

• Read-only access permissions for new files/folders?

  System:
  Clean Install on new intel Xserve
  10.4.8 Server w/ Open Directory
  Windows clients can read/write completely fine...
  Clients connecting using AFP (whether Standard or Kerberos authentication) can access files, but when new files/folders are created on the server, they register as full permissions for the user who created them, but not for the rest of the group.
  The share(s) in question are set using POSIX from WGM: Full access for owner/group/everyone (changed it to this thinking it would help, but it does not). Of course, no one can make changes to a newly-created/deposited files/folders, which is just plain silly.
  I can chmod the permissions recursively from a script (which fixes the problem, of course) on a regular basis so that its not (as much of) an issue, but there is still a 5-minute lag for the script to kick in, since we don't want to bombard the server with chmod requests every minute....which is unnecessary in the first place!
  I have plenty of other setups which are identical but have no such issue...
  Any reason why POSIX permissions on the share are being ignored from every user account?
  Thanks,
  k

  "That's default posix behaviour no matter what access permissions you set on the sharepoint."
  I'm afraid this is dead wrong. What matters most is how you set permissions on the share, not if you've chosen to inherit vs. using POSIX. POSIX is still used in inherit functions, though you can use ACL's to override them. In this case, ACL's are not being used on those shares (though we tried it).
  After all, why would Apple (let alone anyone else) even offer the ability to change POSIX permissions on a share if it didn't have any effect? That would be somewhat contradictory in nature.
  Like I said before, I have several other installations which are identically setup that have no such issues.
  As for Windows, it is also not set to inherit permissions; we're setting those explicitly. And they work fine.
  Any other ideas?
  Thanks,
  k

• Check in new documents in DMS with specific access permissions

  Hi,
  we have an RFC which creates new documents in DMS.
  This calls one after another these FBs:
  - CVAPI_DOC_CREATE
  - CVAPI_DOC_CHECKIN
  - BAPI_DOCUMENT_CHANGE2 for a additional classification of the new document
  Now we have a new request from our customer: to give the document specific access permissions.
  We try the following:
  - manually check in a document template with the necessary permissons.
  - the permissions are given in a classification  ("O,MW-T-D*,IB,02/03/52/53")
  - This is named "authority characteristic" and is checked somewhere else, I do not really know how this works in detail ( but it works)
  - check in a new document with a reference to the template and in expectation that the new document has the same classification and therefore the same access permissions
  - If I do this manually in CV03N is does work
  - We do this with CVAPI_CHECK_IN_WITH_TEMPLATE - but this FB does not copy the classification ( only the description and the attached original documents , and the documentnumber of the new document is an mandatory parameter which is not allowd in our case since we use internal creation of document numbers)
  My question is: Is this a possible way to create new documents with specific permissions
  Is there a possibility to give the permissions to the documenttype instead of give them to every single document of this documenttype ?
  Thanks
  Kerstin

  My guess is that at some point you propagated the ACL entry for "everyone deny delete" to all your folders and sub-folders and their contents by selecting Apply to All in a GetInfo window. Try doing a search in the Leopard forums for
  ACL chmod
  and you'll find a whole raft of discussions about the problem and suggestions for fixes.
  Francine
  Francine
  Schwieder

• When using Migration Assistant to transfer files from my pc, I get an error message saying that an attempt was made to access a socket in a way forbidden by its access permissions.  How can I fix this?

  When using Migration Assistant to transfer files from my pc, I get an error message saying that an attempt was made to access a socket in a way forbidden by its access permissions.  How can I fix this?

  You followed:
  http://www.apple.com/support/switch101/

• When I try to sync my IPOD (3rd gen) on ITunes, I receive the following error message - you don't have enough access permissions to perform this operation

  When I try to sync my IPOD (3rd gen) on ITunes, I receive the following error message - you don't have enough access permissions to perform this operation..can anyone assist?

  See:
  iPhone - not enough access privileges: Apple Support Communities

• Could not save Preferences because the file is locked, you do not have necessary access permissions, or another program is using the file. Use the 'Get Info' command in the Finder to ensure the file is unlocked and you have permission to access the file.

  I have this massage every time close ps cc
  Could not save Preferences because the file is locked, you do not have necessary access permissions, or another program is using the file. Use the ‘Get Info’ command in the Finder to ensure the file is unlocked and you have permission to access the file. If the problem persists, save the document to a different file or duplicate it in the Finder.

  You may get better help in Photoshop General Discussion
  The Cloud forum is not about using individual programs
  The Cloud forum is about the Cloud as a delivery & install process
  If you will start at the Forums Index https://forums.adobe.com/welcome
  You will be able to select a forum for the specific Adobe product(s) you use
  Click the "down arrow" symbol on the right (where it says All communities) to open the drop down list and scroll
  If FINDER means Mac, read below (and try to give more information when asking a question)
  Mac 10.9.3 workaround https://forums.adobe.com/thread/1489922
  Enable Mac Root User https://forums.adobe.com/thread/1156604
  -more Root User http://forums.adobe.com/thread/879931
  -and more root user http://forums.adobe.com/thread/940869?tstart=0

• How do I fix the workspace error "because the file is locked, you do not have necessary access permissions..."?

  I keep getting the error message "Could not apply the workspace because the file is locked, you do not have necessary access permissions, or another program is using the file. ..." when I try to open a workspace. Any ideas how to fix the permissions and what file does not have permissions. I am on a Mac.

  See here:
  CS5 "Locked"

• [PX6-300D] Access permissions problem with shares

  Hello,
  Let me explain the problems.
  When i try to connect one share to PC by mapping network device everything is normal - we have access to the storage and so on, but when i try to simply type the \\address\share in explorer i'm receiving "\\address\share is not accessible" popup window.
  Strange here is that i can access the \\storageDevice but i can't access the \\storagedevice\Sharename
  With lot of clicking and editing accounts in px6 i didn't received results, but i tried to increase the security for local network encryption to Always and voila i received access to the share and 15 minutes later i loss it again. (worked one time only)
  My big problem is that i use Acronis backup solution and the software can't find the share where the backups are.
  In last 10 days i have 5 successfull backups and 5 failed due to access problems with the device.
  Can any one help?
  Solved!
  Go to Solution.

  Hello Stimar
  Is the unit connected to a domain controller?  Are you having issues accessing the shares using a domain user or a local user, both?
  If connected to a domain, have you set a preferred server ?  If not, the unit will use the DNS under the Network page to try resolve the AD server.  You will want to make sure you have the correct preferred server or DNS or you may run into permission issues.
  Double check that the user(s) have at least read access permissions from the web interface, if you have the file level encryption option enabled, you may need to adjust permissions from your domain controller as well.
  If you are on a different sub-net than the px6 that can cause share access issues.
  If the above suggestions do not help, LenovoEMC support should be contacted. 
  LenovoEMC Contact Information is region specific. Please select the correct link then access the Contact Us at the top right:
  US and Canada: https://lenovo-na-en.custhelp.com/
  Latin America and Mexico: https://lenovo-la-es.custhelp.com/
  EU: https://lenovo-eu-en.custhelp.com/
  India/Asia Pacific: https://lenovo-ap-en.custhelp.com/
  http://support.lenovoemc.com/

• Exchange 2010 Unable to Assign Full Access Permissions using a Security Group

  I've been running into this issue lately.  I cannot seem to use groups to allow full access to mailboxes.  When I add them from the EMC, it will show up when you go to "Manage Full Access Permission...".  After waiting a day and even restarting
  the Information Store service, the permissions do not take effect.  When I view the msExchDelegateListLink attribute of the mailbox account, the group is not listed.
  When I grant a user full permission, it works and updates the attribute.  However, on occasion when I revoke the full access permission for a user is doesn't always remove that user from the msExchDelegateListLink attribute.  So the mailbox
  will still appear in Outlook, but the user isn't able to see new emails.
  Any ideas on what may be going wrong?
  Environment:
  Exchange Server 2010 SP1 Standard
  Windows Server 2008 R2 Standard
  Outlook 2010 SP1 (tried without SP1 as well)
  I was looking over Add-MailboxPermission on Technet (http://technet.microsoft.com/en-us/library/bb124097.aspx) and I noticed that it doesn't mention adding groups.  Is this not possible?

  I never got a proper fix.
  I worked around it by creating a script which gets the members of an AD Mail Enabled security group, and updates the full access based on the groups members.
  Here's a script I'm running every hour which updates permissions. It's probably not the most efficient script ever, but it works. It has several benefits
  1. Managers of the distribution group can add/remove mailbox members using OWA or through the address list
  2. New members of groups are added to FULL Access Permissions
  3. Members removed from the groups are removed from FULL access permissions
  4. Automapping works :)
  5. Maintains a log of access added / removed / time taken etc.
  Obviously I have had to remove domain related information, replace with whatever your domain requirements are, and PLEASE debug it properly in your environent first, don't complain to me if it wipes out a load of access for you or something like that!
  It takes about 5 minutes to run in my environement. Some formatting seems to have got messed up on here, sorry. I hope it is of use!
  # Mailbox Permissions Setter for Exchange #
  # v1.1 #
  # This script will loop through all mailboxes in Exchange and find any where #
  # the type is 'SHARED'. These should be determined to be a GROUP/SHARED mailbox #
  # and access to these mailboxes are controlled by a single ACL, e.g. 'ACL_Shared_Mailbox'. #
  # This script will add any members of these ACLs directly to the Full Access Permissions #
  # of the mailbox and also remove them if they no longer need the access. #
  # Script created by Jon Read, Technical Administration
  # Recent Changes
  # 15/11/2012
  # 1.1 Added exclusions for ACLs that we don't want automapping to happen for
  # 12/11/2012
  # 1.0 Initial script
  #Do not change these values
  Add-PSSnapin *Ex*
  $starttime = Get-Date
  $logfile = "C:\accesslog.txt"
  $logfile2 = "C:\accesslog2.txt"
  $totaladditionstomailboxes = 0
  $totalremovalsfrommailboxes = 0
  $totalmailboxesprocessed = 0
  $totalmailboxesskipped = 0
  # Exclude any ACLs that shouldn't be processed here if they are used for a non-standard purpose and
  # we don't want FULL access mapping to happen. Seperate array values with commas
  $ExcludedACLArray = "DOMAIN\ACL_ExcludedExample"
  Write-Output " " >> $logfile
  Write-Output " " >> $logfile
  Write-Output "#----------------------------------------------------------------#" >> $logfile
  Write-Output "# Mailbox Permissions Setter for Exchange #" >> $logfile
  Write-Output "# v1.1 #" >> $logfile
  Write-Output "#----------------------------------------------------------------#" >> $logfile
  Write-Output " " >> $logfile
  Write-Output " " >> $logfile
  Write-output "Start time $starttime ">> $logfile
  Write-Output " " >> $logfile
  Write-Output " " >> $logfile
  # Set preferred DCs and GCs
  $preferredDC = "preferredDC.domain"
  $preferredGC = "preferredGC.domain"
  Write-Output " PreferredDC = $preferredDC ">> $logfile
  Write-Output " PreferredGC = $preferredGC " >> $logfile
  Set-ADServerSettings -PreferredGlobalCatalog $preferredGC -SetPreferredDomainControllers $preferredDC
  # The first part of this will ADD permissions to the mailbox, reading from an associated ACL.
  # Check for all mailboxes where the type is SHARED. These are the only ones we would
  # want to apply group mailbox permissions to.
  foreach ($mailbox in get-mailbox -resultsize "unlimited" | where-object {$_.RecipientTypeDetails -eq "SharedMailbox"})
  $totalmailboxesprocessed = $totalmailboxesprocessed + 1
  Write-Output " " >> $logfile
  Write-Output " " >> $logfile
  Write-Output "|-------------------------------------------------------" >> $logfile
  Write-Output "| MAILBOX ADDITIONS: $mailbox " >> $logfile
  Write-Output "|-------------------------------------------------------" >> $logfile
  $mailbox=$mailbox.ExchangeGuid.ToString()
  # For each of them, get the distribution list applied to the mailbox (Starting DOMAIN\ACL_)
  # We then need it to be turned into a string to use later.
  #Declared $changes as 0. if this is set to 0 at the end of the mailbox job, we know no changes were made.
  $changes = 0
  foreach ($distributiongroup in get-mailbox $mailbox | Get-MailboxPermission | Where-Object {$_.User -like "DOMAIN\ACL_*" })
  $skipACL = 0
  #Get the distribution group and put the name in a useable format
  $distributiongroup=$distributiongroup.user.tostring()
  Write-Output "Found ACL $distributiongroup" >> $logfile
  # Check if this distribution group needs to be excluded and if it shouldn't be processed
  # then move onto the next ACL. This will stop FULL access being granted if the mailbox is
  # used for a non-standard purpose. See the start of this script
  # for where these are excluded (ExcludedACLArray)
  foreach ($ACL in $ExcludedACLArray )
  if ($distributiongroup -eq $ACL)
  $skipACL = 1
  Write-Output "ACL $distributiongroup is excluded so skipping mailbox " >> $logfile
  $totalmailboxesskipped = $totalmailboxesskipped + 1
  if ($skipACL -eq 0)
  # Get each user in this group and for each of them, add try to add them to full access permissions.
  foreach ($user in Get-DistributionGroupMember -identity $distributiongroup)
  # Get the user to try, convert to DOMAIN\USER to use shortly
  $user="DOMAIN\" + $user.alias.ToString()
  # Check to see if the user we have chosen from the ACL group already exists in the full access
  # permissions. If they do, set $userexists to 1, if they do not, leave $userexists set to 0.
  # Set $userexists to 0 as the default
  $userexists = 0
  foreach ($fullaccessuser in get-mailbox $mailbox | Get-MailboxPermission)
  # See if the user exists in the mailbox access list.
  # Change $fullaccessuser to a useable string (matching $user)
  $fullaccessuser=$fullaccessuser.user.tostring()
  if ($fullaccessuser -eq $user)
  $userexists=1
  # Break out of foreach if the user exists so we don't unnecessarily loop
  break
  # Now we know if the user needs to be added or not, so run code (if needed) to add
  # the user to full access permissions
  if ($userexists -eq 0)
  Add-MailboxPermission $mailbox –user $user –accessrights "FullAccess"
  Write-Output "Added $user " >> $logfile
  $changes = 1
  $totaladditionstomailboxes = $totaladditionstomailboxes + 1
  #Now repeat for other users in the ACL
  #if changes were 0, then log that no changes were made
  if ($changes -eq 0)
  Write-Output "No changes were made." >> $logfile
  Write-Output " " >> $logfile
  Write-Output " " >> $logfile
  Write-Output "---------------------------------------------------------------------------------" >> $logfile
  Write-Output " FINISHED ADDING PERMISSIONS" >> $logfile
  Write-Output "---------------------------------------------------------------------------------" >> $logfile
  Write-Output " " >> $logfile
  # The second part of this will REMOVE permissions from the mailbox, reading from an associated ACL.
  ## Check for all mailboxes where the type is SHARED. These are the only ones we would
  ## want to apply group mailbox permissions to.
  foreach ($mailbox in get-mailbox -resultsize "unlimited" | where-object {$_.RecipientTypeDetails -eq "SharedMailbox"})
  Write-Output " " >> $logfile
  Write-Output " " >> $logfile
  Write-Output "|-------------------------------------------------------" >> $logfile
  Write-Output "| MAILBOX REMOVALS : $mailbox " >> $logfile
  Write-Output "|-------------------------------------------------------" >> $logfile
  $mailbox=$mailbox.ExchangeGuid.ToString()
  #Declared $changes as 0. if this is set to 0 at the end of the mailbox job, we know no changes were made.
  $changes = 0
  # For the current mailbox, get a list of all users with FULLACCESS, and then for each of them
  # check if they exist in the ACL
  foreach ($fullaccessuser in get-mailbox $mailbox | Get-MailboxPermission | Where-Object {$_.Accessrights -like "FullAccess" })
  # Get the security identifier (SSID) of the FULLACCESS user to store for later.
  $fullaccessuserSSID=$fullaccessuser.user.SecurityIdentifier.ToString()
  $fullaccessuser=$fullaccessuser.User.ToString()
  #If user needs to be excluded then skip this bit
  #Users added or removed will only start with 07 (07$, 07T, so only run if the user starts with this.
  #This stops it trying to remove NT AUTHORITY\SELF and other System entries
  if ($fullaccessuser -like "DOMAIN\07*")
  # Set $userexists to be 0. if we find the use user needs to remain, then change it to 1.
  $userexists=0
  # Check if this user exists in the ACL, if not, remove.
  foreach ($distributiongroup in get-mailbox $mailbox | Get-MailboxPermission | Where-Object {$_.User -like "DOMAIN\ACL_*" })
  $distributiongroup=$distributiongroup.user.tostring()
  #Write-Output "Found associated distribution group $distributiongroup" >> $logfile
  # Get each user in this group and for each of them, See if it matches the user in the mailbox.
  foreach ($user in Get-DistributionGroupMember -identity $distributiongroup)
  # Get the user to try, convert to DOMAIN\USER to use shortly
  $userguid = $user.Guid.ToString()
  $user="DOMAIN\" + $user.alias.ToString()
  if ($fullaccessuser -eq $user)
  $userexists=1
  #we have found the user exists so no need to continue
  break
  # If userexists = 0, then they are NOT in the ACL, and should be removed from
  # the full access permissions. Run the code to remove them from full access.
  #CONVERT FULLACCESSUSER TO GUID AND REMOVE $FULLACCESSUSERGUID NOT $USERGUID
  if ($userexists -eq 0)
  Remove-MailboxPermission -Identity $mailbox –user $fullaccessuserSSID –accessrights "FullAccess" -Confirm:$false
  Write-Output "Removed $fullaccessuser " >> $logfile
  $changes = 1
  $totalremovalsfrommailboxes = $totalremovalsfrommailboxes + 1
  # if changes = 0, no changes were made to this mailbox, so log this fact.
  if ($changes -eq 0)
  Write-Output "No changes were made." >> $logfile
  #Put the time in a displayable format
  $endtime = Get-Date
  $runtime = $endtime - $starttime
  $runtime = $runtime.ToString()
  $runtime1 = $runtime.split(".")
  $totaltime = $runtime1[0]
  Write-Output " " >> $logfile
  Write-Output " " >> $logfile
  Write-Output "|-------------------------------------------------------------------------------------- " >> $logfile
  Write-Output "| SCRIPT COMPLETE : STATS " >> $logfile
  Write-Output "|-------------------------------------------------------------------------------------- " >> $logfile
  Write-Output "| Total Mailboxes Processed : $totalmailboxesprocessed " >> $logfile
  Write-Output "| Total Additions : $totaladditionstomailboxes " >> $logfile
  Write-Output "| Total Removals : $totalremovalsfrommailboxes " >> $logfile
  Write-Output "| Total Mailboxes Skipped due to ACL : $totalmailboxesskipped " >> $logfile
  Write-output "| Start time : $starttime ">> $logfile
  Write-output "| End time : $endtime ">> $logfile
  Write-Output "| **END OF RUN** - Elapsed time : $totaltime " >> $logfile
  Write-Output "|---------------------------------------------------------------------------------------" >> $logfile
  Write-Output " " >> $logfile

• Setting MS Access Permissions

  I have a MS Access 2013 web app hosted on the Microsoft Office Sharepoint 2013 site.  I want the team members to be able to add/modify/delete only within the web forms.  How do I set permissions so that other team members cannot delete or update
  the actual application and the application data outside of the web form?  What permissions should I use?  I tried to create a new group with custom permissions, for example group "XYZ".  When I tried to add permissions to group "XYZ",
  I was not given a choice of using the custom permissions that I set up.
  Thank you in advance.

  Hi,
  According to your post, my understanding is that you wanted to set Microsoft Access Permissions.
  If you already created an app and now you've decided you want your app to have unique permissions from the site where you created it, see Set
  permissions for an Access app on Office.com.
  More information:
  Set permissions on an Access Web App
  Set permissions for an Access App - SharePoint 2013
  Best Regards,
  Linda Li
  Linda Li
  TechNet Community Support

• Why I cannot modify the access permissions?

  On the Fedora8 OS I issue the follow command:
  [root@localhost local]#chmod o-r /usr/local
  [root@localhost ~]#chmod o+w /root/rar
  Then I check the privilege using GUI tool and I find the access permissions have not been changed.
  Why I cannot modify the access permissions as a root user?

  1) Is the underlying file system mounted as read-only? Not even root can overcome that.
  2) Perhaps the file has been marked as "immutable" by chattr(1)? What does
  # lsattr -d /usr/local/ /root/rar
  show? Without attributes, should see only dashes ("-").