Disc Utility always set wrong permissions of the startup disc

The permissions of the startup disc should be "drwxrwxr-t 39 root admin", right?
But everytime I repair my permissions with disc utility I get the (german) message:
Benutzer unterscheidet sich für ., Soll-Wert: 501, Ist-Wert: 0
Die Gruppe unterscheidet sich für ., Soll-Wert: 501, Ist-Wert: 80.
Die Zugriffsrechte unterscheiden sich für ., Soll-Wert: drwxr-xr-x , Ist-Wert: drwxrwxr-t .
And the permissions of the startup disc are set to:
drwxr-xr-x 39 Nomis101 Nomis101
(I've read that out with "$ ls -ld /")
Than I "repair" the permissions with "$ chmod 1775 /". And next time I use disc utility I have the same again.
I've repaired the permissions in single user mode, I've booted from the install DVD and reseted my ACLs, I've removed my ACLs. But nothing seems to help.
Sometimes I also have the issue that I cannot move any file on my desktop anymore or that I have suddenly no write permissions in the folder /Volumes/Macintosh HD
I suspect MacPorts 1.7 or Mercurial as the malefactor, because the issues accumulate after I've done something with MacPorts (or Mercurial). But I'am not sure with that.

{quote:title=V.K. wrote in another thread...:}If I'm not mistaken you told me once a while ago how to modify permissions database which seems to be required there.{quote}
Hmm, that's actually a bit of a tough one - Sorry, but I think it's beyond me.
My understanding of the permissions database consists of only what I have been able to piece together from tinkering, and while I have been able to edit individual entries and have "repair permissions" behave as expected with the edits, "/" is a bit different.
Basically, every time something is installed that results in an update to the permissions database, entries are added, i.e. the entry for a file isn't edited but rather a whole new entry is added. That applies to a given file in the update, as well as every folder on the path to that file. Since installations are pretty much all rooted in "/", that means a new entry for "/" is created every time any installer updates the receipt database, and other things may add entries as well -- I have 88 entries for "/" in there on my system. This does't display all of the entries, but a slightly more user-friendly way is to view most of them is to use:<pre>
pkgutil --file-info /</pre>
I haven't dug that deeply, but I don't know what determines which entry will be used during the actual permissions verification / repair operation (it's been a while but I seem to recall that it wasn't as simple a matter as "most recent", for example), so figuring out which one to edit might be a challenge.
And there are cases like "/" where there are entries in the database, but as you pointed out, that seem to be ignored when repairing of verifying permissions, and I have no idea what flags the system to ignore those.
Interestingly, of the 88 entries on my system, 83 call for "1775" permissions, but 5 of them (mostly "Safari" updates but also the "BaseSystem" package) actually say the permissions should be "1755"...
I think for the OP, the bigger issue is trying to figure out (and stopping) whatever it is that keeps wrecking security by changing the ownership to the user...

Similar Messages

  • DPM 2012 R2 UR4 - DPM could not set security permissions on the replica or recovery point volume that was created.

    Hi All,
    I am running a fresh install of SCDPM 2012 R2 with a protection group that is backing up the 'C:\', Bare Metal and System State of some VMs. If i add any additional servers to the group since the first creation it returns the following error: 
    Modify protection group: System State & Bare Metal Recovery failed:
    Error 419: DPM could not set security permissions on the replica or recovery point volume that was created.
    Error details: The process cannot access the file because it is being used by another process
    Recommended action: Review the error details, take appropriate action and retry the operation.
    If i re-create the whole protection group it works fine.
    Could any one advise any further diagnostics I can do to try and locate the reason behind not being able to modify the group after the first creation? I can add new servers to other PGs without any issues.
    Thanks in advance,
    Dan

    If you are protecting any of the system state/BMR protection. Can you stop protection by deleting the older recovery points and then recreate the protection group.
    This thread mentions this to be a hardware issue, albeit with less information on what exact hardware issue:
    https://social.technet.microsoft.com/Forums/en-US/480679c2-1079-4847-ab38-5cc8f454ef86/error-419-dpm-could-not-set-security-permissions-on-the-replica-or-recovery-point-volume-that-was?forum=dataprotectionmanager
    Regards, Trinadh [MSFT] This posting is provided AS IS with no warranties, and confers no rights. If you found the reply helpful, please MARK IT AS ANSWER. Looking for source of information for DPM? http://blogs.technet.com/b/dpm/ http://technet.microsoft.com/en-in/library/hh758173.aspx

  • Can I set public permissions for the Training Catalog?

    We want to have all users be able to get into the Training Catalog and self enroll. We have over 7,000 employees with no distribution list for all people. How do I set permissions for all employees to see the training catalog and self enroll?

    Ah, support strikes again. The Training catalog is not, and cannot be set to publicly viewable. This permission setting is only available to objects in the Content Library.
    If you go to the Training Tab and then Training Catalog you will see an option to Set Permissions for the Training Catalog. Select that and you will be able to add any individual or group from the list on the left to the list on the right to give them view permissions. There will be no "Make Publicly Viewable" option.
    If an individual is not listed in the right hand list (or a member of a group on the right hand list), then they will get the Not Authorized message.

  • Setting up permissions on the file server

    I am attempting to set up a file server with the OS X Server that came with my mac mini.
    I need to be able to set up permissions for 4 different users to be able to read and write, however with no permission to delete.
    I went to the MacMini section (on the left hand corner of the server app), then storage, and from there set up custom permissions
    I added the four users as a group.
    When I added the group to have access to the needed file, I clicked on the drop downs.
    I allowed all permissions for inheritance and reading. I selected all permissions for writting except for "delete" and "Delete subfolders and files"
    This give me a "-" sign next to write versus the check symbol (like it was shown for Read and Inheritance)
    After I set this up... I went to one of the users to test it out, it would not allow me to drop a file on the server or delete anything.
    How do I get this to work the way I want it!?!

    You can not do this with a single ACE.  Or at least I've never been able to.  This shoud resolve.
    Please make sure you test this however.  Remember that trying to overwrite is a delete and then a write.  So if you deny delete, then you can not replace a file or folder with one of the same name.  Also, renaming a file is also a delete.  You will not be able to rename.  Make sure you test this before putting into production to ensure you are getting the behavior you want.
    You have a share point named Archive.  You have a group called Archive_Users.  The Archive_Users are allowed to read and write but NOT delete data in the Archive.  Do do this, follow these steps:
    1:  Create a group called Archive_Users and place your users into the group.
    2:  Define your share point in File Sharing.
    3:  Edit to share point to add the group.  Press the + button and start typing the group name.  When it appears, set the permission to Read Write.  You permission window should have 4 entries at this point.  The everyone, the group (likely staff), and the owner (likely the server admin).  Then the one you added.  The bottom three are POSIX, the final one is an ACE.
    4:  Now, you need to get your hands dirty and create a custom ACE.  Server.app does not allow you to use the Deny rules so break out Terminal.
    5:  I will assume the Archive folder is in this path /Shares/Archive.  First get a list of the folder's ACL using:
    ls -le /Shares/Archive
    It should like like the following:
    drwxr-xr-x+ 2 carbon  wheel   68 Feb 18 22:27 Archive
    0: user:_spotlight inherited allow list,search,file_inherit,directory_inherit
    1: group:archive_users allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextat tr,writeextattr,readsecurity,file_inherit,directory_inherit
    6:  Now you must add your deny rule.  Use the following command:
    chmod +a# 2 "group:archive_users deny delete,file_inherit,directory_inherit" /Shares/Archive
    The syntax here is to add (+a) an ACE at index 2 (# 2), an ACE for the group archive_users that states the group can no delete any file or folder and this is inherited all the way down.
    7:  If you have content in the folder already, be sure to propagate the permissions.
    8:  Test, test, test.
    Remember, the deny rules can have some odd effects.  As mentioned, I can think of the renaming and the overwrite as possible deterrents.
    A possible alternative is to not give everyone read write access to the Archive. It might be more sane to define two groups.  The first groups, Archive_admins, is a subset of users who are entrusted with moving data to archived status.  The second group, Archive_users, is the rest of the team and they have read only access, allowing them to pull data but not edit the archive.  This allows you to use two simple ACEs in Server.app:  Archive_admin = read/write and Archive_users = read.
    R-
    Apple Consultants Network
    Apple Professional Services
    Author "Mavericks Server – Foundation Services" :: Exclusively available in Apple's iBooks Store

  • Appropriate permissions for the custom list

    Hi,
    Recently
    I have taken up SharePoint 2013 exam and I got bit confused for one of the question i.e.
    Case Study: Consolidated Messenger
    You are the lead architect developer and web administrator of SharePoint 2013 for your company.
    Consolidated Messenger is a national company with hundreds of franchises
    Consolidated Messenger sells franchises to franchisees. Franchisees have three user types
    User and its Role
    Franchise Manager- Response for managing the franchise
    Franchise Employee- Responsible for managing accounts and setting pick-up and drop-off locations for couriers
    Courier- Responsible for picking up and dropping off packages
    You need to set appropriate permissions for the franchise employees
    customer list and customer sub site access. What should you do?
    A) Add franchise employees to the Members group in the CorporateSiteCollection site collection.
    Break inheritance at the
    franchisee sub site level.
    Create a custom role definition at the
    franchisee sub site level.
    Add franchise employees to the custom role.
    B)
    Create a custom role definition in the CorporateSiteCollection site collection with the limited access to the customers list.
    Add franchise employees to the custom role at the CorporateSiteCollection site collection
    Break inheritance at the
    sub site level.
    Add franchise owners to the Owners group
    at the
    sub site level.
    C)
    Create a custom role definition in the CorporateSiteCollection site collection with the limited access to the customers list.
    Add franchise employees to the custom role.
    Add full inheritance of the role definition and permissions at the site level
    D) Add franchise employees to the Visitors group in the CorporateSiteCollection site collection.
    Break inheritance at the
    franchisee sub site level.
    Create a custom role definition at the
    sub site level with Full Control permissions.
    Add franchise employees to the custom role.
    I feel that both options B and C are applicable but I couldn’t come to conclusion.
    Please
    share your opinion the same.
    Regards,
    Sudheer
    Thanks & Regards, Sudheer

    @Naga, As per non disclosure agreement that you have signed / agreed with Microsoft, I think you should not share confidential exam questions or answers. That would amount to violation of NDA.
    Hope this helps!
    MCITP: SharePoint 2010 Administrator
    MCTS - MOSS 2007 Configuring, .NET 2.0
    | SharePoint Architect | Evangelist |
    http://www.sharepointdeveloper.in/
    http://ramakrishnaraja.blogspot.com/

  • Solaris 10 x86 setting wrong netmask at startup

    Hello
    one of our servers when it reboots set wrong netmask in the network interfaces;
    the network interfaces should have 255.255.255.240 as netmask but upon reboot they have 255.255.255.0.
    the /etc/netmask entries as
    subnet netmask
    let's say that my ip of one of the interfaces is 192.168.10.170
    in the netmask file i have
    192.168.10.160 255.255.255.240
    is there a problem that i set the subnet and not the network in the netmask file? can i create an /etc/subnetmask?
    is there a tool with dtrace that can determine why i cannot have the correct netmask at boot time.
    thank you in advance
    Mario G.

    Ach! I see that my first post had formatting problems. Never mind.
    What I wanted you to try is:
    ifconfig <interface> netmask + broadcast +rather thanifconfig <interface> netmask 255.255.255.240I think the plus characters were interpreted as formatting. Sorry for the confusing post.
    Darren

  • How to set file permissions for SFTP uploaded file?

    Hello,
    is it possible to set file permissions with the SDK for files uploaded via SFTP transfer? I use the default sample plugin ftp_upload.lrdevplugin to transfer the files, but would like to tweak it to set the uploaded file(s) to permission 644 (rw-,r--,r--) on Linux server. Currently the server sets new file(s) by default to 600 (rw-,---,---).
    I am looking for an option to do the "chmod" directly from Lightroom without doing any modificatios in general to default umask, etc. settings on the server. No real UI is needed for this. Just hardcoded setting for 644 in the .lua.
    So far I've been unsuccesful in finding the way. Googled, read this forum, looked at the API. Maybe I just missed it, or does this functionality exist?
    All advice is appreciated!
    Cheers,
    Timo

    Niel's suggestion is good. You might also try posting your question in the Tiger Server forums. I'm sure Tiger Server has several ways of dealing with this.

  • Error DF024 stops Dreamweaver CC from installing - needs correct permissions to the spec. File/folder (Win7) How?

    Dreamweaver CC won't install past 82%. It says - Error DF024. Try Setting correct permissions to the specified file/folder or parent folder so that administrator has rights to modify it.(seq170) How do I do this in Windows7?

    Additionally you may also try installing in hidden admin account: http://www.howtogeek.com/howto/windows-vista/enable-the-hidden-administrator-account-on-wi ndows-vista/.
    Regards,
    Romit Sinha

  • When I repair disk permissions using Disk Utility and it says it's completed the task, I click on it again and it repairs more. This has been going on for hours now. Could there be that many wrong permissions? Should it get to "all repaired" eventually?

    When I repair disk permissions using Disk Utility and it says it's completed the task, I click on it again and it repairs more. This has been going on for hours now. Could there be that many wrong permissions? Should it get to "all repaired" eventually?

    It's normal behavior. You don't have to worry about. Most of what's listed is just a report of what the utility finds., not necessarily that there is omething wrong.
    If you want to find out more, read the link below, or see the More Like This links on this page.
    http://support.apple.com/kb/TS1448?viewlocale=en_US

  • The last ship, season 2, ep 5 is not working - wrong permissions have been set to the episode

    I can watch every other episode apart from this one, I know some access rights/permissions are set wrong atm for this episode because I get a different message on the right hand side of the screen it says "You will need to be a Sky TV customer with the relevant pack to watch this programme."  Also something else is wrong with the title, the webpage shows it as "The Last Ship The Last Ship Series 2 Ep 5 Last Ship, The 5" . Sky1 - 1st Broadcast = Aug 2nd 2015 - Available for 29 days - Availability = Free

    Seriously. I called up yesterday and nothing!!Common+man+-+common+sense wrote:
    This has clearly been known about for a week now, so when are you going to get it sorted Sky? 

  • I must have a setting wrong on PSE 10.  When I use selection tool and select color, it is always blue.  What am I doing wrong?

    I must have a setting wrong on PSE 10.  When I want to fill a selection with color, I choose the color but it always comes up blue.  What am I doing wrong?

    What IP address does the TC have and what IP does the computer have?
    We need more info as we really have no idea what your network looks like.
    Modem router, model, type of broadband?
    TC setup as bridge or router?
    Is the computer getting internet via the TC?
    Are you using wireless or ethernet?
    Have you set IPv6 correctly to local link in the computer on whichever network client is doing the connection?
    Did this work the first time for backup and has now failed? If so simply reboot the TC. It is a constant bug that the TC is lost to the network.

  • Setting the permissions to the personal folder in KM

    Hi steffi,
    I have created the KM iview using the path  /~alias~/userhome/<user.id>/Personal Documents and i have assigned to one custom role  and the newly created folder is visible to only the particular loggedin user.
    Now my requirement is Folder which is created for the user in the userhome should have only the read the permissions, only the admin should have full control access.
    I have set the Read permissions to the Userhome folder but it didnt worked.
    Can you please help me to fix this.........??
    REgards,
    Mahesh

    Hi Steffi,
    Thanks for the reply. Only Admin will create the folders not the users.
    Inorder to achieve that i have created the KM Navigation iview using the path "/~alias~/userhome/<user.id>/"  and assigned to one custom role.
    I have loggedin as a admin and created two custom folders in path KM Content-->userhome--><user.id>, and that reflecting correctly when i loggedin as a user but they are displaying with full Access.
    I tried to the change the permissions of the custom folders which are created inside the Userhome, but they are in the disable mode i am unable to change the permissions.Please find the below screen shot.
    When the user loggedin for the time he should only have the read access, Can you please tell me where do i need to change.
    Please correct me if i am wrong.....

  • I couldn't save to an external HD because the clock was set wrong. Why?????

    Here's a strange situation.
    I wanted to copy files from an eMac (running 10.5.8) to an external drive (WD Elements 2TB). It's a hard drive I normally use on my other computer (iMac), including for Time Machine, with no problems. When I connected the drive to the eMac and tried copying a file to it, it told me there was no space. In fact it told me that the total space on the drive was zero. I did some checking (hooking it back up to the iMac, running Disk Utility) and everything was fine, with 1.5 TB available.
    I then noticed that the clock on the eMac said it was the year 1970. I switched off "set Time Automatically" (I wasn't connected to the internet) and set the time manually. Then suddenly the space on the external drive showed up correctly, and everything was fine again.
    Any ideas why having the wrong time on the computer would keep a external drive from showing the correct amount of space???

    Appears that the eMac's battery is going south. That causes all kinds of issues. http://support.apple.com/kb/ht3005 and http://support.apple.com/kb/ht2295 should have what you need.

  • Archive utility not setting permissions

    Hi All,
    I am hopeing someone can help me out with this wierd issue I am having.
    For some reason now when I expand zip files with the archive tool it creates files with no permissions.
    ----------  1 dalupus  staff     10805 Aug 25 19:27 1356724322803Log.txt
    Is there an option somewhere to tell the archiver what permissions to give files when expanding them?
    My understanding was that it was supposed to set correct permissions when expanding the files.
    Thanks,
    Mike

    If you launch archive utility,
    Go to Preferences:
    Change the "Save Expanded Files" Path to anything other than the default.
    Attempt an unarchive.
    Verify the zip file unarchived, then change the setting back to your preference.
    File / Exit
    Launch again to test.
    This solved the issue for me.
    My files were clearly unarchiving based on the disk and CPU utilization stats, but not saving to the same folder location.
    Not searchable via finder either.
    Now they work fine.

  • Hi.  I'm trying to set-up the wireless access times in my Airport Utility.  I need to enter the "Description" and the "MAC Address" of each wireless client before I assign access times. What are these?  Thanks.

    Hi.  I'm trying to set-up the wireless access times in my Airport Utility.  I need to enter the "Description" and the "MAC Address" of each wireless client before I assign access times. What are these?  Thanks.

    Let's say that an iPhone is one of the wireless clients that you want to allow access to the network.
    The Description of this device is anything that you want to specify for easy identification purposes. For example, the Description might be something like......
    Rex's iPhone
    The MAC Address, also known as a Wi-Fi Address is  a unique indentifiction number that is assigned to every device. The number will always follow this form:
    xx : xx : xx : xx : xx : xx, where "x" could be a number or letter.
    To find the MAC Address or Wi-Fi Address of an iPhone or iPad.....
    On the Home screen.....
    Tap Settings
    Tap General
    Tap About
    Wi-Fi Address is the item that you want
    If you have a Mac computer......you can find the MAC Address or Wi-Fi Address as follows:
    Open System Preferences (gear icon on the dock)
    Open Network
    Click on Wi-Fi on the left
    Click Advanced at the lower right
    The Wi-Fi Address for the Mac is located at the bottom of the window
    Other wireless devices usually have the MAC Address or Wi-Fi Address on the label on the back or bottom of the device

Maybe you are looking for