Group owner "wheel"
I recently installed an oss app, I was unable to make an alias of it, so I checked its permissions.
Its group owner was "wheel", now I'm just curious why it was set as wheel. btw, the user owner is my main account, who is not in group wheel.
So is there any drawbacks to adding myself to group "wheel"?, any drawbacks to changing group ownership to admin, root, or $Name?
Here are some of my permissions:
mac $ pwd
/Applications
mac $ ls -l
total 480
drwxr-xr-x 3 mac staff 102 Jan 24 2007 0xED-1.app/
-rwxr-xr-x 1 mac wheel 13780 Sep 15 15:47 0xED.app*
drwxrwxr-x 4 root admin 136 Jan 11 1970 Acrobat Reader 5.0/
drwxrwxr-x 3 root admin 102 Sep 11 17:31 Address Book.app/
drwxrwxr-x 3 mac admin 102 Aug 15 2007 Adobe Help Viewer 1.0.app/
drwxrwxr-x 6 mac admin 204 Oct 31 2003 Adobe Reader 6.0/
drwxrwxr-x 5 mac admin 170 Nov 13 15:50 Adobe Reader 9/
seems like other should be r-x
root # ls -ld WhatSize*
drwx------ 3 mac admin 102 Apr 7 2006 WhatSize.app/
Used the gui alias command...
root # ls -ld WhatSize*
drwx------ 3 mac admin 102 Apr 7 2006 WhatSize.app/
-rw-r--r-- 1 mac admin 0 Nov 20 16:31 WhatSize.app alias
root #
Robert
Similar Messages
-
We have a requirement where we have to send a consolidated email to the new group owner which lists all the groups that are tagged to him/her.
This requirement is needed so that the new group owner can be notified of the groups that he/she owns. Group owner information can be updated in AD which would then sync with FIM, Bulk updates for groups in FIM.
So first we would have to basically track the group owner change in FIM, retrieve the owner information, then list all the groups listed under him, consolidate an email and trigger the notification.
Can someone help me and let me know how this can be achieved?
Thanks in advance!!Hello,
you can not do with only OOB functions. You will need a custom activity to enumerate all group a specific persons owns.
First part is easy, create a MPR which triggers a workflow activity on owner attribute changes.
The custom activity should then search for all groups new owner owns in addition.
Pass that information through the WorklowDictionary to a notification activity.
If your are not familar with developing workflow activities you could use PowerShell Activity for example.
/Peter
Peter Stapf - ExpertCircle GmbH - My blog:
JustIDM.wordpress.com -
How to create a Set of Group Owners
Step 1: Create and bind an attribute called GroupOwner to user objects in the Portal
Step 2: Run the following Powershell script as an administrator of FIM.
Step 3: Create your set based on the updated GroupOwner attribute which will now be true for all your Group Owners
Step 4: Make workflows! :)
The Code:
$uri
=
http://NameofYourServer:5725
$attributeName
=
"GroupOwner"
# load FIM snapin, ignore errors if already loaded
Add-PSSnapin
FIMAutomation
-ErrorAction
SilentlyContinue
# gets the value of a single-valued attribute from an exported object
function
GetAttributeValue($exportObject,[string]
$name) {
$attribute
=
$exportObject.ResourceManagementObject.ResourceManagementAttributes |
Where-Object {$_.AttributeName
-eq
$name}
if ($attribute
-ne
$null
-and
$attribute.Value) {
$attribute.Value
$users=Export-FIMConfig
-CustomConfig
"/Person[ObjectID = /Group/Owner]"
-OnlyBaseResources
foreach ($user
in
$users) {
$objectID2=$user.ResourceManagementObject.ResourceManagementAttributes
| Where-Object {$_.AttributeName
-eq
"ObjectID"}
$objectID2=$objectID2.Value
$ImportOperation
= [Microsoft.ResourceManagement.Automation.ObjectModel.ImportOperation]
$ImportState
= [Microsoft.ResourceManagement.Automation.ObjectModel.ImportState]
$importChange
=
New-Object
Microsoft.ResourceManagement.Automation.ObjectModel.ImportChange
$importChange.Operation
=
$ImportOperation::Replace
$importChange.AttributeName
=
${attributeName}
$importChange.AttributeValue
=
$true
$importChange.FullyResolved
= 1
$importChange.Locale
=
"Invariant"
$importObject
=
New-Object
Microsoft.ResourceManagement.Automation.ObjectModel.ImportObject
$importObject.ObjectType
=
"Person"
$importObject.TargetObjectIdentifier
=
$objectID2
$importObject.SourceObjectIdentifier
=
$objectID2
$importObject.State
=
$ImportState::Put
$importObject.Changes
= (,$importChange)
$importObject |
Import-FIMConfig
-uri
$uriChanged the code to allow for skipping values that are already true to reduce FIM level overhead.
$uri = "http://FQDNofyourServer:5725"
$attributeName = "GroupOwner"
# load FIM snapin, ignore errors if already loaded
Add-PSSnapin FIMAutomation -ErrorAction SilentlyContinue
# gets the value of a single-valued attribute from an exported object
function GetAttributeValue($exportObject,[string] $name) {
$attribute = $exportObject.ResourceManagementObject.ResourceManagementAttributes |
Where-Object {$_.AttributeName -eq $name}
if ($attribute -ne $null -and $attribute.Value) {
$attribute.Value
$users=Export-FIMConfig -CustomConfig "/Person[ObjectID = /Group/Owner]" -OnlyBaseResources
foreach ($user in $users) {
$objectID2=$user.ResourceManagementObject.ResourceManagementAttributes | Where-Object {$_.AttributeName -eq "ObjectID"}
$objectID2=$objectID2.Value
$objectID3=$user.ResourceManagementObject.ResourceManagementAttributes | Where-Object {$_.AttributeName -eq "GroupOwner"}
$objectID3=$objectID3.Value
if ($objectID3 -ne $true) {
# write-host $objectID2
$ImportOperation = [Microsoft.ResourceManagement.Automation.ObjectModel.ImportOperation]
$ImportState = [Microsoft.ResourceManagement.Automation.ObjectModel.ImportState]
$importChange = New-Object Microsoft.ResourceManagement.Automation.ObjectModel.ImportChange
$importChange.Operation = $ImportOperation::Replace
$importChange.AttributeName = ${attributeName}
$importChange.AttributeValue = $true
$importChange.FullyResolved = 1
$importChange.Locale = "Invariant"
$importObject = New-Object Microsoft.ResourceManagement.Automation.ObjectModel.ImportObject
$importObject.ObjectType = "Person"
$importObject.TargetObjectIdentifier = $objectID2
$importObject.SourceObjectIdentifier = $objectID2
$importObject.State = $ImportState::Put
$importObject.Changes = (,$importChange)
$importObject | Import-FIMConfig -uri $uri -
Group Owner unable to see members
Hello All,
I posted this question a while back but never got an answer so I thought I'd repost it. I've run into an issue where when a security group owner logs into the FIM portal they see the groups they are managing but are unable to see a list of
members of the group. However when I log in as an FIM administration and I look at the same group I see all members. How do I allow the group owner to manage his own group by granting him access to read the membership. Is there a specific Search Scope or MPR
that needs to be enabled besides the following.
MPR's that are enabled
Security group management: Owners can read selected attributes of group resources
Security group management: Owners can update and delete groups they own
Navigation Bar Resources that are enabled as BasicUI
Security Groups (SG's)
My SGs
My SG Memberships
Home Page Resources that are enabled as BasicUI
Security Groups (SG's)
My SGs
My SG Memberships
Search Scopes that have BasicUI
My Security Groups
My SG MembershipsDefault values here:
Half-seen attributes are: Manager; MiddleName; Mobile Phone; Time Zone
Is this user a part of this group as well? If so maybe try to enable MPR named User management: Users can read attributes of their own
also?
Another way to check what should be enabled is:
In Management Policy Rules view, click Explore.
On Find tab, leave first option selected.
On Criteria tab, select: Read resource, Only permission granting...; Include disabled ...; Requestor: owner. Target Resource: group
Check MPRs listed and check which of them are disabled :)
Security group management: Owners can read selected attributes of group resources
Security group management: Users can read selected attributes of group resources
Group management: Group administrators can read attributes of group resources
If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer. -
Extract group owners from group
How can you extract group owners from a group? ver. 3.0.9.8.5. I want to do two things; extract all groups that a user is the owner of, and find all the owners of a group.
The code below will extract out all the users of a group, but how do you get the owners? I can't figure out where the group owner flag is being set. There are two deprecated functions (get_list_members, user_in_group), which I've used and is extra coding than what's necessary, but we're also migrating to version 2 soon.
Thanks,
Rick
SELECT b.name,
a.user_name,
a.last_name,
a.first_name
FROM portal30.wwsec_person$ a,
portal30.wwsec_group$ b,
portal30.wwsec_member$ c
WHERE a.id = c.member_person_id
AND b.name = 'my_group'Sorry, I got timed out and posted this to the wrong forum accidently. Is there a way to delete your own message?
-
Group owners can't manage own membership
I want to let group owners manage thier own membership (add and delete users from thier group only). Being assigned as "group owner" doesn't provide any mechanism that I could find to do this. However, assigning the group's "Privilege Assignments, Allow Group Editing" is too powerful, allowing membership management of all groups. We are using portal version 9.0.2.3.0B
What am i missing?Applied patch but it did not help. Nor did the workaround work. I can logout, close the browser and upon logging back in I still cannot manage my group.
I am both the owner and a member of my group.
The error I get is:
Group Management Error!
No Privilege to Edit Group. -
Changing group owner disables wiki/blog
For quite some time now the procedure for creating new groups with a single owner/moderator has worked well. I 1) go in to the directory app on the server, 2)create the group, 3) change the owner to the teacher who will manage the wiki/blog, 4) add the teacher to the list of users allowed to create wikis (in web services). Then everything works like a charm. As of a few weeks ago (and I have not run any updates--still on 10.5.6, etc.), as soon as I change the group owner from Directory Administrator the wiki/blog generates a no group with that name is hosted on this server. Changing the owner back to directory admin fixes this but I need the teachers to be owner/moderators. Any suggestions on what might be causing this problem?
Thanks,Is there any solution to this problem? I am trying to set up the group owner but can't. I am set as the group owner in the group list and set as moderator in the list of users allowed to create wikis but when I go into the wiki site I am unable to change settings.
-
Set group owner using REST API
I'm trying to use the REST API to set the owner of a SharePoint group. I can successfully create the group using REST, but I can't change the owner. I've tried the following.
1 - Specifying a group owner while creating the group
Endpoint: .../_api/web/sitegroups
Method: POST
Headers:
Content-Type: application/json; odata=verbose
Body:
{ '__metadata': { 'type': 'SP.Group' }, 'Title': '<title>', 'Description': '<description>', 'Owner': { '__metadata': { 'type': 'SP.Principal' }, 'Title': '<owner_title>'}}
This returns a 500 error: "The specified name is already in use. Please try again with a new name". In other words, the owner title I specified already exists, which is correct - I'm trying to make an existing principal the owner of the new group.
2 - Merging a new group owner into an existing group
Endpoint: .../_api/web/sitegroups(<group_id>)
Method: POST
Headers:
Content-Type: application/json; odata=verbose
X-HTTP-Method: MERGE
Body:
{ '__metadata': { 'type': 'SP.Group' }, 'Owner': { '__metadata': { 'type': 'SP.Principal' }, 'Title': '<owner_title>'}}
This returns a 500 error with a Microsoft.SharePoint.SPException: "Exception from HRESULT: 0x80131904". The trace logs don't shed any light on it.
3 - Using the owner endpoint directly
Endpoint: .../_api/web/sitegroups(<group_id>)/owner
Method: POST
Headers:
Content-Type: application/json; odata=verbose
X-HTTP-Method: PUT
Body:
{ '__metadata': { 'type': 'SP.Principal' }, 'Title': '<owner_title>'}
This throws various 400 errors. If the current owner of the group is a user, I get the error "The required property 'Email' does not exist in the message" - i.e. it wants SP.User properties. If the current owner of the group is another group, I get
the error "The required property 'AllowMembersEditMembership' does not exist in the message." - i.e. it wants SP.Group properties.
I've tried various adaptations of the three approaches above, such as specifying additional SP.Principal properties or passing SP.User or SP.Group objects instead, but with no success. Any ideas?As we chatted on email. There doesn't seem to be any combo that will set the owner. Only way to do it is to use the CSOM XML method and post to client.svc\ProcessQuery:
POST
http://weburl/_vti_bin/client.svc/ProcessQuery HTTP/1.1
X-RequestDigest: 0xAE382F0A8F11688BA9BE66739F84443892CE5E5452BA3E2622F6013D9D97EA8A8D9476463EDC503F700EB24F45024150D0DEEB2F40B160CD88BA7C7B4769BECD,15 Jan 2014 00:11:02 -0000Content-Type: text/xml
Host:
www.sanspug.org
Cookie: FedAuth=blah
Content-Length: 612
Expect: 100-continue
Accept-Encoding: gzip, deflate
XML body is:
<Request AddExpandoFieldTypeSuffix="true" SchemaVersion="15.0.0.0" LibraryVersion="15.0.0.0" ApplicationName=".NET Library" xmlns="http://schemas.microsoft.com/sharepoint/clientquery/2009">
<Actions>
<SetProperty Id="45" ObjectPathId="32" Name="Owner">
<Parameter ObjectPathId="33" />
</SetProperty>
<Method Name="Update" Id="46" ObjectPathId="32" />
</Actions>
<ObjectPaths>
<Identity Id="32" Name="740c6a0b-85e2-48a0-a494-e0f1759d4aa7:site:a1452dcc-8fc4-4631-8ada-97cb204810f1:g:9" />
<Identity Id="33" Name="740c6a0b-85e2-48a0-a494-e0f1759d4aa7:site:a1452dcc-8fc4-4631-8ada-97cb204810f1:g:7" />
</ObjectPaths></Request>
The ids are randomly generated and can be anything you want, as long as they correlate (setproperty and method objectpathid is the object you are updating). The most important part is the
“Name” parts. The first part is the typeid of the object (in this case is means SPGroup), the second part as you can see if the site guid id. The response does in fact return json if you tell it too:
Chris Givens CEO, Architecting Connected Systems
Blog Twitter -
How can you extract group owners from a group? ver. 3.0.9.8.5. I want to do two things; extract all groups that a user is the owner of, and find all the owners of a group.
The code below will extract out all the users of a group, but how do you get the owners? I can't figure out where the group owner flag is being set. There are two deprecated functions (get_list_members, user_in_group), which I've used and is extra coding than what's necessary, but we're also migrating to version 2 soon.
Thanks,
Rick
SELECT b.name,
a.user_name,
a.last_name,
a.first_name
FROM portal30.wwsec_person$ a,
portal30.wwsec_group$ b,
portal30.wwsec_member$ c
WHERE a.id = c.member_person_id
AND b.name = 'my_group'Strange thing is this morning the "Other" link is now missing for my account as well. I contacted Microsoft and they said 1 out of 5 of their admins had the "Other" link. One of which had the same version as our domain. So they're doing
a tenant sync and checking on past and new updates to try and find the issue.
That direct link that you sent works but I'm hoping that'll be a plan B. -
Group owners unable to edit groups
We migrated from portal version 3.0.9.8.5 to 9.0.2.6.18
using verison4 of the upgrade scripts.
Now group owners cannot edit groups.
However when i login as portal30_admin or assign
edit any group to group owners they can edit groups.
Any pointers?This is a known bug in this version. You need to open a TAR for the solution.
-
Users and Group Owners are unable to see their groups
Hello all,
I have an issue where security group owners are unable see/read any groups that they own. I have enabled the following MPR's but still nothing please help.
Group management: Group administrators can create and delete group resources
Group management: Group administrators can read attributes of group resources
Group management: Group administrators can update group resources
Security group management: Owners can read selected attributes of group resources
Security group management: Owners can update and delete groups they own
Security group management: Users can read selected attributes of group resources
Also when a user logs into the portal they are unable to see any Security groups listed under MY SG Membership. However when we check the group membership they are indeed part of the group both in FIM portal
and AD.Reason might be that user's don't have access to group objects at all or are not able to read some of attributes of a group. Also make sure that BasicUI keyword was added to the specific elements of UI used in group management - this includes navbars but
also search scopes which are used for group filtering.
On the MPRs side:
Make sure that your Security group users set was not modified - maybe people are filtered out from these MPRs.
Use explore function in MPR part of a portal to check what actual MPRs are being triggered when user tries to access group object.
Tomek Onyszko, memberOf Predica FIM Team (http://www.predica.pl), IdAM knowledge provider @ http://blog.predica.pl
Hi Tomek,
Which attributes must a user be able to read in order for this to work? If possible can you provide me with a full list so I can verify that they do have rights to read them.
I have added the keywork BasicUI to the following sections
Under Home Page Resource
Join a SG
Manage my SGs
Search Scopes
Security Groups (SGs)
See my SG memberships
Under Navigation Bar Resource
My SG Memberships
My SGs
Security Groups (SGs)
As for the security group users set, I have modified it to allow all domain users to be part of this set. When I click View Members all users are listed.
"Use explore function in MPR part of a portal to check what actual MPRs are being triggered when user tries to access group object. " How would somebody go about doing this? -
I for got to switch the primary group from oinstall to dba after oracle installation. As a consequence, my database (data files) was created with the the group owner as "oinstall" instead of "DBA". Any problem if I shut down the DB, change the ownership or the data files to "DBA"??? I followed the Oracle installation recommendation and the OS oracle user belonged to both oinstall and dba groups.
Thanks!user13118074 wrote:
Thanks for the quick and helpfull reply!!!
The reason I want to change some of the data files group ownership to "DBA" because after I created the DB, I change the primary group of the OS iseracle user to "DBA", and as a result, all the new tablespaces have data file group owner as "DBA". This means some data files now have "oinstall" as the group owner while the rest have "DBA" as the group owner. The DB still working OK with 2 different group ownerships, but I want to change for consistency. So, again, my question is if I shut down the DB and change the data file group owner to "DBA", the DB should still be working properly after change???. Thanks!Yes it would be working properly after the change as mentioned by you.
Regards
Anurag -
Group owner distribution list cant add/remove member via outlook but via ecp work fine
Hi all,
i user exchange server 2013 sp1 with domain contoler windows server 2008 R2.
my end user have problem. When group owner want to add/remove member via outlook cant but via ecp work fine ?
i try to folowing this article http://theucguy.net/group-owners-cannot-manage-distribution/ but not work.
any ideas? please help
thanks,Hi,
Please share me the error message which is occurring when the group owner try to add or remove members.
Note : Group owners cannot be as a group and it should be an individual member.
Please execute the below mentioned command and let me know the status .
Get-DistributionGroup –ID “DistributionGroupName”
| Set-DistributionGroup –ForceUpgrade
Execute the above mentioned command and check.
Regards
S.Nithyanandham
Thanks & Regards S.Nithyanandham -
Hi Guys,
I have DAG extended to two sites (Primary and DR).
I have moved Cluster group owner to DR mailbox server using power shell command.
Now, when I try to move the cluster group owner back to a mailbox server in the Primary site, It doesn't work.
It (PAM role of exchange) switches back to DR mailbox node automatically, any idea why is this happening ?
Platform: Server 2012 with Exchange 2013Hi Raghu,
Please use the below mentioned command on the windows power shell and share me the results.
Step 1:
Import-Module failoverclusters
Step 2 :
Move-ClusterGroup -Node "Any one of the node on production site" -Name "cluster group"
Step 3 :
Please run the below mentioned command to check the PAM role and that is the server which is holding the cluster resources.
Get-DatabaseAvailabilityGroup -Identity "dag name" -Status | fl *pri*
To confirm that again .Please use the below mentioned command in Exchange management shell.
Get-ClusterGroup | ft -au
In addition to that , please share the fail over cluster events which is related the cluster resources move.
To have deep dig on this case we can do the following.
From one of the nodes of the cluster, open a Command Prompt with Administrator rights. The simplest command to create the log is to type “cluster log /g”. A clusterl.log file will be generated and stored in the %windir%\Cluster\Reports directory
on each node of the cluster. Note that with all commands you can use either “cluster … ” or “cluster.exe …” as they have the same functionality.
Please reply me if you have any queries.
Thanks & Regards S.Nithyanandham -
Distribution group owner field in GAL not displaying for configured owner.
Quick question: for a configured DG owner to show up in the owner field when the properties are selected via Outlook using the GAL, does the owner need to also be a member of the group for the field to display that person? We have a case here where the owner
is configured in Exchange, but does not display in Outlook. I checked other groups and when the owner does display in Outlook, the owner is always a member of the group in question also.
Thanks!Thanks for the reply. Yes, I do see her as the MagedBy user:
[PS] C:\Windows\system32>Get-DistributionGroup .globalpeopleleaders | Ft Managedby
ManagedBy
{cds.int/Canada/Users/Laptop Users/Heutzenroeder, Audrey}
Yet, in Outlook the owner field in the properties of the DG is emtpy.
I'm told that she was made manager of the group 18 months ago.
Maybe you are looking for
-
Up grade software on black bt vision box and new b...
Just had upgrade on bt vision box and states i have no broadband connection. (direct connection to router) I had to go into router and turn off smart set-up. now what ever happened to the old plug and play. your standard job bloggs is going to rip
-
Verizon iPhone 4S stopped being able to receive SMS messages last night. Any ideas?
My wife and I have had our iPhone 4S's since they first became available in 2011. Up until last night we had not had any issues. All of a sudden a couple of our relvatives called us and said they could not send us text messages, they were getting N
-
While I was able to send faxes in the past, suddenly I cannot. Now when I click print - send fax and fill in the info to send I get a "error while printing"message. The "modem" field in the fax dialog box reads "no fax selected" When I click "show fa
-
Net price not fetching to new PO thru' existing PO for same vendor
While creating new PO for a material system is not fetching "net price" data from already existing PO for same material against same vendor. This is happening after attaching OMET settings in User authorisation. How to solve this issue?
-
IPhoto won't let me upgrade to 9.6
When I try to upgrade to iPhoto 9.6 the upgrade says "Not Responding". It won't let me upgrade, so now I can't even get to my photos. Please help!