Editing ACLs to add system-level users
So, I'd like to edit the permissions on a file to match another file. The ACL for the other file includes users such as system and wheel. The one I need to edit does not, and I can find no way to edit this to add anything other than user-level users. What the heck? This was no problem in Tiger, yet in Leopard I have no way of modifying the permissions properly. What gives? How do I add users from the entirety of the system, not just the upper-level fluff?
Message was edited by: Noble Brown
I'm trying to copy over a system file from another machine to replace one that I believe is corrupted. However, doing this in the user space messes up the permissions, removing the system user and adding the active user account. Trying an mv in the Terminal was met with little success as well and it didn't even move the darn file. Using the "get info" window to check the ACL shows the user account, wheel, and everyone. I need to delete the user account and add system, but neither appear to be possible from the Finder, which is ridiculous. This is a grotesque downgrade from Tiger's permissions settings which, although a bit crude, were just fine for this kind of thing. Now it's a better interface, but one that's been severely limited.
Similar Messages
-
Setting system level deployment.user.cachedir in deployment.config
G'day,
I've been experimenting with JRE 1.5.0_04 on Windows XP.
By default deployment.user.cachedir is set to <user home>\Application Data\Sun\Java\Deployment\cache. However, I want it to be <user home>\Local Settings\Application Data\Sun\Java\Deployment\cache.
I have managed this as follows.
C:\Windows\Sun\Java\Deployment\deployment.config contains:
deployment.system.config=file\:C\:/WINDOWS/Sun/Java/Deployment/deployment.propertiesand C:\Windows\Sun\Java\Deployment\deployment.properties contains:
deployment.user.cachedir=$USER_HOME\\..\\..\\..\\..\\Local Settings\\Application Data\\Sun\\Java\\Deployment\\cacheThis works but is ugly. The problem is that $USER_HOME=<user home>\Application Data\Sun\Java\Deployment. It seems that $USER_HOME and $JRE_HOME are the only two variables for use in deployment properties. Are there any others, in particular, one that mirrors the user's actual home directory?
Thanks,
Chris.G'day,
Open the Java Console and execute "dump system and
deployment properties" which shows property values,
and see if what you want is there.Thanks, but I don't think I can use these at the system level, can I?
I did try using ${user.home} but that doesn't work.
So, are there any variables other than $USER_HOME and $JRE_HOME that can be used when setting system level properties?
More info, http://java.sun.com/j2se/1.5.0/docs/guide/deployment/deployment-guide/properties.html
Thanks,
Chris. -
MBP 2011 15 late edition: Missing HD space - HD shows usage to be 237 GB. Adding up usage by apps, libriary, system and users shows usage to be 67GB. Help
"Hacked" is not my terminology, and I don't believe it's intended to be derogatory. What you describe is a perfectly legitimate reason to alter Hosts.
If your Mac still isn't working as expected after uninstalling Intego and Trend Micro, read on. The necessity to have a reliable backup cannot be overstated, since what you describe may be an indication of impending disk failure.
Back up your Mac if you have not already done so. To learn how to to that read Mac Basics: Time Machine backs up your Mac - Apple Support
If your Mac is momentarily unresponsive, consider the following.
Launch the Console app - it is in your Utilities folder. You can find it by selecting Utilities from the Finder's Go menu.
If the log list column on the left is not already displayed, show the log list by selecting Show Log List from Console's View menu. Select Show Toolbar if it is not already shown.
Locate system.log in the list and select it. Many date and time-stamped entries will appear, hundreds of them, and you must find the entries relevant to your Mac's problem.
To do that click the Clear Display button in the Toolbar. All previously displayed log entries will be disappear.
Next: Perform whatever actions cause the Mac to exhibit the slow behavior. If the problem is caused by errors logged by the system, the Console window will show them being recorded in system.log.
One or more of them, along with their time stamps, may reveal the reason for the problem you describe.
Copy and paste those log entries in a reply. If hundreds of the same repetitive messages appear, please edit them before posting. There should be no need for more than a few log entries.
Most of the entries will be cryptic but will contain information you might consider personal such as your Mac's name. If you do not want that information to appear, delete or obscure it when posting your reply. Leave enough information so that the entries can be deciphered. -
ACL rights assignment in new user script
I've been tasked with converting an old new-user script that runs at least once a day written in VB to PowerShell. This script takes as input a CSV file we get from HR that has all necessary info and creates a user, adds them to specific groups based on
the info in the CSV, enables their Exchange mailbox, and creates their home directory. I'm having a bit of trouble planning out the rights assignment part on the user home directory; I need to be able to add the specific user (set by variable at the beginning
of the script) and three static groups. What is the best way to do that? I can easily grab outside modules if needed (a section of my script checks for and if necessary installs modules and adds snap-ins), but I'd rather keep this 100% PowerShell - no icacls
or outside commands.
Any suggestions?
Thank you in advance.
[email protected]Here's what I came up with for the File System Stuff:
foreach ($user in $userlist)
$samaccountname = $user.empid
$FQN = "domain\" + $samaccountname
$homedirpath = "\\fileserver\users\$samaccountname"
new-item -ItemType directory -path $homedirpath -force
#Set ACLs for user and required groups
$homedir_acl = get-acl $homedirpath
$acl_access1 = 'domain\HomeDirectory Admins'
$acl_access2 = "domain\$samaccountname"
$fullrights = "Fullcontrol"
$modifyrights = "Modify"
$inheritrights = "ContainerInherit,ObjectInherit"
$rule1 = new-object system.security.accesscontrol.filesystemaccessrule ($acl_access1, $fullrights, $inheritrights, "none", "Allow")
$rule2 = new-object system.security.accesscontrol.filesystemaccessrule ($acl_access2, $modifyrights, $inheritrights, "none", "Allow")
$homedir_acl.addAccessRule($rule1)
set-acl $homedirpath $homedir_acl
$homedir_acl.addAccessRule($rule2)
set-acl $homedirpath $homedir_acl
#Set owner on home directory
$owner = New-Object System.Security.Principal.NTAccount($FQN)
$homedir_acl.setowner($owner)
set-acl $homedirpath $homedir_acl
[email protected] -
JRE System-level settings does not work - JRE1.6.30
Good day,
I need to set deployment.security.mixcode parameter to "DISABLE" within of deployment.properties configuration file.
Also I wish to place the deployment.properties configuration file is not user-specific path. The default location is
<User Application Data Folder>\Sun\Java\Deployment\deployment.properties.
TO change the default location I read about possibility to use the deployment.config for specifying the System-Level
deployment.properties in the infrastructure.
Unfortunatelly seems does not work. Someone have got experience about system level settings of deployment.properties?
This is the configuration I have used.
deployment.config:
deployment.system.config.mandatory=FALSE
deployment.system.config=file/:C:\Program Files\Java\jre6\lib\deployment.properties
deployment.properties:
#deployment.properties
#Fri Feb 17 15:54:57 CET 2012
deployment.version=6.0
deployment.capture.mime.types=true
deployment.browser.path=C\:\\Program Files\\Internet Explorer\\iexplore.exe
#Java Deployment jre's
#Fri Feb 17 15:54:57 CET 2012
deployment.javaws.jre.0.product=1.6.0_31
deployment.javaws.jre.0.registered=true
deployment.javaws.jre.0.osname=Windows
deployment.javaws.jre.0.platform=1.6
deployment.javaws.jre.0.path=C\:\\Program Files\\Java\\jre6\\bin\\javaw.exe
deployment.javaws.jre.0.location=http\://java.sun.com/products/autodl/j2se
deployment.javaws.jre.0.enabled=true
deployment.javaws.jre.0.osarch=x86
deployment.security.mixcode=DISABLE <<====
Thank you in advance
Adriano C.
Edited by: user12025469 on Feb 20, 2012 6:23 AM
Edited by: user12025469 on Feb 20, 2012 7:48 AMuser12025469 wrote:
This is the configuration I have used.
deployment.config:
deployment.system.config.mandatory=FALSE
deployment.system.config=file/:C:\Program Files\Java\jre6\lib\deployment.propertiesHm, try using a file URL like this:
file\:C:/Program Files/Java/jre6/lib/deployment.propertiesI believe that the file is interpreted as a properties file, which means the colon and slashes need to be escaped. This would be it if you want to use a proper Windows path:
file\:C:\\Program Files\\Java\\jre6\\lib\\deployment.properties -
Creating "help" systems for users (not other LV programmers) - where to start?
How should one approach giving users a built-in "Help" system? Users, that is, of a distributed application written in LabVIEW.
These users ideally would have no way of knowing the application was written in LabVIEW. To them, this application is just another program. The way the LabVIEW Help system works would be fine, but all the content would be inappropriate.
From the docs I see we can write "Descriptions" that show up in context-sensitive help when the user puts the mouse over a control, and a "Tip" that shows up when the context-sensitive help isn't even enabled. Are these typically the only help features built into a distributed application?
In the LabVIEW Help there is an article called "Development Process Tips" discussing creating web pages that document the VIs that you create, and another article called "Linking VIs to HTML Files or Compiled Help Files. Another discusses Creating Compiled Help Files, but refers to third-party software for doing this. Is this a typical approach for doing a nice job of providing help?
Or is there some other way to create a Help system that works like the existing LabVIEW help but has content we create?Hello,
Let me take your questions in order:
Q. How should one approach giving users a built-in "Help" system?
A. Here's one approach I have used:
a). Give all front panel controls and indicators a description so that the context help will show information for those front panel objects, and also for relevant front panel objects a tip - this will pop-up when the user hovers over the object, and can be annoying if it's used excessively, but nice if used where appropriate.
b). Create html files, one for each "Page" of your user interface, and place a Help button on your user interface which will launch the corresponding document for that "Page." I'm not sure what your UI is like, but basically if there are multiple front panels the user will see, a page describing each object on that panel, and the panel's purpose is nice. If you're using a tab control in any of those panels, then a page for each tab is nice as well.
A variation of b). is to use a so-called compiled help file - a .chm file. These are only relevant for Windows machines, so if you plan to deploy across multiple OSs, then this is out. The reason documentation suggests you need a third party tool is because those .chm files basically collect a set of html files together into a nice document, with the usual search, index, browse etc. capabilites and we don't have a product which does this. The LabVIEW Help on Windows is a nice example of a .chm file. You can do something SIMILAR with just HTML and javascript, creating at least a contents page which has organized links to the rest of the pages (which themselves can contain links back to the contents page), and even include the ability to search keywords etc. You'll find various free examples of such html and javascript on the web.
Once you have your html or compile help file, you can use the LabVIEW Help VIs to launch them. For chm files you can open the file and direct to a particular page of the chm file, and for html files all you really need to do is launch the relevant html file in the browser of your choice.
Q. In reference to descriptions and tips for controls/indicators: "Are these typically the only help features built into a distributed application?"
A. No, the html or chm idea is a nice touch, and can add a professional feel to the application.
Q. In reference to html or chm files: "Is this a typical approach for doing a nice job of providing help?"
A. Yes, it is used internally as a standard - chm for windows and html for linux and MAC.
Q. "Or is there some other way to create a Help system that works like the existing LabVIEW help but has content we create?"
A. One ideas is that you could implement your help entirely in LabVIEW if you'd like. Basically you would be launching your own VI or VIs which would show whatever documentation you wanted/created. You could use a tree structure or something to provide some convenient navigation by topic, and even a search - you would be coding this, and although I haven't done it, it seems like it would be pretty easy to do.
I hope this helps, and happy LabVIEW programming!
Best Regards,
JLS
Message Edited by JLS on 08-30-2006 01:57 PM
Best,
JLS
Sixclear -
Add an Admin user to external boot drive?
I installed Mavericks to an external drive; all went well except when I booted from it and tried to add printer drivers it appears I only have a "Standard"-level user account and nothing else (Guest not enabled). I've never seen anything like this before. So, can I somehow add an Admin-level account to this system or should I rip out the carpeting and reinstall? If the latter, what should I do to avoid the same result? I installed using an App Store-downloaded standalone installer from the internal boot drive on my 2009 Mac Mini. Any suggestions most appreciated!
Update: I tried installing Mavericks on the same drive using a USB install drive (using createinstallmedia via Terminal). Same result--no admin user created. Then it occured to me I was trying all this running 10.8 on my MacMini. I'll assume that's the problem, but anyone with further insights, fire away!
-
How can I add an admin user in Oracle Unified Directory (OUD) 11g r2?
I'm using OUD 11G R2. I just installed OUD with the default setting and setup an instance. I tried to add an admin user with the command:
./ldapmodify -h localhost -p 1389 -D "cn=Directory Manager" -w password --defaultAdd --filename admin.ldif
Here is the content of admin.ldif
dn: cn=oimuser,cn=Root DNs,cn=config
objectClass: inetOrgPerson
objectClass: person
objectClass: top
objectClass: ds-cfg-root-dn-user
objectClass: organizationalPerson
userPassword: Oracle123
cn: oimuser
sn: oimuser
ds-cfg-alternate-bind-dn: cn=oimuser
givenName: OIM User
ds-privilege-name: -config-read
ds-privilege-name: -config-write
ds-privilege-name: -backend-backup
ds-privilege-name: -backend-restore
ds-privilege-name: -data-sync
ds-privilege-name: -disconnect-client
ds-privilege-name: -jmx-notify
ds-privilege-name: -jmx-read
ds-privilege-name: -jmx-write
ds-privilege-name: -ldif-export
ds-privilege-name: -ldif-import
ds-privilege-name: -modify-acl
ds-privilege-name: -privilege-change
ds-privilege-name: -proxied-auth
ds-privilege-name: -server-restart
ds-privilege-name: -server-shutdown
ds-privilege-name: -update-schema
ds-privilege-name: -cancel-request
I got the error as below:
The provided entry cn=oimuser,cn=Root DNs,cn=config cannot be added because its suffix is not registered with the network group network-group
Would you please advise how I can fix that? ThanksI got the reason. cn=config is an administrative suffix.
In general, direct LDAP access to the administrative suffixes (using
the ldap* utilities) is discouraged. In most cases, it is preferable
to use the dedicated administrative command-line utilities to access
these suffixes.
If you must use the ldap* commands to access the administrative
suffixes, you must use the administration connector port (with the
--useSSL or -Z option).
It works when I use the command:
./ldapmodify -h localhost -p 4444 -D "cn=Directory Manager" -w Oracle123 --defaultAdd -Z --filename admin.ldif
You can verify it by:
./ldapsearch -h localhost -p 4444 -D "cn=Directory Manager" -w password --useSSL -b "cn=root DNs,cn=config" "cn=oimuser" -
How can i add a new user and change user'password with javamail?
how can i add a new user and change user'password from a mailserver with javamail?
email:[email protected]Well user creation and updation is a system property..U need to go through that part...as it depends on the system you are hosting pout your application...
if it is linux...u have to use some shell programming\
bye for now let me know if this guides you or if you need some more stuff.
bye -
Hi all,
I need to bring system and user statusses to BW (for wbs-elements and cs/pm orders). I'm fairly new to BW and I cannot find any business content regarding statusses. I have varying reporting needs where these statusses are important. Are there any pitfalls in bringing jest and jcds tables to BW. What would be the most logical place to put this information in: ODS-object or infocube? I want to do an initial full load of all these objects with their current status and status history. After that, I want to weekly load the delta's.
Any help would be greatly appreciated.
Ciao,
PeterHi Peter and welcome to the SDN!
well depending on your needs, you can extract all status information coming from jest and/or jcds, tj02 and/or tj30 using generic extraction and posting it into a ODS firstly. Additionally please check note 300300 from SAP. It describes how to add the status information to infoobjects.
regards
Siggi -
Add userid to user group in Windows Vista OS
The operating system is WINDOWS VISTA on my machine. I successfully installed Oracle 10 R2 10.2.0.3 and upgraded it to 10.2.0.4.
I have the following issue after upgrading to 10.2.0.4:
From the DOS command prompt, I ran as "Run as Administrator" and then did I did sqlplus /nolog.
I have the following issue when I CONNECT / AS SYSDBA:
When I do sqlplus /nolog and CONNECT / AS SYSDBA, I get the following error:
SQL> connect / as sysdba
ORA-01031 insufficient privileges
{color:#0000ff}I should be able to CONNECT / AS SYSDBA without using the SYS password to do exports and imports.
Oracle suggests that I could ADD my userid on my machine to the ORA_DBA group (Windows Group) and this could fix the issue.
Please let me know where I can find the ORA_DBA group (Windows Group) in WINDOWS VISTA.
How do I add my userid to the ORA_DBA group in Windows Vista?
{color}
Thanks!Duplicate Thread.
Add userid to user group in -
How can I add system font to Acrobat Pro X?
I tried to use "Edit Document Text" Function. There is an error pop-up as " All or part of the selection has no available system font. You cannot add or delete text using the currently selected font.". How can I add system font to Acrobat Pro X?
It is referring to the fonts installed on your computer - to edit text within a PDF you must have the same font installed (i.e. one with the same PostScript name). Acrobat doesn't have a separate way to load fonts, you install them in the normal way through your operating system control panel after downloading/purchasing the font files from a vendor.
-
Windows SBS 2011 - I can't add a new user through the SBS Console
I have recently installed SBS 2011 and this is my first install of SBS since 2003.
After the installation I went to the SBS Console to add a new user and when I select 'Add a new user account' and base it on the Standard User account i get a message saying 'Add a New User Account failed', when i view the details for this it says "The User
Account cannot be added. Ensure that the Active Directory Domain Services service is running....
I searched the web for this and found the following which was not applicable http://support.microsoft.com/kb/958890
I then resorted to adding the users via AD Users and Computers and the modifying the value in the ADSI for msSBSCreationState to 'Created' and then it appeared in the console, i then used the console to change the user role for this account to Standard User.
But when i now click on the "Edit User Account Properties" action i get a pop up message from SBS Server saying "There is no such object on the server".
Any ideas on ow to fix this broken console would be appreciated.
Thanks,
SimonHi, using default names i AD will help. For everyone who lost original. grr...
http://i.techrepublic.com.com/blogs/february-2011-wstips-tip1-figa.jpg?tag=content;siu-container -
Dear all,
I'm having trouble getting the system property user.name (which we need in our ant scripts) on our CentOS box. :(
When running the program below thru
java dumpproperties2
it prints "user.name='?'" on our CentOS 4.3. On win32 it works. It turns out that if you add the account corresponding to the EUID to /etc/passwd it works correctly. However, we don't use passwd authentication but an enterprise wide LDAP-system. Our /etc/nsswitch.conf says:
passwd: files ldap
One work around is to replace the java executable with a script that does
/path/to/jdk/bin/java -Duser.name=$USER -Duser.home=$HOME $@
Used jdk is j2se 1.5.0_13 Linux 32-bit.
Some questions for the experts:
1) Is there any other way?
2) Is it a known issue that Linux versions of the jdk just looks in /etc/passwd to map uid to user name (and home dir) instead of doing what the rest of the system, like whoami, does? I haven't found anything in either the readme or installation instructions, nor in the bug db.
Br, Jesper Tr�g�rdh
public class dumpproperties2 {
public static void main(String[] args) {
String s = System.getProperty("user.name");
System.out.println("user.name='" + s + "'");
}Does this work?
//public final class System
public static String getenv(String name)Then you can access the USER environment from inside Java. -
Setting javaplugin.maxHeapSize -Xmx at system level
G'day,
A similar unanswered question has been asked elsewhere
http://forum.java.sun.com/thread.jspa?forumID=30&threadID=5115738
I would really like to know whether it is possible to set the default value of javaplugin.maxHeapSize at the System Level (I know how to do it on a per user basis).
In particular, I am interested in doing this on Windows Vista, where I've read the limit can be as low as 64M (!)
http://forum.java.sun.com/thread.jspa?forumID=30&threadID=5168556
I understand that it might not be possible - the heap-size limit is set by the application, e.g. IE7, into which the Plug-In is being embedded. Even so, it can be overridden at the user-level, so why not at the system level?
Thanks,
Chris.G'day,
Did you ever find a solution to this problem?
I'm in a similar boat...
http://forum.java.sun.com/thread.jspa?threadID=5185445
Thanks,
Chris.
Maybe you are looking for
-
Cascading LOVs in discoverer desktop 10
Hi Is it possible to create Cascading parameters in Discoverer Desktop 10? i know the possibility in discoverer plus but didn't find the "filter the lov based on the selected condition" radio button while creating the paramenter in Desktop10. Thanks
-
Creation of new columns and reformatting of data in infocube
Hi, Although i got the results i wanted in my demo cube, i am not sure how it came to that. In my flat file, i have entries of 1001 for 0D_CREDITOR, and 82004 for 0FISCPER. However in my infocube, i am seeing entries of 0000001001 for 0D_CREDITOR
-
How can i move all my address book contacts to icloud?
I think I now understand the two accounts I have in Contacts - one for On my Mac and one for iCloud. The On my Mac account is the complete one. Can I move the whole thing into teh iCloud account so that it syncs with my oher Mac and my iPhone?
-
Problem in Consuming a Web Service running on Remedy
Hi All – We have a web service running on ARSystem ( Remedy) and all we would like to do is – -Invoke this web service from our Coldfusion page -Send some parameters in a method call for ‘Remedy WS’ -This Webservice returns a simple String object. Th
-
My ipod is stuck after trying to update
my ipod tried to update itself thru iTunes, and now i cant even turn it on.