File Permissions and security - sharing with FW externally booted Linux

I want to be able to access my Music folder and others on my Powerbook's internal HD from my Linux OS (Kubuntu 9.04) which boots from an external Firewire drive.
It worked fine when I changed the permissions in "Others:" to "Read Only", but I am afraid that this makes me vulnerable to having files stolen so I changed it back... Am I correct in assuming this?
Is there a way that I can add Read/Write permissions to my Linux user account?
Thanks ahead of time.

I did this with NFS, but I haven't tried it from a shared harddrive.
how should I do if I want the permissions to work in both OSes?
You can change the permissions of files and directories in either OS.
I suggest that you make a complete backup of your system. You should create a second administrator account from which you use to change your original account. You should log out your original account before proceeding.
Mac OS X ... harddrive -> Applications -> Utilities -> terminal
Ubuntu ... Applications > Accessories > Terminal
Your current user is:
echo $USER
Let's assume myuser
To find out your UID and GID do:
ls -ln
ls -l
Or, you can use the id command.
id
compare the output and write down what you find.
You best use the numeric value for your userid. In this case it is 500. To list all the files owned by a userid do:
sudo find / -user 500 -exec ls {} \;
# adding a -x before the / limits the search to the current file system.
Mac OS X ... harddrive -> Applications -> Utilities -> NetInfo Manager
In the middle column is the function. Pick users then select your user. Click on the lock at the bottom of the panel. Go into the property list and change UID and GID.
In the Ubuntu terminal,
man 5 passwd
... will give you the format of the passwd file.
sudo nano /etc/passwd
... the format is user-name, password, uid, gid, ...
control-o
... to save
control-x
... to quit
The groups are defined in /etc/group
cat /etc/group
Now change the UID and GID of all files:
You best use the numeric value for your userid. In this case it is 500.
sudo find / -user 500 -exec chown 1100:211 {} \;
/* Where chown has the format of chown uid:gid file-name */
/* adding -print before -exec lists the files that will be changed. */
/* You may want to leave off :211 if your uid & gid are not paired. */
/* Notice the -exec runs another command on the found file. */
sudo find / -group 20 -exec chgrp 211 {} \;
On the Mac you get into single user mode by holding down command-s when you poweron your machine. Just in case you run into problems.
On Mac OS, there are a few files that have the old uid as part of their names. The .Trashes file will be only removal media and maybe everywhere.
/.Trashes/501
/Library/Caches/com.apple.IntlDataCache.501
/Library/Caches/com.apple.IntlDataCache.sbdl.501
/Library/Caches/com.apple.user501pictureCache.tiff
On Linux, there are a few files that have the old user name as part of their file and folder names:
Here is another explaination of the procedure. ( It misses some file because the auther checks only the most likely places.
http://lissot.net/netinfo/change_user.html
Robert

Similar Messages

File permissions and Adobe Software

We have a problem with file permissions and adobe software. In Illustrator and Photoshop I can open files from the 10.4.7-server that are opened by another user at the same time and in Indesign, in the contrary, I cannot open any file on the server. Always error "no rights" or "is opened by another user", also if logged in as admin.
In MS Word for Mac we have no problem, if a file is open (Word) and I try to open the same file on another workstation, error "is open" is showed correctly. We have 3 10.4.7-Workstations and a 10.4.7-server on a G4/800. Can anyone help?

Assuming you're connecting via AFP, this may help:
1. Start with current updates: Update your client and server software to version 10.4.8. Update Photoshop CS2 to 9.0.2, Illustrator CS2 to 12.0.1, and InDesign CS2 to 4.0.4.
2. In Illustrator and Photoshop I can open files from the 10.4.7-server that are opened by another user at the same time.
This is actually not normal. Instruct your users to avoid opening files simultaneously, as this will result in lost data.
If you have SMB/CIFS access to the same share point, disable oplocks; allow only strict file locks.
If you've disabled the lock manager for AFP, re-enable it. It's enabled by default in /Library/Preferences/com.apple.AppleFileServer.plist.
3. For InDesign documents that won't open, delete their corresponding lock files. Whenever InDesign CS or CS2 opens an .indd or .inx file, it creates a corresponding .idlk file that simply serves to flag the .indd/.inx file as open. If File.indd won't open, locate and delete File.idlk and try again. The lock file will be stored in the same folder as the document.
4. Double-check your file permissions. Start by verifying the filesystems (Disk Utility/First Aid tab/Repair Volume button) of the server volume that houses the affected share point(s). You'll have to disable sharing to do so.
Ensure that your permissions are correct, and adjust them as necessary. Consider using an ACL to apply read/write access for users or groups, because ACLs offer the superior inheritance model. See my ACL Tips post (http://discussions.apple.com/click.jspa?searchID=-1&messageID=1732788) if you haven't already.
You may also find my posting regarding permission assignments and changes for newly-created items, copied items, or moved items: http://discussions.apple.com/thread.jspa?threadID=654236&tstart=30
--Gerrit

I NEED TO SHARE MY LR CATALOGS FROM LAPTOP TO MAC AND EVEN IPAD WITH NO EXTERNAL DEVICES - I WOULD LIKE ANY EDIT I MAKE FROM ONE COMPUTER TO BE MADE ON THE OTHER - HOW DO I DO THIS ?? THANKS!!

I NEED TO SHARE MY LR CATALOGS FROM LAPTOP TO MAC AND EVEN IPAD WITH NO EXTERNAL DEVICES - I WOULD LIKE ANY EDIT I MAKE FROM ONE COMPUTER TO BE MADE ON THE OTHER - HOW DO I DO THIS ?? THANKS!!

All the info you do with your image files is stored in the Lightroom Catalog file. The Catalog file cannot be located on a network it must have a physical connection to the computer.
While the Catalog is in use a LOCK file will be temporarily placed alongside which prevents its use by any other device.

How to find PG.xml file name and path associated with a FUNCTION

Hi,
I am having a function:IRC_VIS_HOME_PAGE with Web HTML value as below:
OA.jsp?akRegionCode=IRC_VIS_HOME_PAGE&akRegionApplicationId=800&OAPB=IRC_BRAND
How to find PG.xml file name and path assoicated with above funtion.
Thanks,
ashok

Ashok,
Function IRC_VIS_HOME_PAGE will have 2 parameter defined for it which are OASF and OAHP where
OASF=<SelectedFunctionName> - this tells the Framework to select this function in the given "Home Page" menu context.
OAHP=<HomePageMenuName> - this is used ONLY with the OASF parameter, and it is used to establish the current menu context. It should point to a "Home Page" menu.
--Shiv

My office uses windows based computers setup with a server setup. Can an apple server emulate or find compatibility with an apple server or apple computer linked to the server and allow full file sharing and printer sharing with pc's?

I have 11 computers all pc's linked to an old windows server and all used primarily for microsoft office and printer sharing as well as for internet browsing. Can an apple joining the setup cause compatability issues?

HI,
grey-haired IT guy here, old enough to come from the counter culture. I ran (COO, including IT & compliance) a third billion dollar financial institution all on Macs 15 to 20 years ago. All the "experts" had a long list of reasons it would be impossible, and it drove the examiners nuts, but it's only gotten better.
So your benefits are going to be mostly in ease of administration after the learning curve, less aggravating glitches, better overall reliability, and arguably better security. And reductions in cost and improvement in time to implement changes.
In my current environment of mostly dozens of PCs, the moment I let the OS X Server be the domain master controller, the Windows network browser settled down and instantly showed network neighborhoods like it should have. (We may have some forgotten pre-NT machines plugged in somewhere -- this is NOT a financial institution).
Couple anecdotes might explain the feeling of coming in out of the cold: Putting a test copy of a web site from the cloud onto the Mac server, XAMPP or MAMP is pretty much already there. The site has a couple WordPress blogs, and they need .htaccess files, and Apache needs an option set to permit remapping URLs. After much searching far and wide to find why it didn't seem to be working, I found the checkbox right there on Apple's management screens. Much easier than editing .conf from command line. Linux web admins hate it.
Tale # 2: We aren't fully Windows domain controlled -- just using the old network browser. Need to upgrade that, and I Googled quite a while trying to understand what needed to be done to use Apple's Open Directory instead of setting up an Active Directory on Windows -- both SLDAP3. Turns out one reason I couldn't find much is there isn't much to say: it just works. Just join the domain from a Windows machine.
One more and I'll be quiet a bit. We use the Wiki collaboration which is nice enough as far as it goes (no spreadsheets, fatal flaw) and it occupies the server's native web site slot. So the test copy needed to be another site. Easy enough -- site setup is all GUI and works fine, but WordPress could not handle a multiuser blog coming to a non-standard port (other than 80) so I needed a second IP multihomed on the server. How do you do this? Go to Network in the System Prefs, click on the Ethernet interface and select "duplicate". Set your IP address. Done.
In summary a Mac OS X Server is a better server for a Windows shop than Windows Server 200x.
My bottom line for choosing Apple: lower blood pressure. I SHOULD be money. After all is said and done, it's about money. The incredibly more pleasant experience is a free benefit. You'll pay more for better hardware, but way less in time and trouble. And you won't be hounded on a daily basis to update the system. Not that Adobe or Firefox are any better about it on a Mac, but the Apple approach to updates stays in the background.
Think different. Simplify. Focus. Enjoy your work.

Time Capsule: Files lost after Secure Shared Disk: with accounts

I Changed the Disks: Secure Shared Disk option to 'with accounts' on my Time Capsule and now all files are invisible. It looks the files must be still on the disks because of the amount of free/used bytes used that is displayed.
How can I restore the 'old' files?

Restore the old files by removing the accounts.. ie press and hold reset.. once you go back to a reset all files are available again anyway so the security is illusionary.
If you want to secure files encrypt them.
BTW the old airport utility would have warned you that what you were doing will stop access to your files.
Of course the latest toyland utility probably showed you nothing.
Never start accounts with files on the TC.. you should offload them.. create accounts then load them back.. to the illusion of security at least.

Problems with file permissions and authorization/authentication and hostname (using ddns)

hey guys!
decided to rewrite this entire question...it was too hard to understand what i want.
I have a student version of server 2012 r2. I installed like 50 roles, and then deleted 90% of them. i have....a bunch of webserver roles, almost all of them i bet, and misc others. no AD or dns roles..i deleted those i thought they might have been the problem.
I connected this to a dynamic dns courtesy of No-ip.com. example.ddns.net
when installing a blog or cms, and I am asked for the server name (for database) do i use localhost, 192.168.1.###, my router ip, computer name, example.ddns.net, or something else?
Same question above for iis bindings! What do i put for the host?
secondly, what file permissions do i set up? I can't seem to access umbraco, for example, from outside the network unless i use windows admin credentials in the physical path credentials via IIS advanced options.

Hi,
The issue is related to IIS, I suggest you ask for help from IIS forum for better and accurate answer to the question.
http://forums.iis.net
Best Regards,
Mandy
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place.

File and print sharing with wrt54g, ver. 6

computers connected to my wrt54g, ver. 6, router (firmware ver 1.01.1) cannot see each other's shared files although they can all share the same internet connection just fine. file and print sharing has been set up on each (they were connected to a wired router before i purchased the wrt54g and they saw each other and shared files, no problem). how can i share files through this router? what went wrong?

Are you running software firewalls on any computer? Has the LAN IP network changed (e.g. it was 192.168.0.* before and now 192.168.1.*)?

File permissions and ownership questions

Hi all,
I'm a bit confused by the file permissions in Snow Leopard. In particular, whenever I create a folder, there is always a group permission assigned to "staff".
1) how is "staff" different from "everyone"?
2) how come if I remove the group permission for "staff", I can't add it back? It doesn't seem like the "staff" group actually exists (it doesn't show up in the user/group dialog)
And finally, does anyone know why ownership is so weird on removable drives? It seems like the "owner" of a folder created an a removable drive is just whoever is logged in at the time. So, if I log in as UserA and do an ls, I see the owner as UserA. If I log in as UserB, I see the owner as UserB.

bmm727 wrote:
Hi all,
I'm a bit confused by the file permissions in Snow Leopard. In particular, whenever I create a folder, there is always a group permission assigned to "staff".
1) how is "staff" different from "everyone"?
staff is the default group that includes all users with accounts on your computer. everyone means everyone including remote users connecting as guests if you have file sharing on who don't have user accounts on your computer.
2) how come if I remove the group permission for "staff", I can't add it back?
in short, because GUI for changing permissions is really messed up in snow leopard.
It doesn't seem like the "staff" group actually exists (it doesn't show up in the user/group dialog)
it does exist, it's just not offered as an option in that dialog. see my comment above about GUI being messed up.
Furthermore, please never delete staff from permissions this way. on top of being messed up GUI for changing permissions is buggy in snow leopard and when you remove staff from permissions that way the group on the item in question changes from staff to wheel (which is why you have to unlock the lock with your admin password in order to do this). this is wrong in most instances as only root belongs to the group wheel.
And finally, does anyone know why ownership is so weird on removable drives? It seems like the "owner" of a folder created an a removable drive is just whoever is logged in at the time. So, if I log in as UserA and do an ls, I see the owner as UserA. If I log in as UserB, I see the owner as UserB.
it's not true for all removable drives. it's only true if a drive has ownership disabled (can be done in the get info popup) or if it's formatted FAT. all thumb drives are formatted FAT by default. FAT is an old windows file system which does not understand POSIX permissions and treats everything as read+write by everybody.

Printer and scanner sharing with Windows 7

Hi there,
I have an iMac running the latest OS which my Canon printer is connected to.
When I work from home I have to use my work PC which is now running the RC version of Windows 7. Does anyone know if and how I can share my printer? The printer is currently connected to my iMac, but I could attach it to my Time Capsule if need be.
Would I need Bonjour for Windows? I used to use this when I was running Vista, but you had to run it as an XP application, and even then it was pretty unreliable.
I'd also like to be able to somehow share my scanner across both computers.
Both the scanner and the printer work under Windows 7 with a direct wired connection, so it's just a case of using them across a home network...
Thanks

Go to "System Preferences/Security/Firewall" and change settings to: "Set access to specific services and applications". "File Sharing" and "Printer sharing" were already present for me, I don't know how to get them if they are not, and I don't know what the ramifications for security are. I can now see Windows computers and printers.

Can I use home sharing with an external iTunes folder??

I just set up and am using home sharing for the first time. I have a MacBook Pro and iMac both set up, running iTunes and sharing will not work like I'd like. I use an external hard drive with my iMac and have an iTunes folder there (that sometimes it points to automatically, but sometimes I have to go under advanced and show the iMac to use that iTunes folder because it defaults to the internal iTunes folder on the computer). Should iTunes home sharing work with the external iTunes folder or does it only work with iTunes folders on the computer? I currently have my iTunes folder pointed to the external and can play music from there, but I cannot find a way to access that folder from my MacBook Pro.
I'm wondering if it's a limitation of home sharing or a result of not having the iTunes folder "properly set up" on the iMac to always point to the external.

I use an external hard drive with my iMac and have an iTunes folder there (that sometimes it points to automatically, but sometimes I have to go under advanced and show the iMac to use that iTunes folder because it defaults to the internal iTunes folder on the computer).
Make sure the external drive is powered on and mounted on the desktop before launching iTunes.

File Locks and SMB shares with ML

I've been doing a lot of research on SMB and the way it locks files during access. I've made a lot of ground work in my research but could use a little further assistance from this support community.
The symptom is simple to explain: Users are occasionally being prompt for a username and password when attempting to rename or move files and folders.
After doing some research on this topic, I have discovered that there is a direct relationship to files being open on the server at the time the user is attempting to rename or move the folder. The following thread, albiet old, appears to have nailed the problem on the head http://arstechnica.com/civis/viewtopic.php?p=24558131. In particular, there appears to be file locking happening when preview is turned on through the finder. I've had all users remove preview from their Macs and this appears to have helped reduce the occurances of the password prompt, but has not completly solved the problem. This is also a work around, not a fix.
I've been using a series of command to help me trace the problem including openfile.exe on the Windows 2012 Storage Server (sharing the files via smb only) to discover who has what files open on the server, and the lsof command on the client workstations to discover what process has the file open. So far, the finder is consistently the only thing with the file open... even with the finder preview turned off. I've also found that the "open file" is simply the fact that the offending users Mac has a finder window with just the folder open (none of the files within the folder or previews open).
Is the real solution to simply close all finder windows when you're done working in a folder, or is there more that anyone can think of to help me find out exactly what is holding the file lock? Is this a known bug in the SMB implementation of ML? Can we expect to see a fix with Mavericks which will now be using SMB2.0?
Any help or information anyone can provide would be greatly appreciated. I have a bunch of documentation on this issue and would be happy to share. Please let me know if anyone needs any additional details.

Hello all - many apologies for my delay in posting here; and Squiggle, thanks for the second-hand nudge. As Stephen said we have been testing a solution concerning a setting in Finder's view options for the last few months, and these seem to have solved the issue in hand.
Essentially, we found that Finder was holding files open whenever the 'Show Icon Preview' option was set, on any of the four folder views, on any client machine accessing the share. Below is a piece of documentation I wrote up for our Service desk explaining how to diagnose and manually fix this issue on the client:
        - In Finder, open any folder
        - Click on the cog icon and select 'show view options.' Check that, in the dialogue box which appears, the 'Show icon preview' box is not checked. Click the other three Finder views and check it's turned off here too.
        - Click 'Use as Defaults'
In order to make this change remotely on multiple machines, you will need to change the clients' com.apple.plist files, and set every instance of the <showIconPreview> key to <False>. This is nested within several key / dictionary pairs in com.apple.finder.plist, once under <standardViewOptions> and thrice within <standardViewSettings>. As Stephen has already mentioned, the fact that this key is nestled deep within compound dictionaries seems to render them untouchable by defaults, though I would be very happy to be corrected on this.
How you push this change out will depend on your management system. We had been using Casper to
to create a managed preference pertaining to <standardViewOptions> and <standardViewSettings> within com.apple.finder.plist. These contained as values the entire dictionary associated with these keys, with the value for each <showIconPreview> set to false. This was then applied at a User Enforced Level (running every logon after Finder has set up the system defaults).
As a side note, I have found that certain machines (Such as the 10.8.3 machine I'm working on now) contain a key named <FK_StandardViewSettings>, which I have been unable to ascertain the purpose or origination of. These don't seem to affect the fix, so we've left them alone.
Irritatingly, Casper has dropped support for custom Managed Preferences in their latest release, so this problem has now resurfaced. I will keep this page updated with any fixes or workarounds I find.
Hope that helps,
Josh Smith

Difference between Share Permissions and Security NTFS Folder Permissions

What is the main difference between share and security in
1. 2003 server and above:
2. How in Organisations share data folder for users
AS per me i Have following conclusion
1.
Yes - Always open up Share permissions to Everyone-Full and the ACL (apply permissions) to the actual data
folders (must be NTFS). With NT4 and W2000 you can leave the Share permissions at default when you create them and just ACL the NTFS data structures.
With W2003, the default Share permission is locked down to Read, and as Share permissions over-ride NTFS permissions,
even if you have Write access in the data folders, accessing via the Share will restrict to Read-Only, so you must open up the Share permissions on all new W2003 Shares that you create.
2.
Yes you can. Share the top level directory of your data. Open up the Share permissions to Everyone - Full,
and then ACL the sub-folders appropriately for you different user access requirements. Don't permission (ACL) any data with 'Everyone' always use Groups (or users if you must...e.g. Home Directories), and at minimum for 'public' data use 'Authenticated Users'.
Users will all be able to access the share, but only access folders and data that you allow via the NTFS permissions (ACLs).
The only other way is to create separate shares for each different access requirement - a pain and none too
flexible. Also if with W2K3 you leave the default Share permission (Read), even though you grant 'Write' NTFS permissions on the data, your users won't be able to write new data or make changes if they access via the Share, as Share permissions over-ride the
NTFS permissions.
If You have any other options so please suggest me or otherwise mark it as Answer

Sounds good. :)
Arnav Sharma | http://arnavsharma.net/ Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading
the thread.

Can I dual boot windows 7 and mountain lion with an external hard drive.

I have Mac OSX mountain lion installed and running on my 2TB external hard drive. Boot camp says that I have to use the default flash storage that came with my computer.. Is there a way to put it on my external hard drive if I partition it? I also am having a problem when I tried to use the default storage the setup would not let me format it to NTFS

By default, Boot Camp formats the drive with FAT32. That's because Windows XP could be installed with FAT32 so, in order to write on that partition on Mac OS X, Boot Camp used it instead of NTFS.
If you want to install Windows 7 (it's the only version that your Mac supports), you will have to format the Boot Camp partition in NTFS manually. To do it, just start the Windows installation as usual but, on partitioning screen, choose "BOOTCAMP" volume, press "Drive options" and then, Format, so the partition will be formatted in NTFS and you will be able to install Windows

What app do I need to install on my iphone so that audio files that have been shared with me will play?

I have google drive on my phone but I can not play any audio files that are shared with me because it keeps telling me that it is not supported without the right app.

Perform this Google search: ".dwg files on mac." The results should provide answers for you.

File Permissions and security - sharing with FW externally booted Linux

Similar Messages

Maybe you are looking for