Group Wikis not respecting set permissions - OS X Server 10.5.6

Similar Messages

• Group wikis not visible to public

  I have two wikis running on 10.6.3. They are both available to group members if they manually type in the address http://servername/groups/wiliname/
  However, if you go to http://server_name/ and click on the "Wikis" button, nothing is visible. Neither wikis are public, so if you log into "my page", they do become visible.
  Is this "normal" behavior"? Essentially to hide the wiki from view, if you are not logged into "your page", or is there some permission that would make them visible to public view, but not available?

  Hi,
  This may have some relevance on the access side
  http://discussions.apple.com/thread.jspa?messageID=9593883&#9593883
  Note that two wikis on the same host can be accessed by their group name. But that doesn't allow any more than getting a login popup if the access priviledges are correctly assigned.
  Each wiki is assigned to a group and its membership determines who gets access. Along with group membership additional access settings can be set in WGM but more detailed if you use Directory.app by selecting a specific group.
  If the setting is for Access to all authorized users then that applies to all users in Open Directory. A more specific setting is required to limit access to group members only.
  Additionally the setting of Viewable to all authorized users allows any members in the directory to see wiki content but not add or modify content. They will be allowed to make comments.
  If a wiki is to be closed to all except group members then access is select for group members only. With this setting only group members can get passed the login prompt.
  This is not exhaustive of all the possibilities but does demonstrate a range of control. The wiki access controls are not as fine grained as ACLs but can be used effectively.
  It is eye opening to realize that an authorized user includes any one that can login to the directory.
  HTH,
  Harry

• Group Wikis not being created

  Hi,
  I've got a new server running 10.5.3 Server.
  I create a group in WM and select all of the services (Mailing list, Wiki, Blog, etc) and the group is created no problem. However, no wiki is created for the group.
  I've looked in /Library/Collaboration/Groups and no folders exist for the new groups. Old ones exist from when the server was administered in Standard Mode but it is now running in Advanced Mode.
  Permissions are as they were out of the box:
  _teamserver rw
  What do I need to do in order to create the folders? Has something broken during the conversion from standard to advanced?
  Cheers,
  StuG

  Hi Stu,
  Make sure your in Workgroup Manager, select the Group and under Basic, check enabling following services. The dropdown box should have your server's ip address. Also make sure the appropriate checkboxes are marked for wiki and blog.
  Once you've created the group, you need to open Terminal and type sudo CreateGroupFolder and enter your root password (usually the first account on the server like ladmin). You should see a message stating the Group folders are created in /Library/Collaboration/Groups/<groupname>.
  Executing the command in Terminal creates the necessary wiki, blog files. Go to Server Admin, under Services...Web...Sites tab...Web Services. Select your website and make sure Services for Group...wiki and blog is checked. Make sure a user or group is selected with permission to create (edit) wiki/blog and click save.
  If your wiki stops working for any reason (disabled on you home page) remember to reset the permissions from terminal: sudo chown -R 94:94 /Library/Collaboration/
  The 94:94 sets the permissions to the teamsserver account which the wikis need to operate. Hope this helps.

• Available Group Wikis not update after group is removed

  I removed group from workgroup manager and directory service. But group wiki is still shown on Groups home page and I can even login with old member's id and password. How I can remove this?

  Yep, I'm having a similar issue.
  I've deleted the wiki site, created a new one (same domain) and added new groups. When I view the site the old groups and all the old data is all I can see. Obviously Groups bear no resemblance to the data - maybe they just provide authentication?
  Anyone know how to delete a Wiki and have it permanently removed?
  Any help would be much appreciated.
  Cheers

• Group wikis not happening

  I am fairly sure i have configured things ok but if i try to access groups page (eg whp.com.au/groups) i get an error
  "Service unavailable!
  The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.
  Error 503"
  NOTE: web services for the domain are checked and I have a couple of groups in WGM set to use that service for wikis. Anything else? thanks

  Hi All,
  I have a Leopard server that has the same problem. We have a small intranet that is hosted on the same server and that works fine, but as soon as you go http://server.example.com/groups/ it gives you the error:
  Service Temporarily Unavailable
  The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.
  I don't understand why we are getting this. I know the wiki server part was working (sorta) before I updated to 10.5.5 server, but it doesn't work anymore and we actually want to use it now!
  I know the update was suppose to help the wiki and blog services etc but it doesn't work at all now.
  Any help would be much appreciated, as this one baffles me!

• When would Public Group ID not be set to 1?

  When setting up a P6 data connection, when would the public group ID for a database connection be anything other than 1?
  Edited by: Sean Finegan on Jul 9, 2011 1:25 PM

  hello...
  I install the APEX and but
  I cant find modplsql in Apache folder postinstallation.
  I couldnt connect to http://localhost:7778/
  At the end of the installation, it showed:
  Oracle Application Express is installed in the FLOWS_030000 schema.
  The structure of the link to the Application Express administration
  services is as follows:
  http://host:port/pls/apex/apex_admin
  The structure of the link to the Application Express development
  interface is as follows:
  http://host:port/pls/apex
  I cant understand what is the problem...
  thank you...

• SoulseekQt not respecting set mime types in Openbox.

  Hi,
  I am having a strange problem with mime type handling in openbox.
  When opening files through SoulseekQt, instead of opening with VLC as my mime types are set to do it opens Audacity. And when opening the folders, it opens Gwenview instead of Thunar.
  I tried doing the same thing in xfce and it opened vlc, and thunar fine.
  Is there a file I need to edit for openbox specific mime types?
  Thanks for any help.

  My appologies for posting it into wrong forum. It should have been posted to Web Tier APIs > Java Servlet

• Disappearing Groups in Available Group Wikis Page

  I found a temporary fix to an ongoing issue and I am looking for a more permanent "fix", if there is such a thing...
  The issue is the individual group wiki not appearing in the "Available Group Wikis" when going to https://www.myserver/groups/.
  The set up is several xserves within the network, one of which is OD Master, the others are replicas. One of the replicas services the external IP, and this is the one with the no available wikis notation on the Available Group Wikis" page. The group wiki is actually on that server, and can be reached by going to https://www.myserver/groups/mygroup.
  In experimenting with this, I found that I can get the mygroup wiki to appear on the Available Group Wikis page IF: I first copy the mygroup folder/directory found in Library/Application Support/Collaboration/Groups to another location (desktop works); then delete the mygroup folder/directory in Collaboration/Groups; then browse to https://www.myserver/groups/mygroup (results in the default wiki page); then browse to https://www.myserver/groups/ and the mygroup listing is there. Next step is to copy the subfolders wiki and weblog from the original mygroup back to the new Collaboration/Groups/mygroup folder; and, change the permissions for the lot back to _teamsserver as it was originally.
  All is fine and the mygroup listing and link remains in the Available Groups Wikis page - UNTIL, the server is restarted or web server is restarted. After a restart, the Available Groups Wikis page is back to not showing any groups...
  The question is: where is the document that is getting loaded when restarting web server that either deletes the mygroup listing on the Available Groups Wikis page, or fails to see that there is a group to be listed, or how is this otherwise fixed?
  Thanks in advance for any insight into what the problem is and how to fix it.

  How are you changing the perms back to _teamserver, through Server Admin showing system accounts? Make sure you are connecting to that local machine's Server Admin when setting the _teamserver perms for the Collaboration dir and not the OD Server. This might be causing a conflict if you are using the _teamserver account from your OD Master rather than the local machine.
  Otherwise you can try wiping your ACLs using:
  sudo chmod -R -N /Library/Collaboration
  Then setup your ACLs again on the local machine's Server Admin with system accounts being shown or via the terminal.
  Message was edited by: spraguga

• AD security group memberships not coming over to SP2013.

  This seems to have coincided with applying a number of updates to our SharePoint server via Windows Update over the weekend.  Since then, changes in AD security groups are not being reflected by the appropriate access in SharePoint.  If somebody
  has been a member of an AD group prior to this weekend, their access is fine.  But changes made today aren't seeming to propagate.  Any suggestions?
  Thanks!

  Because SharePoint 2013 is based on claims it is normal for users added to AD groups to not gain the permissions for up to 24 hours because the claims tokens are cached.
  http://sergeluca.wordpress.com/2013/07/06/sharepoint-2013-use-ag-groups-yes-butdont-forget-the-security-token-caching-logontokencacheexpirationwindow-and-windowstokenlifetime/
  Paul Stork SharePoint Server MVP
  Principal Architect: Blue Chip Consulting Group
  Blog: http://dontpapanic.com/blog
  Twitter: Follow @pstork
  Please remember to mark your question as "answered" if this solves your problem.

• SAPOSS RFC Connectiion Issues - Group EWA not Found

  Hi All,
  Would anyone else happen to be getting this error today, all our systems appear affected and result in the following when doing a connection test in SM59.
  Logon     Connection Error
  Error Details     Error when opening an RFC connection
  Error Details     ERROR: Group EWA not found
  Error Details     LOCATION: SAP-Server BL012_RCR_01 on host BL012 (wp 0)
  Error Details     DETAIL: LgIGroupX
  Error Details     COMPONENT: LG
  Error Details     COUNTER: 37
  Error Details     MODULE: lgxx.c
  Error Details     LINE: 4299
  Error Details     RETURN CODE: -6
  Error Details     SUBRC: 0
  Error Details     RELEASE: 700
  Error Details     TIME: Mon Feb 08 15:44:31 2010
  Error Details     VERSION: 5
  This one being of particular interest:
  Error Details     ERROR: Group EWA not found
  If I change that to 1_Public I can get a ping response...  I've also opened up my saprouttab file and it's the same result making me think this issue is elsewhere.  Can anyone else please confirm if their SAPOSS connection using similar settings is working today?
  Load Balancing: yes
  Target System: OSS
  Msg Server: /H/<removed intentionally>/S/sapdp99/H/194.39.131.34/S/sapdp99/H/oss001
  Group: EWA
  Logon Details:
  Client: 001
  User: OSS_RFC
  Pass: whatever it is when it's recreated in OSS1 (I have deleted and recreated this RFC).
  Thanks for your help.

  Well this started working again all by itself after a couple of hours and not making any changes... me finks there was an issue with the EWA group elsewhere in the meganet...

• Please Help, After Kernel panic restart failed- apple swirl(6 hrs), SafeMode-failed, SUMode-sucess. Could not unmount disk to erase. Repair permissions-multiple fail errors:unable to set permissions on... unable to set owner and group...

  Please Help, I deleted an account that was the same name as the administrator but was not the administrator. Also a samsung galaxy s phone was charging through the usb port.
  I closed out a program and got a message that the temp file could not be stored/saved.
  Then a Kernel panic message occurred and restart was necessary.
  The restart resulted in the screen with the apple logo and a continous swirl for 6+hrs,
  Attempted Safe Mode start up, unsuccessful,
  Single User Mode-sucess.
  Ran $ fsck_hfs -rfd /dev/disk0s2 Ran several times repairs made with one which remained. something about a node.
  No change in start up attempts
  Started with install CD matching current OS 10.6
  Ran Disk Utility Repair Permissions resulting in multiple errors:
  One line/error
  Warning: SUID file /////Ardagent has been modified and will not be repaired
  144 lines/errors of this type of series of lines
  Group permissions differ on...should be drwxr-xr-x, they are -rw-r--r-- .
  permissions differ on...should be drwxr-xr-x, they are -rw-r--r-- .
  unable to set owner and group...error 22: Invalid Argument
  unable to set permissions on...error 22: Invalid Argument
  Ran Repair Disk, result:
  Error: Could not unmount disk (in red)
  Ran Verify Disk, result:
  The volume HD appears to be ok (in green)
  Next I attempted to erase the dist to start from scratch since I have data backed up on time machine.
  Error message box
  Volume Erase failed
  Volume Erase failed with error:
  Could not unmount disk
  I am looking to solve without buying DiskWarrior unless only resort.

  So it looks like  solved it for now I will update later. What I did was after starting from the install cd for the 10.6 system I ran from terminal ran:
  diskutil disablejournaling /dev/disk0s2
  diskutil disableownership /dev/disk0s2
  diskutil repairPermissions /dev/disk0s2
  then i closed terminal and then when to disk utility and chose to repair disk with results all was fine. Then ran repair permissions and got similar results from terminal function next I erased disk and then chose to restore from time machine and it is now restoring! yea!

• OrgChart - Group setting not respected when default hierarchy clicked

  Does anyone else get this problem in OrgChart (staged)?
  If a group is defined and set to u201CGroupu201D via the settings panel by the end user, then clicking the default root icon then the resulting hierarchy starts at the default root but without members grouped. 
  If the settings panel is opened, the group setting is still u201CGroupu201D (as expected).  Simply clicking u201CApply settingsu201D does result in the members being grouped.
  Looks like a bug to me, anyone else able to replicate?

  Hey Stephen,
  This funcitonality should work as expected.
  First, please verify that youset up groups from the admin first? If not, you should do it before doing anything from settings.
  From the setting when you select u201CGroupu201D u2013 you will see the grouping, the nodes will be grouped; when you select u201CShow Group Membersu201D u2013 the group will be expanded; when you select u201CHide Group Membersu201D u2013 the box with this group will disappear from the OrgChart.
  Once this is setup, if you are still experiencing issues, verify the CDS log, as it may be a permissions issue (ie no write or modify access for user settings).
  Hope this helps
  Carl

• [Apache 2] Critical error mod_rewrite: Could not set permissions on rewrite

  Hi,
  Well I had a look around to this problem and it seems it is specific to mac os system on intel machines, so I send my post here.
  I had installed the apache 2 server from www.serverlogistics.com and it seems to start. However it is impossible to log into my local website with an error in my web browser "can't log to "localhost" server".
  By reading the logs I got in /Library/Apache2/logs/error_log (where there is also a httpd.pid file): [crit] (14)Bad address: mod_rewrite: Could not set permissions on rewriteloglock; check User and Group directives Configuration Failed
  So, I commented the line "LoadModule rewrite_module modules/mod_rewrite.so" in /Library/Apache2/conf/httpd.conf with no efffect at all.
  Then I don't know what to do.... any idea please ?
  NB : I did not configure or set any htaccess file in any directory.
  Denis

  denis_4l wrote:
  Hi,
  Well, I had tried several ways among others MAMP. With, MAMP, I experienced some problems running MySQL and or Apache server.
  If you'd like help, you need to describe the specific problems you're having. You're not giving people here much to go on in order to be able to help. Without knowing what you've already tried, and what the results were, it's impossible to say if you've just made a simple mistake or if you've truly hit upon something that won't work. The Apache logs are especially helpful, with lots of detailed information to help in troubleshooting.
  To say the true, I bought this Macbook because the system kernel is 100% compatible with Linux, and I was full of naives hopes, thinking that I will install/compile easily softwares that are usual under Linux world.....
  I certainly haven't had much problem compiling and installing software that's distributed as source code, though I haven't tried to compile Apache. While it's true that much of the software will compile, it's also true that you might have to make some small changes here and there to the source code to get it to work correctly. But you might also have to do the same thing to get them to compile on different Linux distributions. So OS X isn't that different in that respect.
  If you want to get Apache 2 running with MAMP, post back with specific information on what problems you had and I'll try to help. I've been hacking at Apache installations for many years now, so if I know the problems you're having, there's a good chance I've been through them, too.
  charlie

• New files and folders on a Linux client mounting a Windows 2012 Server for NFS share do not inherit Owner and Group when SetGID bit set

  Problem statement
  When I mount a Windows NFS service file share using UUUA and set the Owner and Group, and set the SetGID bit on the parent folder in a hierarchy. New Files and folders inside and underneath the parent folder do not inherit the Owner and Group permissions
  of the parent.
  I am given to understand from this Microsoft KnowledgeBase article (http://support.microsoft.com/kb/951716/en-gb) the problem is due to the Windows implmentation of NFS Services not supporting the Solaris SystemV or BSD grpid "Semantics"
  However the article says the same functionality can acheived by using ACE Inheritance in conjunction with changing the Registry setting for "KeepInheritance" to enable Inheritance propagation of the Permissions by the Windows NFS Services.
  1. The Precise location of the "KeepInheritance" DWORD key appears to have "moved" in  Windows Server 2012 from a Services path to a Software path, is this documented somewhere? And after enabling it, (or creating it in the previous
  location) the feature seems non-functional. Is there a method to file a Bug with Microsoft for this Feature?
  2. All of the references on demonstrating how to set an ACE to achieve the same result "currently" either lead to broken links on Microsoft technical websites, or are not explicit they are vague or circumreferential. There are no plain Examples.
  Can an Example be provided?
  3. Is UUUA compatible with the method of setting ACE to acheive this result, or must the Linux client mount be "Mapped" using an Authentication source. And could that be with the new Flat File passwd and group files in c:\windows\system32\drivers\etc
  and is there an Example available.
  Scenario:
  Windows Server 2012 Standard
  File Server (Role)
  +- Server for NFS (Role) << -- installed
  General --
  Folder path: F:\Shares\raid-6-array
  Remote path: fs4:/raid-6-array
  Protocol: NFS
  Authentication --
  No server authentication
  +- No server authentication (AUTH_SYS)
  ++- Enable unmapped user access
  +++- Allow unmapped user access by UID/GID
  Share Permissions --
  Name: linux_nfs_client.host.edu
  Permissions: Read/Write
  Root Access: Allowed
  Encoding: ANSI
  NTFS Permissions --
  Type: Allow
  Principal: BUILTIN\Administrators
  Access: Full Control
  Applies to: This folder only
  Type: Allow
  Principal: NT AUTHORITY\SYSTEM
  Access: Full Control
  Applies to: This folder only
  -- John Willis, Facebook: John-Willis, Skype: john.willis7416

  I'm making some "major" progress on this problem.
  1. Apparently the "semantics" issue to honor SGID or grpid in NFS on the server side or the client side has been debated for some time. It also existed as of 2009 between Solaris nfs server and Linux nfs clients. The Linux community defaulted to declaring
  it a "Server" side issue to avoid "Race" conditions between simultaneous access users and the local file system daemons. The client would have to "check" for the SGID and reformulate its CREATE request to specify the Secondary group it would have to "notice"
  by which time it could have changed on the server. SUN declined to fix it.. even though there were reports it did not behave the same between nfs3 vs nfs4 daemons.. which might be because nfs4 servers have local ACL or ACE entries to process.. and a new local/nfs
  "inheritance" scheme to worry about honoring.. that could place it in conflict with remote access.. and push the responsibility "outwards" to the nfs client.. introducing a race condition, necessitating "locking" semantics.
  This article covers that discovery and no resolution - http://thr3ads.net/zfs-discuss/2009/10/569334-CR6894234-improved-sgid-directory-compatibility-with-non-Solaris-NFS-clients
  2. A much Older Microsoft Knowledge Based article had explicit examples of using Windows ACEs and Inheritance to "mitigate" the issue.. basically the nfs client "cannot" update an ACE to make it "Inheritable" [-but-] a Windows side Admin or Windows User
  [-can-] update or promote an existing ACE to "Inheritable"
  Here are the pertinent statements -
  "In Windows Services for UNIX 2.3, you can use the KeepInheritance registry value to set inheritable ACEs and to make sure that these ACEs apply to newly created files and folders on NFS shares."
  "Note About the Permissions That Are Set by NFS Clients
  The KeepInheritance option only applies ACEs that have inheritance enabled. Any permissions that are set by an NFS client will
  only apply to that file or folder, so the resulting ACEs created by an NFS client will
  not have inheritance set."
  "So
  If you want a folder's permissions to be inherited to new subfolders and files, you must set its permissions from the Windows NFS server because the permissions that are set by NFS clients only apply to the folder itself."
  http://support.microsoft.com/default.aspx?scid=kb;en-us;321049
  3. I have set up a Windows 2008r2 NFS server and mounted it with a Redhat Enteprise Linux 5 release 10 x86_64 server [Oct 31, 2013] and so far this does appear to be the case.
  4. In order to mount and then switch user to a non-root user to create subdirectories and files, I had to mount the NFS share (after enabling Anonymous AUTH_SYS mapping) this is not a good thing, but it was because I have been using UUUA - Unmapped Unix
  User Access Mapping, which makes no attempt to "map" a Unix UID/GID set by the NFS client to a Windows User account.
  To verify the Inheritance of additional ACEs on new subdirectories and files created by a non-root Unix user, on the Windows NFS server I used the right click properties, security tab context menu, then Advanced to list all the ACEs and looked at the far
  Column reflecting if it applied to [This folder only, or This folder and Subdirectories, or This folder and subdirectories and files]
  5. All new Subdirectories and files createdby the non-root user had a [Non-Inheritance] ACE created for them.
  6. I turned a [Non-Inheritance] ACE into an [Inheritance] ACE by selecting it then clicking [Edit] and using the Drop down to select [This folder, subdirs and files] then I went back to the NFS client and created more subdirs and files. Then back to the
  Windows NFS server and checked the new subdirs and folders and they did Inherit the Windows NFS server ACE! - However the UID/GID of the subdirs and folders remained unchanged, they did not reflect the new "Effective" ownership or group membership.
  7. I "believe" because I was using UUUA and working "behind" the UID/GID presentation layer for the NFS client, it did not update that presentation layer. It might do that "if" I were using a Mapping mechanism and mapped UID/GID to Windows User SIDs and
  Group SIDs. Windows 2008r2 no longer has a "simple" Mapping server, it does not accept flat text files and requires a Schema extension to Active Directory just to MAP a windows account to a UID/GID.. a lot of overhead. Windows Server 2012 accepts flat text
  files like /etc/passwd and /etc/group to perform this function and is next on my list of things to see if that will update the UID/GID based on the Windows ACE entries. Since the Local ACE take precedence "over" Inherited ACEs there could be a problem. The
  Inheritance appears to be intended [only] to retain Administrative rights over user created subdirs and files by adding an additional ACE at the time of creation.
  8. I did verify from the NFS client side in Linux that "Even though" the UID/GID seem to reflect the local non-root user should not have the ability to traverse or create new files, the "phantom" NFS Server ACEs are in place and do permit the function..
  reconciling the "view" with "reality" appears problematic, unless the User Mapping will update "effective" rights and ownership in the "view"
  -- John Willis, Facebook: John-Willis, Skype: john.willis7416

• Why can't Firefox set permissions for Snow Leopard Server Web-Site Wikis

  I've established a web-site for collaboration of planning for a state-wide NGO and a local citizens-government oversight commission.
  I'm using Snow Leopard Server v10.6.4, to drive the web-site, which includes the use of wikis.
  In creating a wiki and setting permissions, I find that I cannot set permissions for users or groups to 'read only' from the default 'read & write' while using Firefox. However, I CAN set them to 'read only' using Safari. And, once the permission has been modified in Safari, THEN it can be modified in Firefox.

  Solution found at http://michaeljin.wordpress.com/2010/01/05/locked-out-of-mac-os-x-server/
  It’s blog update time! Updates have been a little scarce lately, been super busy with getting trophies on PS3
  Anyway, recently encountered the following with a Mac mini server running Snow Leopard Server:
  Despite being able to ARD / Screenshare the Mac mini, I was unable to get any further than the login window. Authentication credentials are obviously valid. No weird access permissions have been set. However, the weird thing was, I can connect to the server via Server Admin tools (from another Mac) and all other services were running without a hitch.
  After much head scratching it turns out to be a sACL (Service Access Control List) issue.
  This thread solved the mystery!
  http://discussions.apple.com/thread.jspa?threadID=1654864
  To save you the trouble, I’ll lay it out here. I cannot take credit for this, but Randall can!
  Open Server Admin on a computer (any), and connect with the local admin to the machine.
  Select the server and authenticate.
  Select Settings, then go to Access. You’ll want to make sure that Login Window and SSH have the local admin account listed if you select the option to “Allow only these users”. For now, I would suggest making sure all services have “Allow all users and groups” selected.
  If (as in my case) it was set to Allow All in the first place, simply toggle the settings – back and forth.
  Save.
  Try logging in again… should be a good one!