Changing permission on "Everyone" group on "Users" folder to "No Access"

Similar Messages

• RDBMSRealm, everyone group, guest user

  Hi folks, I'm having some fun with the rdbms realm lately and have a few
  questions.
  We're using the RDBMSRealm example with form based auth under WLS 5.1 SP 9 and
  have the following in web.xml
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>All Pages</web-resource-name>
       <description>These pages are only accessible by all authorised xyz users.</description>
  <url-pattern>*</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <description>These are the roles that have access</description>
  <role-name>
  xyz
  </role-name>
  </auth-constraint>
  </security-constraint>
  <security-role>
  <description>All application users</description>
  <role-name>
  xyz
  </role-name>
  </security-role>
  which basically says that every page in the web-app requires a user to be in the
  xyz role and does seem to work fine.
  Now, what I'd like to do is to allow everyone to access one particular page
  within the application (that is, this page does not require the xyz role). So
  something like the following would be great.
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>Some Particular Page</web-resource-name>
       <description>This page is accessible to everyeone.</description>
  <url-pattern>/particular/page.jsp</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <description>everyone can get at this page.</description>
  <role-name>everyone</role-name>
  </auth-constraint>
  </security-constraint>
  However, this doesn't seem to work, I get redirected to the form based login
  page and once I've logged in can get to the page that I'm hoping shouldn't
  require a logged in user.
  So I'm wondering about the xml syntax and semantics.
  - What are the rules around specific and general mappings, like will a
  more specific mapping be used before falling back to the general mapping?
  - Are the mappings applied in order (first to last) and the first match
  taken?
  - Are the rules according to section 10 of the servlet spec applicable here?
  Now my problem might also be the RDBMSRealm its self -- I'm also having some
  problems with the everyone group and the guest user. If I remove the first
  constraint above and only include the /particular/page.jsp constraint to the
  everyone group things still don't seem to work right.
  I can see the realm call getGroup("everyone") and getUser("guest) but both
  calls return null, since these principals are not in our database
  tables. However, if I hit http://localhost:7001/AdminRealm I do see a list of
  all groups that our RDBMSRealm knows about and I also see the everyone group
  which contains system and guest users and so I have more questions.
  - Does CachingRealm fall back to the standard properties realm if it gets nulls
  from the RDBMSDelegate?
  - Does the everyone group include unauthenticated users (i.e. guest) as I'm
  hoping?
  I've tried adding an instance of weblogic.security.acl.Everyone to my
  RDBMSDelegate class and checking if the call to getGroup is looking for
  "everyone" in which case I return this instance but this doesn't seem to do
  anything either. I also tried adding this everyone group to the list returned
  by getGroups but that didn't help and I carried the idea through to getUser and
  getUsers with a guest user but again no luck. I'm always forced to authenticate
  before I can get to the page that should allow anyone (everyone) to see it.
  Any help, ideas, advice, beer, etc. would be much appreciated!
  Thanks,
  Derek

  THorner <[email protected]> writes:
  RDBMSRealm, everyone group, guest user
  Update-I've got it working.
  AS well as the isMember change mentioned below I altered getPrincipal
  for both the RDBMSRealm class
  if(name.equals("guest")){return createUser("guest","guest");}
  if(name.equals("everyone")){return new Everyone(this);}
  and RDBMSDelegate
  if(name.equals("guest")){return realm.createUser("guest","guest");}
  if(name.equals("everyone")){return new
  weblogic.security.acl.Everyone(realm);}
  did something to RDBMSUser so that guest always authenticates
  (alternatively you could put the guest user on the database, surely?)I did see various examples of the guest and everyone additions to the realm
  code, but I also read some stuff that indicated that if the rdbms realm returns
  null for these requests then the caching realm should fall back to the standard
  properties realm which does have the guest user and everyone group defined.
  With the debugging turned on this does seem to be what it does and the
  guest/everyone code doesn't seem to be needed. I also checked the
  http://localhost:7001/AdminRealm servlet and did see the everyone group with
  system and guest users as part of it.
  >
  Allow guest access to the file servlet (otherwise they can't be sent any
  HTML pages - my best guess would be that this is your problem).This was probably part of the problem, judging by the messages from the realm
  debugging.
  Also I altered weblogicURL.policy to allow 'everyone' access to the page
  that was to be unrestricted - so I guess you should set
  I hope this helps, if not (and you haven't already) turn on RDBMSRealm
  debugging - eventually I found the information useful (in that it tends
  to tell you what it has last been looking for, and the methods used)In the end, I found that specifying that the everyone group is required for a
  particular resource didn't seem to work. Instead I protected the majority of my
  application with a set of rules and left all other pages without any matching
  rules and the guest user then seems to work ok.
  The servlet 2.3 spec has an addition to the <role-name> tag which allows a * to
  indicate all roles but this isn't in the 2.2 spec.
  Thanks for the help!
  Cheers,
  Derek
  >
  terry
  -----Original Message-----
  From: THorner
  I am working on something similar (although not in a war),
  which isn't working yet, but I can tell you a couple of
  things that I have come across.
  -----Original Message-----
  From: [email protected]
  [mailto:[email protected]]On Behalf Of Derek
  Scherger
  Posted At: Mon 04 June 2001 22:13
  Posted To: weblogic.developer.interest.security
  Conversation: RDBMSRealm, everyone group, guest user
  Subject: RDBMSRealm, everyone group, guest user
  Hi folks, I'm having some fun with the rdbms realm lately and
  have a few
  questions.
  We're using the RDBMSRealm example with form based auth under
  WLS 5.1 SP 9 and
  have the following in web.xml
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>All Pages</web-resource-name>
       <description>These pages are only accessible by all
  authorised xyz users.</description>
  <url-pattern>*</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <description>These are the roles that have
  access</description>
  <role-name>
  xyz
  </role-name>
  </auth-constraint>
  </security-constraint>
  <security-role>
  <description>All application users</description>
  <role-name>
  xyz
  </role-name>
  </security-role>
  which basically says that every page in the web-app requires
  a user to be in the
  xyz role and does seem to work fine.
  Now, what I'd like to do is to allow everyone to access one
  particular page
  within the application (that is, this page does not require
  the xyz role). So
  something like the following would be great.
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>Some Particular Page</web-resource-name>
       <description>This page is accessible to
  everyeone.</description>
  <url-pattern>/particular/page.jsp</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <description>everyone can get at this page.</description>
  <role-name>everyone</role-name>
  </auth-constraint>
  </security-constraint>
  However, this doesn't seem to work, I get redirected to the
  form based login
  page and once I've logged in can get to the page that I'm
  hoping shouldn't
  require a logged in user.
  So I'm wondering about the xml syntax and semantics.
  - What are the rules around specific and general mappings, like will a
  more specific mapping be used before falling back to the
  general mapping?
  - Are the mappings applied in order (first to last) and the
  first match
  taken?
  - Are the rules according to section 10 of the servlet spec
  applicable here?
  Now my problem might also be the RDBMSRealm its self -- I'm
  also having some
  problems with the everyone group and the guest user. If I
  remove the first
  constraint above and only include the /particular/page.jsp
  constraint to the
  everyone group things still don't seem to work right.
  I can see the realm call getGroup("everyone") and
  getUser("guest) but both
  calls return null, since these principals are not in our database
  tables. However, if I hit http://localhost:7001/AdminRealm I
  do see a list of
  all groups that our RDBMSRealm knows about and I also see the
  everyone group
  which contains system and guest users and so I have more questions.
  - Does CachingRealm fall back to the standard properties
  realm if it gets nulls
  from the RDBMSDelegate?
  - Does the everyone group include unauthenticated users (i.e.
  guest) as I'm
  hoping?
  I've tried adding an instance of weblogic.security.acl.Everyone to my
  RDBMSDelegate class and checking if the call to getGroup is
  looking for
  "everyone" in which case I return this instance but this
  doesn't seem to do
  anything either. I also tried adding this everyone group to
  the list returned
  by getGroups but that didn't help and I carried the idea
  through to getUser and
  getUsers with a guest user but again no luck. I'm always
  forced to authenticate
  before I can get to the page that should allow anyone
  (everyone) to see it.
  Any help, ideas, advice, beer, etc. would be much appreciated!
  Thanks,
  Derek

• Everyone Except External users are unable to access the subsites

  We have a SharePoint online site, in which we have given read permissions to
  Everyone Except External Users in the parent site. Now, the users are able to access the parent site. But for sub sites, we have stopped inheriting permissions from the parent site and have given read permissions to Everyone Except External Users in
  sub sites as well. But users are unable to access the sub sites. They are getting access denied message.
  Can any one help me to resolve the problem?
  Thanks in advance!
  Anjani.

  Hi,
  Please check below links. They encountered similar issues and they had some assets (Page Layout or master page) checked out by users in sub site due to which users with read permission could not access.
  http://sharepoint.stackexchange.com/questions/75263/user-has-correct-permissions-for-subsite-but-access-is-denied
  http://sharepoint.stackexchange.com/questions/90478/prevent-access-denied-error-for-domain-users
  Hope it helps!
  Thanks,
  Avni Bhatt
  If this helped you resolve your issue, please mark it Answered

• Groups of users and application level access

  Hello,
  just to be sure that I got it right.
  If I have a single workspace and I want to have two distinct applications, where the users of one application do not access the other one and vice versa, should I manage the access on a page by page basis, using two different authorization schemes made up of PL/SQL functions checking user's group membership?
  I believe there is no way to specify an authorization scheme for a whole application, isn't it?
  Thanks,
  Flavio

  Scott,
  if I am not wrong, the checks you suggest to include require an authorization scheme applied once per page view.
  I wrote the following function as authorization logic:
  if :APP_USER is not null and
  upper(:APP_USER) not in ('NOBODY','PUBLIC_USER','HTMLDB_PUBLIC_USER')
  then
  return nvl(htmldb_util.current_user_in_group('PROMO'),false);
  else
  return true;
  end if;
  This works fine only if I specifiy "once per page view" in the "validate" property.
  If I choose "once per session", any authenticated user can enter the application, no matter what the user group is.
  Given this scenario, do you think it is still possible in some way to use the authorization scheme on a per-session basis?
  Bye,
  Flavio

• Change permission for resource programmatically

  Hello, All.
  In the post Change the permissions for everyone group in a folder with a java program there is good example of java code for changing permission(thanks to Prakash Singh).
  I need to execute code like that immediately after user saves (upload or simply create new) resource in KM folder. What java-class should I extend to perform the action automatically?
  bestRegards

  Hi Roman,
  you will have to implement a repository service for that, registering for the creation of a document. Search the forum for "Repository Service", you'll: (a) find many helping entries, (b) see that it's not that easy (but once you got it, you'll love it).
  Hope it helps
  Detlev

• Open Default User Folder

  Hi
  I have created a Folder named UserDocs to which everyone has read access.
  Under that Folder i have created UserA and UserB Folders.
  Only UserA has access to userA Folder.
  Only UserB has access to userB Folder.
  Now i am using KM Navigation iview to show the documents in these folders to UserA and UserB.
  When UserA accesses the iView he can see the Folder userA
  When UserB accesses the iView he can see the Folder userB
  As Users dont want to open their Folders and then see the documents,what i need is
  when UserA access the iView he should directly see the Documents inside the
  userA Folder.
  when UserB access the iView he should directly see the Documents inside the
  userB Folder.
  Can we have a setting by which the Folder can be opened by default ?
  Regards
  Rajendra

  Hello Rajendra,
  The requirement you have mentioned is possible and I tried it out myself
  I have the following folder hirarchy under KM
  root/documents/Users Documents/
  Under the Users Documents folder I have directories with the user name so if a user is ronald then the directory is named ronald.
  After that I created a KM navigation iview with the following as the dir path  - /alias/documents/User Documents/<user.id>/ and it works.
  Thanks,
  GLM

• Can I force OS X to recognize a different folder as a user folder?

  I have a SSD and to utilize it the way I want on my MacBook Pro I have some of my user folders on my HDD and some on my SDD. The User folder is located on my HDD with a few of the folders such as Pictures set up as shortcut to the SDD folder. Of course because this is not located in the User folder itself, it is not recognized as being one of the folders that should get a special graphic. I changed the icon itself, but in the finder siderbar it still shows up as a regular folder.
  Is there a way in terminal to change the recognition of a specific user folder to another?

  There is a way to move your user folder to another volume, but there are potential dangers and problems with doing that. For example, if something were to happen to that external hard drive, it would render your computer unusable unless you have other users whose folders are not on that hard drive.
  I don't advise doing this, especially not if the only reason you have for doing so is to get a special icon on the Pictures folder on an external drive! Just store your data on the external drive and don't worry about whether it's in an "official" user folder or not.
  However, if you're dead-set on doing this, here's how:
  http://reviews.cnet.com/8301-13727_7-57365307-263/moving-your-home-folder-in-os- x/

• Any ideas on restriciting users/groups of users to data

  I am most certain someone has worked in this before and will have a quick solution for me.
  I have an interactive report which gets displayed based on entries in a table.
  What I want to do is ensure that the user logged in only has access to a subset of that data
  based on who he or she is. For example.
  1) I want a couple users to have read access only to everything
  2) I want a couple of users to have read/write access to everything
  3) I want some users/groups of users to have read/write access to the data based upon a statement.
  select blah blah from table where ColA=somevalue or multiple values.
  4) I want some users/groups of users to have read access ONLY to the data based upon a statement.
  select blah blah from table where ColA=somevalue or multiple values.
  Thanks in advance,
  Mike

  You can also use Authorization Scheme's, Apex UserID's, Apex Groups, to limit access to fields, columns, rows, buttons, pages... basically any object.
  For instance you might have a 'Mgmt' group with more rights than public users or authenticated users (seing more detail in a report) , and an 'HR' group with more rights still (seeing all the fields in a report).
  Let me know if you need examples... I've implemented this successfully based on examples I've found posted.
  Rich

• How to implement Oracle user/role security with Access front end?

  Hi,
  We have successfully migrated our Access database tables to Oracle 10g using SQL developer. We've recreated all the users and roles(i.e., access groups) in Oracle and granted rights to tables.
  In the Access front end database, in the Database window we have saved linked Oracle tables which replaced the Access tables. The forms, reports, queries run fine with the linked Oracle tables. All the linked table use one ODBC DSN to the Oracle database with the same Oracle user id.
  We need to be able to authenticate users into the Oracle database and RE-link the tables based on their own unique user id. By during so we can allow users to use the Oracle standard user id/role and system privileges to control select, update, ect. rights to the database.
  I've been able to use the VB code within Access to logon into the database with a unique id, but I have not been able to find out how to RE-link the tables to the unique user id using VB. There should be some way to relink tables dynamically, based on users login into the Access front end.
  I don't know a great deal about Access projects, but I do know with SQL server allows login into your Access project and link tables dynamically.
  Can someone give me some assistance or point me in the right direction?
  Thanks in advance,
  Larry

  We had one of our programmers here come up with a VB code solution for re-linking table within Access. However the relinking takes 3-4 minutes for 100+ tables.
  In an effort to help you understand the situation better, I will attempt to elaborate on the problem:
  We have an Access 2003 application which currently has a front end using Access(forms, reports, queries, & VB code) and a MS Access 2003 backend.
  We have migrated the backend tables to Oracle. However, we still have a need to maintain the front end in Access, since we have over 60 forms, 40 reports, 200+ queries in Access. Its easy to understand, we have a significant investment in the front end(Obviously, the plan is to migrate the front end also at some future date).
  In order to utilized the existing front end, we have to validate and modify the current front end connections to the new Oracle backend. One of the features of Access is that you can "link" tables and save the link for runtime. Each Access table can have its own link which is a separate ODBC/JET connection. As such, each separate link has its own userid/database information.
  The other issue with using the Access front-end is that Access utilizes a workgroup file to implement user and group security. The workgroup file contains all the users and which groups the users belong to in Access. Then within Access, you allow users access to object(tables, queries, ect) by their userid and or group. When users open an Access database with Access security enabled, they are required to log into Access. The login is authenticated by the workgroup file. Once, logged into Access, users have rights to Access objects based on their rights granted to their userid and groups they belong. The problem here is that when you remove the linked Access tables and replace them with linked Oracle tables, Access has knowledge about Oracle table rights granted to users; nor would you expect it to.
  The dilema is the disconnect between Access and the fact Oracle utilizes a similar but much more sophisticated security model. It creates users and roles(which are similar to Access groups), and again this is independent of Access security.
  Our solution was to still use the Access workgroup file security along with the Oracle security model. By using the Access userid and then creating a similar Oracle userid with similar table rights granted in Access, you could apply security within Access and also with the Oracle database.
  For example, a user BOB logs into Access via the workgroup file, using VB code, Access then establishes a Oracle connection logining into Oracle using the same unique userid BOB into Oracle.
  After connecting and validating user BOB into Oracle, then the Access tables are relinked to Oracle using the user BOB userid and table rights.
  This Oracle userid has been granted table rights specific for this userid.This allows the user BOB to use the Access application and still be authenticated into the Oracle database.
  The problem with this solution is that the relinking of the saved Access tables takes 3-7 minutes for about 100+ tables. This is not acceptable for users each time they log into the application.
  Our current alternative is to use one Oracle userid to login each user, and use Access form restrictions/security to allow/prevent users from updating/viewing data. Obviously, this is not the optimal solution in respect to security, but it at least allows us to control access to the data(via the forms) by using one logon required for each user, and quick startup time for the application.
  I understand SQL server does a better job in integration, but we use Oracle which is what I am trying to work with.
  Larry

• Damaged SSD, need to delete user folder - permission denied

  Hi everyone, this is my first post.
  I have installed SL onto my Kingston ssdnow v100 128GB solid-state drive (SSD) and used it as my primary OS drive along side of optibay in my first generation Macbook Pro Core Duo 2.0.
  It has been funcioning perfectly until 2 months ago: my laptop would idel at the grey startup screen after a cold start with the progress indicator (circular) running indefinetly. The system files were being loaded but the process never completes. I reinstalled SL fresh a few times, all successfully, but the problem would return the next morning when switched on from cold. Traditional SATA drive was used and did not cause this problem.
  I have decided that it was a SSD failure and have arranged it to be sent back to the seller.
  SO here is the PROBLEM:
  I wish to delete only the USER FOLDER while preserving  system files on the SSD drive, so that when the seller tests it he is able to pick up the problem. If I format the entire drive, the seller may not pick up the fault as the drive would install OS fine and appear functional.
  So I connected the SSD drive via USB to my other MBP, the Finder pops up and  tells me that the SSD drive can not be repaired but can be READ to recover my files. I then try to drag my USER FOLDER to trash but a Finder message pops up and say: It can not be deleted. The info window showed that all listed users are greyed out and clicking on the permission (read & write & read and write) did not bring up any options, just as if you can not click it. I have unlocked the info window to allow changes using admin password.
  Is there anyway (maybe via Terminal.app) that I can override file permission and allow me to delete this USER FOLDER that is on the SSD drive?
  Thank you for answering.

  Hi there! Welcome to the Apple comminity.
  In Terminal, this is how you override something: Add "sudo " before your command. Here's an example:
  sudo rm -Rf /Volumes/SSDdrive/Users/*
  It will then prompt you for a password (if you are an administrator on your computer). Good luck!
  Cheers.

• Users added to Profile Manager not showing up in everyone group

  So profile manager was working quite well until I made a change to the workgroup group.
  I removed the password policy from the workgroup group and added a new group for the password policy so we could essentially still manage non user assigned iOS devices.
  Now when I add a new user to the workgroup group on the server I have them login to the mydevices site so we can enroll the device and they can login but are immediately presented with:
  "You do not have permission to access the page you were looking for. Contact your system administrator."
  In troubleshooting the issue I noticed that new users being added are not showing up the in the everyone group which is preventing the users from having proper access. Prior to all this I could add a user and they would show up in everyone as intended.
  Any thoughts?

  I'm not sure if this is the same issue, but I have a user in Server.app that is not showing up in Users group. She is listed in her sub-group, but I cannot add devices to her account. When I click on the arrow next to her name in the sub-group, it takes me to the Users list to the top user.
  Any thoughts?

• Changing user folder permissions

  My wife and I both have admin accounts on my computer. I want to be able to easily transfer files from my user folder to hers without running into permissions problems. For example, I may want to take a photo from my Pictures folder and drop it in her Pictures folder. I can't do that because access is blocked to everyone but her. It's irritating to have to drop the file on a neutral ground, log in to her account, and take the file and put it in her folder. I logged in as root and tried to change the permissions by giving admin group read and write privileges but it gives an error of -60002 if I try that. I can't change the permissions while not logged in as root since the option is greyed out. Any ideas? I don't care one bit about "compromising security".

  Hi Xeep,
  Error -60002 is "The authorization parameter is invalid".
  From your account, have you first tried changing the Owner to yu, then the Group to admin, then the owner back to her?
  Or better yet, try BatChMod...
  http://www.macchampion.com/index.shtml

• Changes to the public group membership cannot be saved. You do not have sufficient permission to perform this operation on this object.

  We have an existing Hybrid Setup
  On-Premise Exchange Version: Exchange 2010 SP3 RU1
  Users are being migrated to Exchange Online every day.
  We've read online that Distribution Group and Public Folder permissions and memberships cannot be modified by Exchange Online users, until and unless all DG and PFs are moved to Exchange online.
  I'd like to confirm the above part.
  -Tushar Shah

  Hello,
  These migrated users who are owners of the distribution group can't manage it in Microsoft Exchange Online, if you want to manage the distribution group, the distribution group owners need to use on-premises tools for Exchange Server such as the following:
  EMC and EMS, and then we need directory synchronization or other tools to sync the changes to Office 365.
  Even though all DG and PFs are moved to Exchange online, I'm afraid that we still need on-premises tools for Exchange Server :EMC and EMS.
  If you have any feedback on our support, please click
  here
  Cara Chen
  TechNet Community Support

• New user automount of RAID in ~/data, group rights in folder?

  Hello,
  for a group of friends, I'm setting up a server for SFTP, amongst other services. Each user gets an own partition on the RAID5 mounted in ~/privat, which I can update manually in fstab. I also want them to have access to the big shared partition under ~/data.
  Is there a way to automate this mount when creating a user?
  The second question is regarding the rights within the big partition. I want every user to be able to write on the partition and also read/copy the content of the other users. Shall I introduce a new group or can I use the group 'disk'? The wiki suggests not to use the group 'disk'  with systemd.
  Help would be very much appreciated

  Thank you for the answer. I'm not used to getting answers on Arch Forum, so I didn't look right away.
  It's not my intention to let them have access with disktools.
  $ ls -l /dev/md0p14
  brw-rw---- 1 root disk 259, 13 16. Mai 19:30 /dev/md0p14
  The users have their own partition on the RAID which is their own and I will not mess with that, I just mount it to their ~/privat.
  I want the privat partitions to be privat and the big partition to be public for all users. The users won't get an own section in the public folder.
  Just to clarify whether I understood it correctly.
  I make a group 'friends' and add every user to this group. Then I mount the big partition to e.g. /srv/friends and bind mount /srv/friends again to each users ~/data. Thus, when someone uploads something he can r/w his own data and read everything else, but how can I ensure that all written data gets a 755 or comparable rights? As long as the user is in the 'friends' group, he automatically sets the right permissions? Isn't it user:users rather than user:friends ?
  I see the advantage of the group and user right management under Unices, but it's still quite confusing sometimes.
  EDIT: So I have to
  chown -R :friends /srv/friends
  to ensure these rights?
  EDIT2: I tried this approach and changed ownership from root:friends to me:friends and for testing to friend:friends. When 'root' or 'friend' is owner of the foldertree 'me' can't cp or mkdir within this tree. So I have to set 777 permissions and how do I guarantee al copied content gets the same permissions?
  Last edited by mieLouk (2013-05-18 11:34:11)

• Users folder permission

  My friend was updating her macbook, she said she was doing an update for Microsoft office. Upon reboot it will hang at a blue screen. I can't even get it to go into safe mode. Anyways, I didn't want to mess around with it, I wanted to get her files off of the hdd since she does not have any backups.
  I put a spare hard drive I have laying around, installed OSX 10.6 and put the old hard drive into an external enclosure. I can see the drive and browse it but when it comes time to go into her actual folder under the "Users" folder, there is a red circle with a line through it. It'll say something about I don't have permission to view content. I tried changing the permissions through the folder info and once I do I can go in her folder but its blank.
  I've been searching around and I have read through many threads and I don't know what else I can try.
  I need some guidance.

  WZZZ,
  Sorry I actually marked the wrong one by mistake. I was able to view the files inside by resetting the home folder permissions using the information you posted.
  Thanks again!
  Try resetting the home folder Permissions.
  Boot from the Mac OS X Install Disc:
  Insert the disc.
  Shut down the computer.
  Turn it on again whilst holding down the C key.
  You can let go when you see a spinning dial.
  Click through the menus until you after you’ve accepted a license agreement.
  Snow Leopard: At the top, click Utilities -> Reset Password.
  Lion: At the top, click Utilities -> Terminal. Type resetpassword in the Terminal and press Enter.
  Click on your main hard drive.
  In the dropdown box under “Select the user account” make sure to select your username.
  Underneath where it says “Reset Home Directory Permissions and ACLs”, click the Reset button.
  Press cmd + Q to Quit the Reset Password application. Press it again if you have a Terminal open.
  Click Mac OS X Installer in the top left and click Quit Mac OS X Installer.
  Click the Startup Disk button.
  Click on your main hard drive and click the Restart button.