Encrypted drives accessible by other users

Howdy,
I am looking into encryption methods for OS X (previous post here: https://discussions.apple.com/message/22321009#22321009) and in playing around with it i found the following:
If i have an encrypted drive or partition mounted on my desktop i can not secure it by simply unmounting, logging out or starting a password protected screensaver. Another user can sign in through 1. fast user switching, 2. the main login window after i have logged out and 3. by using the 'Switch User' button at the bottom of the screensaver when it asks for a password. As soon as the other user logs in, there are my encrypted drives or partitions, no password asked!
The only way to secure an encrypted drive is to 1. Restart the Mac, 2. Turn off the Mac or 3. in the case of an external device, physically disconnect it.
Am i overreacting or is this a huge security concern/flaw and more importantly, are there ways to plug these holes if multiple users have to have an account on the same system?
I have read something similar a few months ago that mentioned simply unmounting a drive was not secure but it did not cover other users or offer a solution (can't find the article anymore).
Jay

This is how mounting volumes works in OS X. Once mounted, a drive is available systemwide, and not restricted to a specific user. The encryption that OS X sets up on a drive is per-volume only, and not intended to protect the data from other users on the system. Instead, its intent is to prevent someone from finding your drive and plugging it into another system to overcome security and access your files.
Ultimately the mode for securing files from other users of the same system is to not rely on encrypted volumes. If mounted, the unencrypted drive will remain unlocked and re-mountable. The only way to secure it again is to fully detach or eject it from the system.
However, overall it is not really a security flaw in the system. While intuitively it may seem the system ought to lock the drive again once ejected, this behavior still falls in line with how the system already handles local drives, where any volume (encrypted or not) is viewable accessible by other user accounts.
The way you can prevent another user from accessing the mounted volume is to get information on the volume, and then click the lock at the bottom to authenticate for changes, and then uncheck the box to ignore ownership on the volume. This will have the system observe permissions restrictions for files on the drive, but keep in mind this will only be restrictive to non-administrative accounts, as any admin can re-check the box and have full access to the drive again.
An alternative option is to use an encrypted disk image to secure files. Unlike encrypted drives, the system should fully eject an encrypted disk image when you eject it, requiring its password to be entered when mounting the image again. Unfortunately as with other mounted volumes, if you mount the disk image in your account and keep it mounted, then another user that logs in at the same time will be able to access this volume.

Similar Messages

  • How to restrict External Drive access in other user accounts

    I just purchased an external HD and moved my iTunes and iPhoto libraries to it. No problem there.
    My Mac mini has four user accounts and I'd like to set the permissions on the external HD so that only I can write to it from my account. I'm attempting to do this through 'Get Info' on the external drive, then setting Sharing & Permissions to 'Read and Write' for myself and 'Read only' for the other three accounts. But it seems that when I set one of these it gets set for all four accounts.
    Am I doing something wrong trying to set the permissions this way, or, is there a better way to do it?
    Thanks,
    Andy

    I didn't realize you could set the privileges for other user accounts in the 'Get Info' box from my account. I added the names of the other three accounts and set them to 'Read Only' but I am still able to delete files from the drive when I'm logged into those accounts.
    What I'm trying to do is set it up so that either (1) they can't accidentally delete files from the external disk or (2) they can't even see the disk at all from those accounts. I would have thought that 'Read Only' would not allow them to delete files, but with the privilege set to 'Read Only' I'm still able to delete files from the disk.
    Maybe I'm missing a step? Or maybe there's another way to do it?
    Thanks,
    Andy

  • This connection is untrusted with (Error code: sec_error_unknown_issuer) received for one user on computer on various https connections, same sites accessible by other users

    Windows 7. Firefox 9.0.1. Receiving above error on various sites which I have used succesfully before and which I can still use if I log on as a different user on this pc.

    Fixed by deleting cert8.db on profile directory.

  • How to make writer PDF form accessible to other users?

    Hello,
    I have created a form in Adobe Professional version 8. Actually I created it in Word and converted it online to PDF.
    In the Adobe 8 version I am able to type and complete the form fields, however if I share it with anybody else, who has a lower version, they are not able to do so.
    The purpose of my document is to post it on a website and it should be used as a request form that just can be saved, completed and send as an attachment by email, so no printing.
    Can someone please advise what I should do?
    Thank you.
    Best regards, Elke
    [email protected]

    Hello,
    I have started to create a form with Adobe 8 Professional with the form option. The creation took place via adobe lifecycler designer.
    I can type and save the form now but once I send it to someone else, with a lower PDF version, they are still unable to do so, they can print it but not save, complete, save and return the completed form to me.
    Let me know what I should enable to get this done.
    I wish I could just attach the form so you could have a look at it, is that possible?
    thanks

  • GPO: CD and DVD: Deny write access prevents user from using their USB Pen drive, but other users or ok

    My Users have secure pen drives that launch a CDROM partition with a secure logon app that decrypts the main USB mass storage element of the pen drive on successful logon. The problem I have is that users who install the usb pen drive cannot then
    initialize the CDROM launcher app to input their password to access the mass storage element of the pen drive making it useless.
    However, any other user that has the same type of pen drive who then plugs it in to the endpoint that already has the drivers installed is able to access their own pen drive or the other users pen drive (providing the know the password).
    So I've isolated the problem being down to the presence of the GPO setting stated above on the Removable Storage Access Policy, and by not having this policy in place when a user installs the pen drive they have no issues, but I can't find a way to clean
    up a user who is already broken even if I remove the GPO from that user, delete their local profile so that they logon as a new user (no roaming or other data) and use a variety of utilities such as USBOblivion to clear out the registry and file system of
    the USB device and installation. When the original user logs back on and then installs the usb pen drive again they have the same issue, but no other users do. I have the same issue if I try this with an alternative user or admin as the first user after the
    'clean up'. Everyone else can use the pen drive except the user that originally installed it when the GPO was in place.
    If I move the user to a new endpoint or rebuild their endpoint then they have no problem being the installer of the usb pen drive and then using it since the GPO was removed, so what I need to know is what is it about the USB install and the GPO that
    is tattooing in Windows somewhere and how do I remove it? 

    Hi,
    In my opinion, this is probably not Windows GPO problem. To confirm the suppose, you can follow the path below to check GPO settings if there is any change after the software installed.
    Computer Configuration\Administrative Templates\System\Removable Storage Access
    User Configuration\Administrative Templates\System\Removable Storage Access
    These two policy manage system and current user Removable Storage access.
    If there is no change with these policy, it would be better to contact the manufacture of the driver for further assistance.
    Roger Lu
    TechNet Community Support

  • How do I get rid of myself and other users and just be working from the hard drive?

    Hi all,
    I know this sounds odd, but bear with me...
    I've just bought a new Macbook pro 10.7.4, as my loved old one died. At the store they tranferred all my old info to the new one, but my problem is this: Now I am a user on my computer and there are options for shared users. That sounds confusing, but on my old computer it was just me using it. No sign in or log in, and when I opened my finder window everything was just there in the one bucket (my hard drive): library, apllications, programs, etc. Now I open my finder window and find duplicates of things in all places( i.e. things on my hard drive are also (or not, maddeningly, such as library) there, and then they are also in users or shared.) It is only ever me using my computer, so I don't need all this extra clutter everywhere, or have to go searching for things in different places. Old system was like opening a drawer and finding all your posessions neatly arranged in there, in the one place. Now i feel as though I walk into a room filled with cupboards and things are in some drawers that are also in others, and duplicated.
    I apologise for my long rant, but I had to find a way to explain it!
    Basically, I want to get rid of other user or shared options on my mac, and myself as a user, and just have the one system staright off the hard drive, no other log ins, but still obviously retain my permissions (password etc) for making changes or installing. Is this possible?

    Well, you're going to have two Library folders - one for yourself and one for the System, but you can delete other users and you can enable automatic log-in for yourself using "Users and Groups" in System Preferences. No need to turn on Sharing or have any other users. You'll still need to make yourself an administrator, of course, but if you delete any other users, you delete their home folders, too.
    Clinton

  • How do I hide my mailbox and mail contents from other users, leaving other functions of my iMac accessible?

    How do I hide my mailbox and mail contents from other users, leaving other functions of my iMac accessible?

    You don't have to shut down the computer to switch accounts. All you do is click the Apple symbol in the upper left and choose Log Out and that's it. You can also set up Faster User Switching by:
    1. Open System Preferences - Accounts
    2. Click Login Options
    3. Check the box called "Show fast user switching menu as" then choose from either icon, short name or name.
    Then when someone wants to switch users they can. The advantage of this method is if you are have a document open and don't want to close it the document will remain open. If the other user attempts to shut down the computer they can't until you have logged out thereby saving all your data.
    A very simple and elegant solution.

  • My iTunes library is on an external hard drive; how do I set it so other users (accounts) on my imac, will also have the same library, with the same playlists

    my iTunes library is on an external hard drive; how do I set it so other users (accounts) on my imac, will also have the same library, with the same playlists

    Quit iTunes.
    Sign into another user account.
    Hold Option, launch iTunes.
    Select Choose library... and select the iTunes folder on the external.
    Do this for all users.
    NOTE: You must quit iTunes when switching users as the library can only be opened by one user at a time.

  • No domains accessible to the user logged in

    Hi,
    I installed SOA 10.1.3.0.1 Basic Developer version. First time after installation everything comes up fine. I deployed and tested
    couple of processes. I shut down the SOA Suite and then restrated it over. Now when going to BPEL Console and logging in as
    oc4jadmin it gives the following error:
    No domains accessible to the user logged in.
    Now I checked the log file and see the following error message. i believe it's due
    The database schema version "2.0.3" from the database does not match the version "2.0.4" expected by the server.
    as I am using the developer version and olite is installed by default. I don't know why it only works first time after installation and then
    after that never works. Any idea how to fix this. As I have re-installed it several times now.
    <2007-06-25 01:20:13,953> <INFO> <collaxa> <ConnectionFactoryImpl::init> Initialized connection factory jdbc/BPELServerDataSourceWorkflow
    <2007-06-25 01:20:13,953> <INFO> <collaxa> <ConnectionFactoryImpl::init> Initialized connection factory jdbc/BPELServerDataSource
    <2007-06-25 01:20:14,109> <INFO> <collaxa> <ServerManager::__init> Detected datasource 'olite'
    07/06/25 01:20:14 ORABPEL-03003
    Incorrect db schema version.
    The database schema version "2.0.3" from the database does not match the version "2.0.4" expected by the server.
    The database schema currently in place has probably been configured for a previous release; please re-install the database schema and try to start the server again.
    07/06/25 01:20:14      at com.collaxa.cube.engine.adaptors.util.BaseSchemaManager.getSchemaVersion(BaseSchemaManager.java:90)
    07/06/25 01:20:14      at com.collaxa.cube.engine.adaptors.util.DataSourceSchemaUtils$1.validateCompatibility(DataSourceSchemaUtils.java:72)
    07/06/25 01:20:14      at com.collaxa.cube.engine.adaptors.util.DataSourceSchemaUtils.validateServerSchemaVersion(DataSourceSchemaUtils.java:136)
    07/06/25 01:20:14      at com.collaxa.cube.admin.adaptors.ServerAdaptorManager.init(ServerAdaptorManager.java:126)
    07/06/25 01:20:14      at com.collaxa.cube.admin.ServerManager.__init(ServerManager.java:202)
    07/06/25 01:20:14      at com.collaxa.cube.admin.ServerManager.init(ServerManager.java:110)
    07/06/25 01:20:14      at com.collaxa.cube.ejb.impl.ServerBean.init(ServerBean.java:254)
    07/06/25 01:20:14      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    07/06/25 01:20:14      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    07/06/25 01:20:14      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    07/06/25 01:20:14      at java.lang.reflect.Method.invoke(Method.java:585)
    07/06/25 01:20:14      at com.evermind.server.ejb.interceptor.joinpoint.EJBJoinPointImpl.invoke(EJBJoinPointImpl.java:35)
    07/06/25 01:20:14      at com.evermind.server.ejb.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:119)
    07/06/25 01:20:14      at com.evermind.server.ejb.interceptor.system.DMSInterceptor.invoke(DMSInterceptor.java:52)
    07/06/25 01:20:14      at com.evermind.server.ejb.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:119)
    07/06/25 01:20:14      at com.evermind.server.ejb.interceptor.system.JAASInterceptor$1.run(JAASInterceptor.java:31)
    07/06/25 01:20:14      at java.security.AccessController.doPrivileged(Native Method)
    07/06/25 01:20:14      at javax.security.auth.Subject.doAs(Subject.java:396)
    07/06/25 01:20:14      at com.evermind.server.ThreadState.runAs(ThreadState.java:622)
    07/06/25 01:20:14      at com.evermind.server.ejb.interceptor.system.JAASInterceptor.invoke(JAASInterceptor.java:34)
    07/06/25 01:20:14      at com.evermind.server.ejb.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:119)
    07/06/25 01:20:14      at com.evermind.server.ejb.interceptor.system.TxNotSupportedInterceptor.invoke(TxNotSupportedInterceptor.java:43)
    07/06/25 01:20:14      at com.evermind.server.ejb.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:119)
    07/06/25 01:20:14      at com.evermind.server.ejb.interceptor.system.DMSInterceptor.invoke(DMSInterceptor.java:52)
    07/06/25 01:20:14      at com.evermind.server.ejb.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:119)
    07/06/25 01:20:14      at com.evermind.server.ejb.InvocationContextPool.invoke(InvocationContextPool.java:55)
    07/06/25 01:20:14      at com.evermind.server.ejb.StatelessSessionEJBObject.OC4J_invokeMethod(StatelessSessionEJBObject.java:87)
    07/06/25 01:20:14      at ServerBean_RemoteProxy_4bin6i8.init(Unknown Source)
    07/06/25 01:20:14      at com.collaxa.cube.admin.CXLoaderServlet.init(CXLoaderServlet.java:60)
    07/06/25 01:20:14      at javax.servlet.GenericServlet.init(GenericServlet.java:256)
    07/06/25 01:20:14      at com.evermind.server.http.HttpApplication.loadServlet(HttpApplication.java:2361)
    07/06/25 01:20:14      at com.evermind.server.http.HttpApplication.findServlet(HttpApplication.java:4810)
    07/06/25 01:20:14      at com.evermind.server.http.HttpApplication.findServlet(HttpApplication.java:4734)
    07/06/25 01:20:14      at com.evermind.server.http.HttpApplication.initPreloadServlets(HttpApplication.java:4922)
    07/06/25 01:20:14      at com.evermind.server.http.HttpApplication.initDynamic(HttpApplication.java:1134)
    07/06/25 01:20:14      at com.evermind.server.http.HttpApplication.<init>(HttpApplication.java:738)
    07/06/25 01:20:14      at com.evermind.server.ApplicationStateRunning.getHttpApplication(ApplicationStateRunning.java:414)
    07/06/25 01:20:14      at com.evermind.server.Application.getHttpApplication(Application.java:545)
    07/06/25 01:20:14      at com.evermind.server.http.HttpSite$HttpApplicationRunTimeReference.createHttpApplicationFromReference(HttpSite.java:1990)
    07/06/25 01:20:14      at com.evermind.server.http.HttpSite$HttpApplicationRunTimeReference.<init>(HttpSite.java:1909)
    07/06/25 01:20:14      at com.evermind.server.http.HttpSite.initApplications(HttpSite.java:645)
    07/06/25 01:20:14      at com.evermind.server.http.HttpSite.setConfig(HttpSite.java:290)
    07/06/25 01:20:14      at com.evermind.server.http.HttpServer.setSites(HttpServer.java:270)
    07/06/25 01:20:14      at com.evermind.server.http.HttpServer.setConfig(HttpServer.java:177)
    07/06/25 01:20:14      at com.evermind.server.ApplicationServer.initializeHttp(ApplicationServer.java:2450)
    07/06/25 01:20:14      at com.evermind.server.ApplicationServer.setConfig(ApplicationServer.java:998)
    07/06/25 01:20:14      at com.evermind.server.ApplicationServerLauncher.run(ApplicationServerLauncher.java:131)
    07/06/25 01:20:14      at java.lang.Thread.run(Thread.java:595)
    <2007-06-25 01:20:15,937> <INFO> <collaxa> <ServerManager::uninit> Shutting down all domains
    <2007-06-25 01:20:15,937> <INFO> <collaxa> <ServerManager::uninit> Done shutting down all domains
    07/06/25 01:20:37 java.sql.SQLException: [POL-5130] table or view not found
    07/06/25 01:20:37      at oracle.lite.poljdbc.LiteThinJDBCConnection.thinSQLError(Unknown Source)
    07/06/25 01:20:37      at oracle.lite.poljdbc.LiteThinJDBCStatement.thinSqlPrepare(Unknown Source)
    07/06/25 01:20:37      at oracle.lite.poljdbc.LiteThinJDBCPreparedStatement.prepare(Unknown Source)
    07/06/25 01:20:37      at oracle.lite.poljdbc.POLJDBCPreparedStatement.<init>(Unknown Source)
    07/06/25 01:20:37      at oracle.lite.poljdbc.OraclePreparedStatement.<init>(Unknown Source)
    07/06/25 01:20:37      at oracle.lite.poljdbc.POLJDBCCallableStatement.<init>(Unknown Source)
    07/06/25 01:20:37      at oracle.lite.poljdbc.OracleCallableStatement.<init>(Unknown Source)
    07/06/25 01:20:37      at oracle.lite.poljdbc.POLJDBCConnection.prepareCall(Unknown Source)
    07/06/25 01:20:37      at oracle_lite_poljdbc_OracleConnection_Proxy.prepareCall()
    07/06/25 01:20:37      at oracle.bpel.services.workflow.repos.driver.WFTaskTimer.getWFTaskTimers(WFTaskTimer.java:164)
    07/06/25 01:20:37      at oracle.bpel.services.workflow.repos.driver.PersistencyService.getWFTaskTimers(PersistencyService.java:946)
    07/06/25 01:20:37      at oracle.bpel.services.workflow.task.impl.WorkflowTimerAgent.getTaskTimer(WorkflowTimerAgent.java:587)
    07/06/25 01:20:37      at oracle.bpel.services.workflow.task.impl.WorkflowTimerAgent.<init>(WorkflowTimerAgent.java:134)
    07/06/25 01:20:37      at oracle.bpel.services.workflow.task.impl.WorkflowTimerAgent.<clinit>(WorkflowTimerAgent.java:91)
    07/06/25 01:20:37      at oracle.bpel.services.workflow.task.impl.TaskService.<init>(TaskService.java:158)
    07/06/25 01:20:37      at oracle.bpel.services.workflow.task.impl.TaskService.<clinit>(TaskService.java:131)
    07/06/25 01:20:37      at oracle.bpel.services.common.InitializeServlet.init(InitializeServlet.java:56)
    07/06/25 01:20:37      at com.evermind.server.http.HttpApplication.loadServlet(HttpApplication.java:2361)
    07/06/25 01:20:37      at com.evermind.server.http.HttpApplication.findServlet(HttpApplication.java:4810)
    07/06/25 01:20:37      at com.evermind.server.http.HttpApplication.findServlet(HttpApplication.java:4734)
    07/06/25 01:20:37      at com.evermind.server.http.HttpApplication.initPreloadServlets(HttpApplication.java:4922)
    07/06/25 01:20:37      at com.evermind.server.http.HttpApplication.initDynamic(HttpApplication.java:1134)
    07/06/25 01:20:37      at com.evermind.server.http.HttpApplication.<init>(HttpApplication.java:738)
    07/06/25 01:20:37      at com.evermind.server.ApplicationStateRunning.getHttpApplication(ApplicationStateRunning.java:414)
    07/06/25 01:20:37      at com.evermind.server.Application.getHttpApplication(Application.java:545)
    07/06/25 01:20:37      at com.evermind.server.http.HttpSite$HttpApplicationRunTimeReference.createHttpApplicationFromReference(HttpSite.java:1990)
    07/06/25 01:20:37      at com.evermind.server.http.HttpSite$HttpApplicationRunTimeReference.<init>(HttpSite.java:1909)
    07/06/25 01:20:37      at com.evermind.server.http.HttpSite.initApplications(HttpSite.java:645)
    07/06/25 01:20:37      at com.evermind.server.http.HttpSite.setConfig(HttpSite.java:290)
    07/06/25 01:20:37      at com.evermind.server.http.HttpServer.setSites(HttpServer.java:270)
    07/06/25 01:20:37      at com.evermind.server.http.HttpServer.setConfig(HttpServer.java:177)
    07/06/25 01:20:37      at com.evermind.server.ApplicationServer.initializeHttp(ApplicationServer.java:2450)
    07/06/25 01:20:37      at com.evermind.server.ApplicationServer.setConfig(ApplicationServer.java:998)
    07/06/25 01:20:37      at com.evermind.server.ApplicationServerLauncher.run(ApplicationServerLauncher.java:131)
    07/06/25 01:20:37      at java.lang.Thread.run(Thread.java:595)
    <2007-06-25 01:20:37,531> <ERROR> <oracle.bpel.services.workflow> <::> [POL-5130] table or view not found
    java.sql.SQLException: [POL-5130] table or view not found
         at oracle.lite.poljdbc.LiteThinJDBCConnection.thinSQLError(Unknown Source)
         at oracle.lite.poljdbc.LiteThinJDBCStatement.thinSqlPrepare(Unknown Source)
         at oracle.lite.poljdbc.LiteThinJDBCPreparedStatement.prepare(Unknown Source)
         at oracle.lite.poljdbc.POLJDBCPreparedStatement.<init>(Unknown Source)
         at oracle.lite.poljdbc.OraclePreparedStatement.<init>(Unknown Source)
         at oracle.lite.poljdbc.POLJDBCCallableStatement.<init>(Unknown Source)
         at oracle.lite.poljdbc.OracleCallableStatement.<init>(Unknown Source)
         at oracle.lite.poljdbc.POLJDBCConnection.prepareCall(Unknown Source)
         at oracle_lite_poljdbc_OracleConnection_Proxy.prepareCall()
         at oracle.bpel.services.workflow.repos.driver.WFTaskTimer.getWFTaskTimers(WFTaskTimer.java:164)
         at oracle.bpel.services.workflow.repos.driver.PersistencyService.getWFTaskTimers(PersistencyService.java:946)
         at oracle.bpel.services.workflow.task.impl.WorkflowTimerAgent.getTaskTimer(WorkflowTimerAgent.java:587)
         at oracle.bpel.services.workflow.task.impl.WorkflowTimerAgent.<init>(WorkflowTimerAgent.java:134)
         at oracle.bpel.services.workflow.task.impl.WorkflowTimerAgent.<clinit>(WorkflowTimerAgent.java:91)
         at oracle.bpel.services.workflow.task.impl.TaskService.<init>(TaskService.java:158)
         at oracle.bpel.services.workflow.task.impl.TaskService.<clinit>(TaskService.java:131)
         at oracle.bpel.services.common.InitializeServlet.init(InitializeServlet.java:56)
         at com.evermind.server.http.HttpApplication.loadServlet(HttpApplication.java:2361)
         at com.evermind.server.http.HttpApplication.findServlet(HttpApplication.java:4810)
         at com.evermind.server.http.HttpApplication.findServlet(HttpApplication.java:4734)
         at com.evermind.server.http.HttpApplication.initPreloadServlets(HttpApplication.java:4922)
         at com.evermind.server.http.HttpApplication.initDynamic(HttpApplication.java:1134)
         at com.evermind.server.http.HttpApplication.<init>(HttpApplication.java:738)
         at com.evermind.server.ApplicationStateRunning.getHttpApplication(ApplicationStateRunning.java:414)
         at com.evermind.server.Application.getHttpApplication(Application.java:545)
         at com.evermind.server.http.HttpSite$HttpApplicationRunTimeReference.createHttpApplicationFromReference(HttpSite.java:1990)
         at com.evermind.server.http.HttpSite$HttpApplicationRunTimeReference.<init>(HttpSite.java:1909)
         at com.evermind.server.http.HttpSite.initApplications(HttpSite.java:645)
         at com.evermind.server.http.HttpSite.setConfig(HttpSite.java:290)
         at com.evermind.server.http.HttpServer.setSites(HttpServer.java:270)
         at com.evermind.server.http.HttpServer.setConfig(HttpServer.java:177)
         at com.evermind.server.ApplicationServer.initializeHttp(ApplicationServer.java:2450)
         at com.evermind.server.ApplicationServer.setConfig(ApplicationServer.java:998)
         at com.evermind.server.ApplicationServerLauncher.run(ApplicationServerLauncher.java:131)
         at java.lang.Thread.run(Thread.java:595)
    <2007-06-25 01:20:37,531> <ERROR> <oracle.bpel.services.workflow> <::> Error while querying workflow task timer.
    Error while querying workflow task timer based on task metadata and application name.
    Check the underlying exception and correct the error. Contact oracle support if error is not fixable.
    ORABPEL-30320
    Error while querying workflow task timer.
    Error while querying workflow task timer based on task metadata and application name.
    Check the underlying exception and correct the error. Contact oracle support if error is not fixable.
         at oracle.bpel.services.workflow.repos.driver.WFTaskTimer.getWFTaskTimers(WFTaskTimer.java:183)
         at oracle.bpel.services.workflow.repos.driver.PersistencyService.getWFTaskTimers(PersistencyService.java:946)
         at oracle.bpel.services.workflow.task.impl.WorkflowTimerAgent.getTaskTimer(WorkflowTimerAgent.java:587)
         at oracle.bpel.services.workflow.task.impl.WorkflowTimerAgent.<init>(WorkflowTimerAgent.java:134)
         at oracle.bpel.services.workflow.task.impl.WorkflowTimerAgent.<clinit>(WorkflowTimerAgent.java:91)
         at oracle.bpel.services.workflow.task.impl.TaskService.<init>(TaskService.java:158)
         at oracle.bpel.services.workflow.task.impl.TaskService.<clinit>(TaskService.java:131)
         at oracle.bpel.services.common.InitializeServlet.init(InitializeServlet.java:56)
         at com.evermind.server.http.HttpApplication.loadServlet(HttpApplication.java:2361)
         at com.evermind.server.http.HttpApplication.findServlet(HttpApplication.java:4810)
         at com.evermind.server.http.HttpApplication.findServlet(HttpApplication.java:4734)
         at com.evermind.server.http.HttpApplication.initPreloadServlets(HttpApplication.java:4922)
         at com.evermind.server.http.HttpApplication.initDynamic(HttpApplication.java:1134)
         at com.evermind.server.http.HttpApplication.<init>(HttpApplication.java:738)
         at com.evermind.server.ApplicationStateRunning.getHttpApplication(ApplicationStateRunning.java:414)
         at com.evermind.server.Application.getHttpApplication(Application.java:545)
         at com.evermind.server.http.HttpSite$HttpApplicationRunTimeReference.createHttpApplicationFromReference(HttpSite.java:1990)
         at com.evermind.server.http.HttpSite$HttpApplicationRunTimeReference.<init>(HttpSite.java:1909)
         at com.evermind.server.http.HttpSite.initApplications(HttpSite.java:645)
         at com.evermind.server.http.HttpSite.setConfig(HttpSite.java:290)
         at com.evermind.server.http.HttpServer.setSites(HttpServer.java:270)
         at com.evermind.server.http.HttpServer.setConfig(HttpServer.java:177)
         at com.evermind.server.ApplicationServer.initializeHttp(ApplicationServer.java:2450)
         at com.evermind.server.ApplicationServer.setConfig(ApplicationServer.java:998)
         at com.evermind.server.ApplicationServerLauncher.run(ApplicationServerLauncher.java:131)
         at java.lang.Thread.run(Thread.java:595)
    Caused by: java.sql.SQLException: [POL-5130] table or view not found
         at oracle.lite.poljdbc.LiteThinJDBCConnection.thinSQLError(Unknown Source)
         at oracle.lite.poljdbc.LiteThinJDBCStatement.thinSqlPrepare(Unknown Source)
         at oracle.lite.poljdbc.LiteThinJDBCPreparedStatement.prepare(Unknown Source)
         at oracle.lite.poljdbc.POLJDBCPreparedStatement.<init>(Unknown Source)
         at oracle.lite.poljdbc.OraclePreparedStatement.<init>(Unknown Source)
         at oracle.lite.poljdbc.POLJDBCCallableStatement.<init>(Unknown Source)
         at oracle.lite.poljdbc.OracleCallableStatement.<init>(Unknown Source)
         at oracle.lite.poljdbc.POLJDBCConnection.prepareCall(Unknown Source)
         at oracle_lite_poljdbc_OracleConnection_Proxy.prepareCall()
         at oracle.bpel.services.workflow.repos.driver.WFTaskTimer.getWFTaskTimers(WFTaskTimer.java:164)
         ... 25 more
    <2007-06-25 01:20:37,531> <ERROR> <oracle.bpel.services.workflow> <::> Error while querying workflow task timer.
    Error while querying workflow task timer based on task metadata and application name.
    Check the underlying exception and correct the error. Contact oracle support if error is not fixable.
    ORABPEL-30320
    Error while querying workflow task timer.
    Error while querying workflow task timer based on task metadata and application name.
    Check the underlying exception and correct the error. Contact oracle support if error is not fixable.
         at oracle.bpel.services.workflow.repos.driver.WFTaskTimer.getWFTaskTimers(WFTaskTimer.java:183)
         at oracle.bpel.services.workflow.repos.driver.PersistencyService.getWFTaskTimers(PersistencyService.java:946)
         at oracle.bpel.services.workflow.task.impl.WorkflowTimerAgent.getTaskTimer(WorkflowTimerAgent.java:587)
         at oracle.bpel.services.workflow.task.impl.WorkflowTimerAgent.<init>(WorkflowTimerAgent.java:134)
         at oracle.bpel.services.workflow.task.impl.WorkflowTimerAgent.<clinit>(WorkflowTimerAgent.java:91)
         at oracle.bpel.services.workflow.task.impl.TaskService.<init>(TaskService.java:158)
         at oracle.bpel.services.workflow.task.impl.TaskService.<clinit>(TaskService.java:131)
         at oracle.bpel.services.common.InitializeServlet.init(InitializeServlet.java:56)
         at com.evermind.server.http.HttpApplication.loadServlet(HttpApplication.java:2361)
         at com.evermind.server.http.HttpApplication.findServlet(HttpApplication.java:4810)
         at com.evermind.server.http.HttpApplication.findServlet(HttpApplication.java:4734)
         at com.evermind.server.http.HttpApplication.initPreloadServlets(HttpApplication.java:4922)
         at com.evermind.server.http.HttpApplication.initDynamic(HttpApplication.java:1134)
         at com.evermind.server.http.HttpApplication.<init>(HttpApplication.java:738)
         at com.evermind.server.ApplicationStateRunning.getHttpApplication(ApplicationStateRunning.java:414)
         at com.evermind.server.Application.getHttpApplication(Application.java:545)
         at com.evermind.server.http.HttpSite$HttpApplicationRunTimeReference.createHttpApplicationFromReference(HttpSite.java:1990)
         at com.evermind.server.http.HttpSite$HttpApplicationRunTimeReference.<init>(HttpSite.java:1909)
         at com.evermind.server.http.HttpSite.initApplications(HttpSite.java:645)
         at com.evermind.server.http.HttpSite.setConfig(HttpSite.java:290)
         at com.evermind.server.http.HttpServer.setSites(HttpServer.java:270)
         at com.evermind.server.http.HttpServer.setConfig(HttpServer.java:177)
         at com.evermind.server.ApplicationServer.initializeHttp(ApplicationServer.java:2450)
         at com.evermind.server.ApplicationServer.setConfig(ApplicationServer.java:998)
         at com.evermind.server.ApplicationServerLauncher.run(ApplicationServerLauncher.java:131)
         at java.lang.Thread.run(Thread.java:595)
    Caused by: java.sql.SQLException: [POL-5130] table or view not found
         at oracle.lite.poljdbc.LiteThinJDBCConnection.thinSQLError(Unknown Source)
         at oracle.lite.poljdbc.LiteThinJDBCStatement.thinSqlPrepare(Unknown Source)
         at oracle.lite.poljdbc.LiteThinJDBCPreparedStatement.prepare(Unknown Source)
         at oracle.lite.poljdbc.POLJDBCPreparedStatement.<init>(Unknown Source)
         at oracle.lite.poljdbc.OraclePreparedStatement.<init>(Unknown Source)
         at oracle.lite.poljdbc.POLJDBCCallableStatement.<init>(Unknown Source)
         at oracle.lite.poljdbc.OracleCallableStatement.<init>(Unknown Source)
         at oracle.lite.poljdbc.POLJDBCConnection.prepareCall(Unknown Source)
         at oracle_lite_poljdbc_OracleConnection_Proxy.prepareCall()
         at oracle.bpel.services.workflow.repos.driver.WFTaskTimer.getWFTaskTimers(WFTaskTimer.java:164)
         ... 25 more
    07/06/25 01:20:39 Confluent Config: Loading configuration file config.xml
    07/06/25 01:20:39 Confluent Config: "${config.path}" is resolved to "config.properties"
    07/06/25 01:20:39 Confluent Config: "${gateway.default.config.path}" is resolved to "gateway-config-installer.properties;gateway-config-common.properties"
    07/06/25 01:20:39 Confluent Config: Loading property file config.properties
    07/06/25 01:20:39 Confluent Config: Loading property file gateway-config-installer.properties
    07/06/25 01:20:39 Confluent Config: Loading property file gateway-config-common.properties
    07/06/25 01:20:39 Confluent Config: Loading configuration file config.xml
    07/06/25 01:20:39 Confluent Config: "${config.path}" is resolved to "config.properties"
    07/06/25 01:20:39 Confluent Config: "${gateway.default.config.path}" is resolved to "gateway-config-installer.properties;gateway-config-common.properties"
    07/06/25 01:20:39 Confluent Config: Loading property file config.properties
    07/06/25 01:20:39 Confluent Config: Loading property file gateway-config-installer.properties
    07/06/25 01:20:39 Confluent Config: Loading property file gateway-config-common.properties
    07/06/25 01:20:40
    ConnectionPoolManager gateway.foundationservice intialized with url=jdbc:polite4@localhost:1531:orawsm driver=oracle.lite.poljdbc.POLJDBCDriver user=system maxConn=5
    07/06/25 01:20:40 Gateway component started
    07/06/25 01:20:40 Confluent Config: Loading configuration file config.xml
    07/06/25 01:20:40 Confluent Config: "${config.path}" is resolved to "config.properties"
    07/06/25 01:20:40 Confluent Config: "${policymanager.default.config.path}" is resolved to "policymanager-config-installer.properties;policymanager-config-common.properties"
    07/06/25 01:20:40 Confluent Config: Loading property file config.properties
    07/06/25 01:20:40 Confluent Config: Loading property file policymanager-config-installer.properties
    07/06/25 01:20:40 Confluent Config: Loading property file policymanager-config-common.properties
    07/06/25 01:20:40
    ConnectionPoolManager PolicyRepository intialized with url=jdbc:polite4@localhost:1531:orawsm driver=oracle.lite.poljdbc.POLJDBCDriver user=system maxConn=5
    07/06/25 01:20:40
    ConnectionPoolManager ComponentRepository intialized with url=jdbc:polite4@localhost:1531:orawsm driver=oracle.lite.poljdbc.POLJDBCDriver user=system maxConn=5
    07/06/25 01:20:40 Policy Manager component started
    07/06/25 01:20:41 Confluent Config: Loading configuration file config.xml
    07/06/25 01:20:41 Confluent Config: "${config.path}" is resolved to "config.properties"
    07/06/25 01:20:41 Confluent Config: "${ui.default.config.path}" is resolved to "ui-config-installer.properties;ui-config-common.properties"
    07/06/25 01:20:41 Confluent Config: Loading property file config.properties
    07/06/25 01:20:41 Confluent Config: Loading property file ui-config-installer.properties
    07/06/25 01:20:41 Confluent Config: Loading property file ui-config-common.properties
    07/06/25 01:20:41 Authentication Provider is:com.cfluent.accessprovider.sampledb.LocalDBAuthProvider
    07/06/25 01:20:41
    ConnectionPoolManager Component Repository Pool intialized with url=jdbc:polite4@localhost:1531:orawsm driver=oracle.lite.poljdbc.POLJDBCDriver user=system maxConn=5
    07/06/25 01:20:41
    ConnectionPoolManager UI Pool intialized with url=jdbc:polite4@localhost:1531:orawsm driver=oracle.lite.poljdbc.POLJDBCDriver user=system maxConn=5
    07/06/25 01:20:41 Confluent UI component started
    07/06/25 01:20:41 Corda Servlet Environment Initialized
    07/06/25 01:20:44
    Corda Server (PopChart) Version 6.0.597
    PopChart: Valid Key.
    OptiMap: No key entered, or key invalid.
    Highwire: No key entered, or key invalid.
    Cluster: No key entered, or key invalid.
    07/06/25 01:20:44 Copyright 1997 - 2004, Corda Technologies, Inc. (www.corda.com) Protected by U.S. Patent 5,933,830. Other patents pending.
    07/06/25 01:20:44
    07/06/25 01:20:44 server_root: C:/Oracle_Software/AS10g/1013/soa_windows_x86_101310/owsm/lib/corda
    07/06/25 01:20:44 chart_root: chart_root
    07/06/25 01:20:44 Password is Enabled, Required for Save
    07/06/25 01:20:44 Maximum Threads: 64
    07/06/25 01:20:44 Default Image Type is: Flash
    07/06/25 01:20:44 Auto Detect PNG Support. Compression Mode: DEFAULT
    07/06/25 01:20:44
    07/06/25 01:20:46 Confluent Config: Loading configuration file config.xml
    07/06/25 01:20:46 Confluent Config: "${config.path}" is resolved to "config.properties"
    07/06/25 01:20:46 Confluent Config: "${monitor.default.config.path}" is resolved to "monitor-config-installer.properties;monitor-config-common.properties"
    07/06/25 01:20:46 Confluent Config: Loading property file config.properties
    07/06/25 01:20:46 Confluent Config: Loading property file monitor-config-installer.properties
    07/06/25 01:20:46 Confluent Config: Loading property file monitor-config-common.properties
    07/06/25 01:20:51 Rmi Registry is started on port 3118
    07/06/25 01:20:51 Confluent Monitor component started
    07/06/25 01:20:51 Oracle Containers for J2EE 10g (10.1.3.1.0) initialized

    Hi,
    I uninstalled everything again and this time reinstalled the Mid-Tier version with OracleXE as the back end database. I followed the documentation to configure 10.1.3 with OID. All went fine as per the documentation. But when I try to log into BPELConsole I am still getting
    No domains accessible to the user logged in.
    When I tried to log into Worklist it gives me Authentication Error. And looking at the log file I see an error No Realm localhost..... The realm is correct but somehow I am not able to make 10.1.3 work on Mid-Tier with OID configured.
    Here is my is_config.xml
    <?xml version = '1.0' encoding = 'UTF-8'?>
    <ISConfiguration xmlns="http://www.oracle.com/pcbpel/identityservice/isconfig">
    <configurations>
    <configuration realmName="localhost" displayName="localhost Realm">
    <provider providerType="JAZN" name="OID" service="Identity">
    <connection url="ldap://localhost:389" binddn="cn=orcladmin" password="testpwd1" encrypted="false"/>
    </provider>
    </configuration>
    </configurations>
    </ISConfiguration>
    Here is hw_services orion.xml
    <?xml version = '1.0'?>
    <orion-application xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/orion-application-10_0.xsd" deployment-version="10.1.3.1.0" default-data-source="jdbc/OracleDS" component-classification="internal-BPEL" schema-major-version="10" schema-minor-version="0">
         <ejb-module remote="false" path="hw_services_ejb.jar"/>
         <web-module id="hw_services" path="hw_services.war"/>
         <web-module id="deploy" path="deploy.war"/>
         <web-module id="testconnection" path="testconnection.war"/>
         <web-module id="worklistxpress" path="worklistxpress.war"/>
         <web-module id="worklistapp" path="worklistapp.war"/>
         <web-module id="taskservice" path="taskservice.war"/>
         <web-module id="taskmetadataservice" path="taskmetadataservice.war"/>
         <web-module id="taskqueryservice" path="taskqueryservice.war"/>
         <web-module id="IdentityService" path="IdentityService.war"/>
         <web-module id="usermetadataservice" path="usermetadataservice.war"/>
         <web-module id="runtimeconfigservice" path="runtimeconfigservice.war"/>
         <security-role-mapping name="PUBLIC">
              <group name="{{PUBLIC}}"/>
         </security-role-mapping>
         <persistence path="persistence"/>
         <jazn provider="LDAP" jaas-mode="doAsPrivileged"/>
         <log>
              <file path="application.log"/>
         </log>
    </orion-application>
    And here is orion.xml for orabpel
    <?xml version = '1.0'?>
    <orion-application xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/orion-application-10_0.xsd" deployment-version="10.1.3.1.0" default-data-source="jdbc/OracleDS" component-classification="internal-BPEL" schema-major-version="10" schema-minor-version="0">
         <ejb-module remote="false" path="ejb_ob_engine.jar"/>
         <ejb-module remote="false" path="ejb_services.jar"/>
         <web-module id="admin" path="admin.war"/>
         <web-module id="console" path="console.war"/>
         <web-module id="startup" path="startup.war"/>
         <web-module id="httpbinding" path="httpbinding.war"/>
         <security-role-mapping name="PUBLIC">
              <group name="{{PUBLIC}}"/>
         </security-role-mapping>
         <persistence path="persistence"/>
         <imported-shared-libraries>
              <import-shared-library name="oracle.bpel.common"/>
              <import-shared-library name="oracle.ws.client"/>
              <import-shared-library name="oracle.toplink"/>
              <import-shared-library name="oracle.ws.testpage"/>
         </imported-shared-libraries>
         <principals path="principals.xml"/>
         <jazn provider="LDAP" jaas-mode="doAsPrivileged"/>
         <log>
              <file path="application.log"/>
         </log>
         <connectors path="./oc4j-connectors.xml"/>
         <namespace-access>
              <read-access>
                   <namespace-resource root="">
                        <security-role-mapping name="&lt;jndi-user-role>">
                             <group name="oc4j-administrators"/>
                        </security-role-mapping>
                   </namespace-resource>
              </read-access>
              <write-access>
                   <namespace-resource root="">
                        <security-role-mapping name="&lt;jndi-user-role>">
                             <group name="oc4j-administrators"/>
                        </security-role-mapping>
                   </namespace-resource>
              </write-access>
         </namespace-access>
    </orion-application>
    Here is the Domain.log and it says default domain loaded and 2 processes deployed successfully. But I don't know why I am not able to log into BPELConsole and keeps getting "No domains accessible to the user logged in." also don't know from where the processes are loaded as I don't see anything in C:\Oracle_Software\AS10g\1013\soa_windows_x86_101310\bpel\domains\default\deploy as was expecting 2 jars in there but it's nothing in there and on top log files says 2 processes loaded. It all happened after I try to configure OID and restart the 10.1.3. Looks like after install anytime you restart the SOA Suite it is messing-up everything and now I installed is so many times and don't have patience to do it again.
    I am really frustrated now and don't know what's wrong. Any help will be really really appreciated.
    Thanks

  • We just received our new mac and took it to the store to have the old files from our last computer transferred over.  Now we can't find all our files.  There was more then one user on the old machine.  How can we find the files from the other users?

    We need to find where the files for the other user on the computer are now located.  There were two other users on the old machine, which was taken into the store and ALL files were suppose to be transferred over to this computer. HELP!

    It appears what happened is the installer though it was looking at a empty drive and just went ahead and installed.
    I of course am assuming here you didn't use Disk Utility to format the drive first before installing, that would wipe out your files and programs for sure.
    So what to do, what to do.
    Well there is hope for you as long as the drive wasn't Filevaulted.
    I'll explain. When a hard drive writes data for the first time to a drive, it starts at the very top and works it's way down.
    When OS X was installed the first time, it was at the top of the drive, unless you upgraded then the upgraded OS X could have been written elsewhere.
    Now when you just reinstalled OS X, the new OS went on the top of the drive, overwriting any data that was there previously, so what was there you have lost forever which is about 8GB or so. If it was the previous OS there, then your more in luck because only the old OS X was overwritten.
    The remaining space on the drive still can have a copy of your files, provided it's not overwritten yet.
    It's because when a hard drive deletes data or reformats, it doesn't remove the data off the drive or overwrites it immediately, it's just made so it's SPACE is available for new files to be written there.
    So technically one can recover the deleted data off a non-encrypted/scrubbed hard drive with special software.
    The way it does this is it reads the 1's and 0's of the files themselves, and through a lot of figuring out, can tell what that file is and what it belongs too.
    So what you will have to do is this:
    Create a data recovery/undelete external boot drive
    or if you don't have the skills, then take it to a local PC/Mac tech and they can do a direct image of the drive and then you can run Data Rescue on it to rebuild your files.

  • Error when opening BPEL Console:No domains accessible to the user logged in

    Hi,
    I have upgraded the SOA SUITE from 10.1.3.1 to 10.1.3.4 by applying the patch. Before applying the patch, I run the scripts to upgrade the database for both ESB and BPEL. After applying the patch I made the change in <ORACLE_HOME>\j2ee\oc4j_soa\configdata-sources.xml file for the BPELPM_CONNECTION_POOL parameter. But when I am opening BPEL Console it is showing the error like “No domains accessible to the user logged in". And in the log file I am getting the error like
    ORABPEL-03003
    Incorrect db schema version.
    The database schema version "2.0.4" from the database does not match the version "10.1.3.4.0" expected by the server.
    The database schema currently in place has probably been configured for a previous release; please re-install the database schema and try to start the server again.
    Does anybody knows how to fix this problem?
    Thanks,
    Anju

    Hello,
    I had the same problem and reconfiguring the datasources.xml was the solution. Because the installer replace its values with all wrong values. For example: using polite driver instead OracleDriver, 1522 instead 1521, user and password.
    That solved my problem, maybe you must check all parameters of the datasources.xml and restart the server.

  • Making a file accessible to all users

    Hi
    Win 8.1 Pro with Media Centre.
    I have a win 8.1 pc connected to a SBS 2011 domain. I have an MS Access MDE file in C:\Folder1\Folder2\Folder3z\MyMDE.MDE. I need the MDE file accessible to all users logged into to the pc. No matter how I set the permissions on the MDE file and the folders
    including Everyone the file is not accessible to all users. I have also disabled the User Account Control but no luck.
    What are simple steps to have a file accessible to all users please?
    Thanks
    Regards

    Hi,
    According to your description, I think this should be the folder problem. However, you can try to copy this file to the root of other Drive for test.
    In addition, please make sure its user was Everyone and had full control like screenshot below:
    Roger Lu
    TechNet Community Support

  • Encrypted drive disappears

    Had an external working drive for Time Machine, previously unencrypted.
    Encrypted it and then used it with TM for backups. Worked fine.
    Filled up several times. Decided to go unencrypted since the backups were a lot slower.
    Used Disk Utility, selected drive, with Erase when disk was encrypted. No issues. Normal erase.
    Since then, the drive is no longer visible on any MBA when plugged into USB ports on either side, non-visible on desktop,
    Time Machine can't see it. DIsk Utility can see the drive, says it is 300+gb external but can't repartition it.
    The drive looks for all intents and purposes like erasing as encrypted did something beyond just erasing.
    Does Disk Warrior fix this kind of thing? Is there a command-line tool I can use to save the expense of a Disk Warrior purchase?
    Has anyone encountered the above before or heard of it?
    Thanks!

    Question 1: Why?
    As a user.....just like you.....we cannot say "why", since only Apple knows the "why" about their design decisions.
    Question 2: Is there any way to configure TC to support external encrypted drives throgh USB port?
    No
    Question 3: Does Time Capsule support encrypted drive through Ethernet LAN ports?
    I do not know, since I do not have an encrypted hard drive connected to the Time Capsule with an Ethernet connection. Perhaps another user can test and answer for you.

  • Chmod -R 700 on home directory doesn't restrict other users

    Hi All,
    I have several users sharing a mac. I wanted to secure my home directory so I opened a terminal and typed:
    cd /users
    chmod -R 700 alandye
    a ls -l confirmed permissions recursively changed for my home directory and subsidiary directories and files had been set to og-rwx.
    Then, I logged in as a different user (tknoble) , and tried to access the directory (alandye)through the finder that I had just restricted permissions on, and viola, I could read any file in there.
    This doesn't happen on Unix or Linux, why is it happening here? I tried restricting account tknoble to non-administrative, but got the same problem.
    Net/net, finder seems to be ignoring the posix file permissions.
    Can anyone explain why this is happening?
    thanks,
    Alan

    ... Still, the ACL issue and the open default permissions including the default umask on the Mac has me perplexed. I've used ACL's for years as a system manager on mainframes and other secure enterprise unix platforms, generally through a central administrative console like RACF or ACF2 on the mainframe. It identifies all ACL's on the system and allows you to administer them centrally. The idea that my mac has system generated ACL's that are only accessible through chmod on a file by file basis and are inherently set with open permissions seems like a bad security setup.
    First, the default permissions and umask values have been typical of Unix systems since I started using them back in '85. And even in the Family situation, allowing family members the ability to share information is not uncommon, and can be frustrating to the family if everything is totally locked up.
    Plus your complaints about ACLs, it just a side issue, as the /User/username folder should have only had an ACL that prevented accidental deletion. Your real problem was cached Finder information. So this ACL discussion is just a tangential issue.
    Second, a Mac is a mass market consumer personal computer, with a strong leaning towards 1 person being the owner and user of that computer. It is not typically sold as a Mainframe replacement. Having tightly locked down, no access default permissions and umask just makes life extremely difficult for the mass market consumer.
    Applying Mainframe rules to a Mac is only going to frustrate you.
    As for having an ACL admin tool besides chmod, for the most part consumers are not aware of ACLs, they are used sparingly on the Mac, and as such it is not something Apple has felt a need to invest in. Maybe there is a 3rd party utility that will provide this service for you.
    While investigating this I did discover a similar problem with a RAID array I have attached with similar file permission problems. chmod -R 700 on directories does set the permission bits correctly, but again, finder bypasses them and allows access for other users, even after a reboot. Apparently, according to this http://hints.macworld.com/article.php?story=20020418091450891 the externally attached drives ignore ownership by default.
    Again, the Mac is a mass market consumer item. Just about every external drive on a Mac is a detachable device, which can be moved around to other Macs, etc... (especially USB thumb drives, SD cards, etc...). Having these devices default to strict security would again frustrate the mass consumer Mac user, when all they want to do is get their pictures off of the SD card, or move files between 2 computers, etc...
    My point is that the defaults Apple has selected are targeted to the mass consumer Mac user. Not the data center mainframe user.
    I would encourage you to give Apple feedback on your experiences
    <http://www.apple.com/feedback/macosx.html>
    or
    BugReporter
    <http://bugreporter.apple.com>
    Free ADC (Apple Developer Connection) account needed for BugReporter.
    Anyone can get a free account at:
    <http://developer.apple.com/programs/register/>

  • Install app so that its accessible to all users

    Hi,  I have an application installed but its only accessible to a single user. There are two users on this MacBook and I would like both to have access. What should i do?

    There are two Applications folders. One is at root on the drive and the other is in your Home folder.
    If you install an application in the Applications folder that is in your Home folder then only you can use it.
    If on the other hand you install into the Applications folder at root instead then everyone can use it.
    Allan

Maybe you are looking for

  • Problem with Application Notes

    I.m using OS X 10.10.3. A month ago I tried to copy then paste a page from Turbo Tax to my Notes application. This froze my notes. I'm unable to do anything with notes. When I open notes I get that same frozen page from Turbo Tax. No change after a n

  • Ipod nano and windows XP pro

    I just purchased a new Ipod nano. I installed iTunes 7 and am able to download and move songs. Itunes recognizes my ipod but everytime I dock or open iTunes I get a: Found new hardware wizard that pops up. It states " there was a problem installing t

  • How to get rid of quotes in SQL?

    Hi All! Does anybody know how to get rid of quotes in generated SQL? I don't mean manual editing. Are there any properties controlling this behavior (adding "" automatically)? Thanks in advance! Sincerely, Lev

  • Hdmi adapter problem

    I own Phillips 32pfl9604h TV. Recently I bought HDMI adapter. When I set up the iPad with HDMI to TV , TV is recognizing the iPad but the format is constantly switching between 2 different formats. I tried to connect it to a different model of TV and

  • MIDP emulator with support for initiating a dial up connection to a RAS

    Hi, Is it possible to emulate the OTA installation via HTTP on an emulator ? I would like to execute some of the test cases for MIDlet downloads on my laptop having Windows 2000. If I understand it right it would either need to interface Windows' TCP