Home Directory Permission Fix Sought

Similar Messages

• Mac - SGD won't start - home directory permission problem?

  Mac OSX 10.5.6 when attempting to login to SGD fails to start. Relevant section from java console:
  security: Certificate has failed the verification with the Root CA certificates
  security: Adding certificate in Deployment session certificate store
  security: Added certificate in Deployment session certificate store
  security: Saving certificates in Deployment session certificate store
  security: Saved certificates in Deployment session certificate store
  network: Connecting https://zsgd.open-tech.com/sgd/tcc/java/Tester.class with cookie "JSESSIONID=F5602C38467AC1159DCF761A6AA3CE44; TTA_SESSION_OBJECT=-1721504362694110337:zsgd.open-tech.com:1234879815946:-1085814744412016712:2; TTA_CLIENT_COOKIE=1234818729782-6121439398221565261"
  basic: Loading https://zsgd.open-tech.com/sgd/tcc/java/Tester.class from cache
  Tue Feb 17 08:21:58 CST 2009 JEP creating applet Tester (https://zsgd.open-tech.com/sgd/tcc/java/)
  basic: Starting applet…
  basic: Referencing classloader: sun.plugin.ClassLoaderInfo@a32ea4, refcount=1
  basic: Loading applet/u2026
  basic: Initializing applet/u2026
  basic: Added progress listener: sun.plugin.util.GrayBoxPainter@946d22
  basic: Referencing classloader: sun.plugin.ClassLoaderInfo@a32ea4, refcount=2
  basic: Releasing classloader: sun.plugin.ClassLoaderInfo@a32ea4, refcount=1
  network: Connecting https://zsgd.open-tech.com/sgd/tcc/java/ttalwG-jps.jar with proxy=DIRECT
  network: Connecting https://zsgd.open-tech.com/sgd/tcc/java/ttalwG-jps.jar with cookie "JSESSIONID=F5602C38467AC1159DCF761A6AA3CE44; TTA_SESSION_OBJECT=-1721504362694110337:zsgd.open-tech.com:1234879815946:-1085814744412016712:2; TTA_CLIENT_COOKIE=1234818729782-6121439398221565261"
  basic: Loading https://zsgd.open-tech.com/sgd/tcc/java/ttalwG-jps.jar from cache
  basic: Reading cached JAR file from JRE 1.5 release
  basic: Certificates for https://zsgd.open-tech.com/sgd/tcc/java/ttalwG-jps.jar is read from JAR cache
  security: Loading certificates from Deployment session certificate store
  security: Loaded certificates from Deployment session certificate store
  security: Checking if certificate is in Deployment session certificate store
  security: User has denied the priviledges to the code
  java.lang.IndexOutOfBoundsException: Index: 1, Size: 1
  So I created another account and it works fine there. Compared permissions between the two accounts and they appear identical. Looks like it can't create the .tarantella directory in my home directory. Did have some home directory permission problems a couple weeks ago and used the utility on the Mac OSX install disk to reset home directory permissions and ACLs.
  Any suggestions greatly appreciated.
  Mark G.

  I probably should have included more of the java console output. This is output after what appears to be certificate checking:
  basic: Reading cached JAR file from JRE 1.5 release
  basic: Certificates for https://zsgd.open-tech.com/sgd/tcc/java/ttalwG-jps.jar is read from JAR cache
  security: Loading certificates from Deployment session certificate store
  security: Loaded certificates from Deployment session certificate store
  security: Checking if certificate is in Deployment session certificate store
  security: User has denied the priviledges to the code
  java.lang.IndexOutOfBoundsException: Index: 1, Size: 1
       at java.util.LinkedList.entry(LinkedList.java:368)
       at java.util.LinkedList.get(LinkedList.java:313)
       at com.sun.deploy.security.MacOSXTrustDecider.isAllPermissionGranted(MacOSXTrustDecider.java:163)
       at com.sun.deploy.security.MacOSXTrustDecider.isAllPermissionGranted(MacOSXTrustDecider.java:86)
       at com.sun.deploy.security.MacOSXTrustDecider.isAllPermissionGranted(MacOSXTrustDecider.java:79)
       at sun.plugin.security.PluginClassLoader.getPermissions(PluginClassLoader.java:146)
       at java.security.SecureClassLoader.getProtectionDomain(SecureClassLoader.java:192)
       at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:124)
       at java.net.URLClassLoader.defineClass(URLClassLoader.java:260)
       at java.net.URLClassLoader.access$100(URLClassLoader.java:56)
       at java.net.URLClassLoader$1.run(URLClassLoader.java:195)
       at java.security.AccessController.doPrivileged(Native Method)
       at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
       at sun.applet.AppletClassLoader.findClass(AppletClassLoader.java:147)
       at java.lang.ClassLoader.loadClass(ClassLoader.java:316)
       at sun.applet.AppletClassLoader.loadClass(AppletClassLoader.java:119)
       at java.lang.ClassLoader.loadClass(ClassLoader.java:251)
       at sun.applet.AppletClassLoader.loadCode(AppletClassLoader.java:605)
       at sun.applet.AppletPanel.createApplet(AppletPanel.java:723)
       at sun.plugin.AppletViewer.createApplet(AppletViewer.java:1864)
       at jep.AppletFramePanel.createApplet(AppletFramePanel.java:189)
       at sun.applet.AppletPanel.runLoader(AppletPanel.java:652)
       at sun.applet.AppletPanel.run(AppletPanel.java:326)
       at jep.AppletFramePanel.run(AppletFramePanel.java:176)
       at java.lang.Thread.run(Thread.java:613)
  Tue Feb 17 16:43:26 CST 2009 JEP creating applet com.tarantella.tta.client.tcc.lwplugin.pluginG.TCCHelper (https://zsgd.open-tech.com/sgd/tcc/java/)
  java.security.AccessControlException: access denied (java.util.PropertyPermission user.home read)
       at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
       at java.security.AccessController.checkPermission(AccessController.java:427)
       at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
       at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1285)
       at java.lang.System.getProperty(System.java:628)
       at com.tarantella.tta.client.tcc.lwplugin.qG.k.a(k.java)
       at com.tarantella.tta.client.tcc.lwplugin.qG.h.l(h.java)
       at com.tarantella.tta.client.tcc.lwplugin.qG.h.a(h.java)
       at com.tarantella.tta.client.tcc.lwplugin.qG.h.a(h.java)
       at com.tarantella.tta.client.tcc.lwplugin.qG.h.a(h.java)
       at com.tarantella.tta.client.tcc.lwplugin.pluginG.c.p(c.java)
       at com.tarantella.tta.client.tcc.lwplugin.pluginG.c.<init>(c.java)
       at com.tarantella.tta.client.tcc.lwplugin.pluginG.TCCHelper.run(TCCHelper.java)
       at java.lang.Thread.run(Thread.java:613)
  basic: Starting applet…

• Strange wine behavior, home directory permission change!!

  hi all, archers.
  i'm an arch user since early 2007 and this is my first post. Since now i've always found every information needed and enjoyed this great distribution.
  btw, now i have a strange behavior with last version of wine in extra repository (0.9.61).
  situation:
  clean wine install, w/o .wine prefix from previous version creation (i always redo prefix creation every new version).
  the fact:
  after wineprefixcreate, as usual, i execute winecfg for the last personalization and sound interface selection.
  fortunately and surprisingly, i notice that my home directory AND my desktop directory have completely screwed up permission. they was set to 777!!! aargh!
  my home desktop is not so critical mission but i think this is not good!!! 
  after some test, i can say, in this my strange personal experience, that it's winecfg fault. wineprefixcreate don't change any permission. this happen only after the first winecfg execution AND only the first time. following execution of winecfg does not trigger the fault.
  googled anywhere but it seems that i'm the only one in the world with this wine strange behavior. Is it true? any else?
  a little report of my config:
  (multi device are all raid5)
  /dev/sda2    ext2     /boot
  /dev/md0     ext3    /
  /dev/md1     ext3    /home
  ... other devices in irrelevant mount point.
  not so strange rc.conf
  untouched /etc/skel
  not so strange gnome DE on top of GDM
  not so strange any else 
  thanks in advance and good arching

  Solved in another Thread

• "Home Directory Full" message "fix doesn't work for me

  Often (no, not always, it's not consistent), I get the dreaded "Home Directory full" message when I launch mail. Mail then quits when I click OK. Normally, if I launch it again right away, it works.
  I tried to use the standard fix (e.g., removing the "Envelope Index" file to the desktop and launching Mail). This did cause a dialog to pup up informing me that I needed to re-index my mail file. I did that, and the process stopped with the progress indicator about two thirds through. I quit Mail and replaced the Mail folder in Library with the backup I had made before getting started.
  Next, I tried the Hoover method (running the vacuum command from the Terminal. My machine grinded away for some time. I don't know how far it got (there is no progress indicator nor any other feedback of any kind), but since nothing happened for a good half hour (with no more disk activity for a long time), I quit that process, too. Get info revealed that the "Envelope Index" file had not been modified at all by this. Again, just to be on the safe side, I replaced the Mail file again with the backup copy.
  Because the re-indexing in my first attempt had stopped while processing my sent items folder, I suspected that this one was the culprit. I therefore attempted to rebuild it (via the menu command in Mail). Much to my surprise, the process actually finished without an error message. However, my sent items folder now contained some 5,200 emails as opposed to the 7,00 or so it should have.
  Then I saved my Mail preferences file to the desktop, made a backup copy of my Mail backup file, and launched Mail. This made the application believe that it was being launched for the first time. I used the Import command and imported only the contents of the Sent Items mailbox, specifying "Other" as the type. This imported 5,225 items; at that point, the progress indicator was showed a fully completed process, even though the "messages" folder contained 7,900 items. Checking things, I found that there was a discrepancy of 9 items (i.e., the last item that showed as having been imported was not the 5,225th item in the "messages" folder, but rather the 5,216th). I thus moved the first 5,216 items from the messages folder into a different folder and tried to import the rest. Much to my surprise, Mail imported the same 5,216 items all over again. This is when I noticed that it does not import from the "messages" folder but rather from the file called "mbox".
  And this is where things stand. I still get the "Home Directory Full" message about once out of two launches of Mail (but never once Mail is up and running). I desperately need to get this fixed as I fear I'm on the brink of a disaster with my mail file.
  One more clue: I cannot be 100% sure, but it seems to me that the problem began when I added a second dot mac email account to my Mail setup (we have a family pack; I always managed the main account and have more recently added one of the sub-accounts to my configuration). I also noticed that sometimes, this second dot Mac account shows up in my list of mailboxes on the left side of the screen, and sometimes it doesn't. Both these accounts are configured to be checked automatically. In addition to these IMAP accounts, I have a half dozen POP3 accounts and some 40 or 50 local mailboxes configured.
  Does anyone know of a utility I can use to rebuild my entire email file instead of just the index? Or does anyone have any suggestions as to how I can manually fix things? I did do the usual stuff already (using disk utility to check the disk, fixing permissions, and so on) without detecting any problems.
  Thanks in advance for any assistance you can offer.
  Daniel

  You’re welcome.
  When I removed the preference file (com.apple.mail.plist), I also removed
  the folder "Mail" so as to start from scratch completely.
  Well, that’s not what you said in your first post...
  I only use "Other" because I read in one of Apple's notes that one should
  try "Other" in the event that the OS X Mail import failed (which it did).
  This is wrong in the case of Mail 2.x. That has to be an old article. Could you please be more specific as to where exactly did you find it?
  there is a way to actually export the contents of a mailbox as individual
  items that can then be reimported.
  Selected messages can be exported in standard mbox format by doing File > Save As in Mail and choosing Raw Message Source from the Format popup menu. Standard mbox files can be imported into most mail clients. In particular, they can be imported back into Mail doing File > Import Mailboxes and choosing Other as the data format. Using this format, however, would cause some status flags to be lost (e.g. whether a message has been replied to).
  Locally stored mailboxes can be copied to the Desktop or anywhere else by just dragging them there from Mail itself (for server-stored IMAP mailboxes, copy the messages to locally stored “On My Mac” mailboxes in Mail first). These, however, are .mbox folders (not standard mbox files), where messages are stored in individual .emlx files that other mail clients don’t know or care about. They can be imported back into Mail doing File > Import Mailboxes and choosing Mail for Mac OS X as the data format.
  It also explains why the import only brought in 5,200 items instead of the 7,900.
  The question is: where are the others?
  In the Messages folder.
  as I mentioned above, I used disk utility to check the disk and fix permissions, so I did
  not just do the permissions stuff. In my experience, if checking the disk gives you an
  OK result, then there is no point in booting from another disk to perform a repair disk.
  Right. I missed that part of your first post. Sorry.
  if the mbox files are no longer needed, can they be removed?
  Yes. The only items within a mailbox (i.e. within an .mbox or an .imapmbox folder) used by Mail 2.x are Info.plist and the Messages folder. Any other files you may see there are almost certainly Mail 1.x files that Mail 2.x leaves there after the conversion. This is poorly explained in Mac OS X 10.4 Mail: Some mailbox files used by Mac OS X 10.3 are not deleted after importing. The article only talks about mailboxes in ~/Library/Mail/Mailboxes/, but the same can also be said about mailboxes in “POP-”, “IMAP-”, or “Mac-” account folders.
  As long as you keep a backup copy of the old files for a while (at least, until you’re sure everything was converted properly), they can safely be removed from the Mail folder. OnyX has a Cleaning > Misc > Temporary and obsolete items option for getting rid of all those files.
  Note that if you see strangely-named Messages-T0x... folders, these aren’t old files from previous versions of Mail, but rather an indication that there is something amiss. More specifically, these are temporary folders created by Mail 2.x during an import or a reindexing process (e.g. rebuilding a mailbox) that Mail should have deleted when done. Their presence is a clear indication that something didn’t work as expected.
  <hr>
  Here’s the procedure I usually suggest to set up Mail again from scratch:
  1. If you have a .Mac account and .Mac synchronization of Mail data is enabled either in Mail > Preferences > General or in System Preferences > .Mac, disable it before proceeding.
  2. Quit Mail if it’s running.
  3. In the Finder, go to ~/Library/. Move (not copy) the entire Mail folder out of there, to the Desktop.
  4. In the Finder, go to ~/Library/Preferences/. Locate com.apple.mail.plist and move it to the Desktop.
  5. Open Mail and set it up again from scratch. If given the option to import existing mailboxes or something like that, don’t. Just enter the account information and check that everything works fine.
  6. You’ll have to re-configure all your settings in Mail > Preferences. For spam-related security reasons, the first thing you should do is go to Preferences > Viewing and disable Display remote images in HTML messages if it’s enabled.
  7. If Mail works fine now and you had any messages stored in local mailboxes, do File > Import Mailboxes, choose Mail for Mac OS X as the data format, and follow the instructions to import your mail from the old Mail folder that’s now on the Desktop. Import the Mailboxes folder first, then each of the POP-username@mailserver account folders, if any.
  8. If .Mac synchronization of Mail data was enabled at the beginning, enable it again, go to System Preferences > .Mac > Advanced, click Reset Sync Data, and choose the appropriate options to reset the Mail data stored on the .Mac server with the data locally stored on the computer, i.e. sync data must flow from the computer to the .Mac server.
  As a result of doing the above, some messages may be duplicated. Andreas Amann’s Mail Scripts has a Remove Duplicates script that you may find useful.
  If all is well and you don’t miss anything, the files on the Desktop can be deleted, although you may want to keep them for a while, just in case.
  Note: For those not familiarized with the ~/ notation, it refers to the user’s home folder. You can easily locate any of the folders referred to in this post by copying the folder path here, doing Go > Go to Folder in the Finder, and pasting the folder path there.

• Eventually denied permission to write in home directory

  Hello,
  My wife is using a Mid-2007, 2.4GHz Intel Core 2 Duo iMac (iMac7,1) with 6GB RAM and more than 1TB of free available HD space.  She is running Mountain Lion (10.8.3) and has administrator privileges.
  After she has been using the computer for a while (hours or days; it varies), the system eventually denies her writing privileges to folders in her own Home directory. 
  I'll give two common examples:
  She'll download a file in Safari (or iTunes), and everything appears to proceed normally until the download "finishes" at which point she receives an error message that says she doesn't have permission to write to the save location.  The download remains in her browser's download list, but the file itself "disappears".  Changing target directories (e.g. from Downloads to Desktop) makes no difference.
  TextEdit will automatically reopen upon log in, and display one or more SavedState "Untitled" documents with text in them (she uses it as a scratch pad). When she attempts to add text to one of these documents, e.g. "Untitled 8," an error appears that says she does not have permission to make changes to the document and is prompted to make a Duplicate, so she does so.  She can successfully enter text in "Untitled 8 (copy)" but when it comes time to save the file, another error is returned that claims she does not have permission to write to [whatever location].
  Only two things seem to correct this situation, neither of which are permanent. That is, it eventually happens again.
  1. She logs out and logs back in. Things will behave normally for a while.  This is a pain, of course, because she typically discovers the problem when she is in the middle on working on one or more things, and the login process is fairly slow (as are most things on this iMac since upgrading to Mountain Lion -- though better since restricting the activity of Sophos Antivirus).
  2. Repair the permissions in her Home directory:  Get Info, click the lock & enter her password, change the Privilege of Me from Read & Write to Read Only, then back to Read & Write, and finally click the gear so as to Apply to enclosed items.  Once this is finished, access is restored... until it happens again.  Funny thing about this particular procedure is that her permissions appear to be set normally at the outset, ie., Read & Write.
  Another odd thing about the download problem is that the system does not seem to have a problem writing to whatever temporary directory it uses during the downloading process. The error only comes once the file is complete.
  There does not seem to be any precipitating event that leads to this change in her permissions/access privileges.
  Repairing permissions using Disk Utility does not resolve the problem.
  Running other kinds of repairs (repair disk when booted in Recovery Mode, running Drive Genius 3 from a separate partition or from the optical media, TechTool Pro, etc.) do not resolve the problem.
  When I log in to this same computer using my account (also with admin privileges), I have yet to encounter this eventual-permission-denial problem.
  Any thoughts or recommendations are welcome, obviously.  This is driving us batty!

  Hmmm, sounded like a RAM problem until you mentioned your account doesn't do it.
  One way to test is to Safe Boot from the HD, (holding Shift key down at bootup), run Disk Utility in Applications>Utilities, then highlight your drive, click on Repair Permissions, Test for problem in Safe Mode...
  PS. Safe boot may stay on the gray radian for a long time, let it go, it's trying to repair the Hard Drive
  Reboot, test again.
  If it only does it in Regular Boot, then it could be some hardware problem like Video card, (Quartz is turned off in Safe Mode), or Airport, or some USB or Firewire device, or 3rd party add-on, Check System Preferences>Accounts (Users & Groups in later OSX versions)>Login Items window to see if it or something relevant is listed.
  Check the System Preferences>Other Row, for 3rd party Pref Panes.
  Also look in these if they exist, some are invisible...
  /private/var/run/StartupItems
  /Library/StartupItems
  /System/Library/StartupItems
  /System/Library/LaunchDaemons
  /Library/LaunchDaemons

• Pulseaudio Error, Home Directory Not Accessible: Permission Denied

  I: [pulseaudio] main.c: setrlimit(RLIMIT_NICE, (31, 31)) failed: Operation not permitted
  I: [pulseaudio] main.c: setrlimit(RLIMIT_RTPRIO, (9, 9)) failed: Operation not permitted
  D: [pulseaudio] core-rtclock.c: Timer slack is set to 50 us.
  D: [pulseaudio] core-util.c: RealtimeKit worked.
  I: [pulseaudio] core-util.c: Successfully gained nice level -11.
  I: [pulseaudio] main.c: This is PulseAudio 3.0
  D: [pulseaudio] main.c: Compilation host: x86_64-unknown-linux-gnu
  D: [pulseaudio] main.c: Compilation CFLAGS: -march=x86-64 -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wall -W -Wextra -Wno-long-long -Wno-overlength-strings -Wunsafe-loop-optimizations -Wundef -Wformat=2 -Wlogical-op -Wsign-compare -Wformat-security -Wmissing-include-dirs -Wformat-nonliteral -Wpointer-arith -Winit-self -Wdeclaration-after-statement -Wfloat-equal -Wmissing-prototypes -Wredundant-decls -Wmissing-declarations -Wmissing-noreturn -Wshadow -Wendif-labels -Wcast-align -Wstrict-aliasing -Wwrite-strings -Wno-unused-parameter -ffast-math -Wp,-D_FORTIFY_SOURCE=2 -fno-common -fdiagnostics-show-option
  D: [pulseaudio] main.c: Running on host: Linux x86_64 3.7.10-1-ARCH #1 SMP PREEMPT Thu Feb 28 09:50:17 CET 2013
  D: [pulseaudio] main.c: Found 2 CPUs.
  I: [pulseaudio] main.c: Page size is 4096 bytes
  D: [pulseaudio] main.c: Compiled with Valgrind support: no
  D: [pulseaudio] main.c: Running in valgrind mode: no
  D: [pulseaudio] main.c: Running in VM: no
  D: [pulseaudio] main.c: Optimized build: yes
  D: [pulseaudio] main.c: FASTPATH defined, only fast path asserts disabled.
  I: [pulseaudio] main.c: Machine ID is 6aee4708a200492ea6f54ed069a7da94.
  I: [pulseaudio] main.c: Session ID is 1.
  I: [pulseaudio] main.c: Using runtime directory /run/user/1000/pulse.
  E: [pulseaudio] core-util.c: Home directory not accessible: Permission denied

  It seems to be fine in windows, I have logged a bug for Linux.
  Thanks
  Sue

• How do I fix my home directory details?

  I Am getting ready to sell my MacBook Pro and I have stupidly deleted the Home Directory details for my normal log on, now I can't access the Advanced Options to change the details and access my photos and music to copy them. What do I do?

  Try this previous discussion:
  FIX for iPod Touch Home Button: Apple Support Communities

• Lack Permission to access Network Home Directory

  I upgraded OSX 10.4.8 Server to 10.4.9. I also updated the client computers to the same. The server is a Master LDAP directory which houses the users home directories. Since the upgrade when a user tried to login to their home directory they receive a dialog telling them they do not have the permissions to access the directory. They can go to any other machine in the shop and login with no problem. I have found two ways to remedy this. If we shut the affected computer down and pull the plug, when it is restarted they can login. This seems to work 80% of the time. The second remedy has been to remove the apple preferences on the client from "/Library/Preferences", "/Library/Preferences/SystemConfiguration", and "/Library/ Preferences/DirectoryService". Restart the machine, re-enter all of the required info, and we are off and running again. I have not been able to pin this down to a single file. I had one user that I have hit this problem with that nothing has worked.
  Before upgrading the server I backed up 10.4.8 to another internal drive. I have since returned to running off of 10.4.8 but the problem has not gone away. I have checked and double checked permissions on home directories and do not see anything wrong.
  Any suggestions?
  Thanks,
  Rich
  Powerbook 1.25GHz   Mac OS X (10.4.9)  

  Changing the schema password is not the same as changing the password for the portal30 user logging on through the browser. If you wanted to change the schema password, then you also need to update the password in the DAD configuration file, which is in $IAS_HOME/Apache/modplsql/cfg/wdbsvr.app. Update the password entry for the corresponding data access descriptor (DAD).
  If your intent was to change the password for the lightweight user named portal30, then you'll first need to change back the portal30 schema password - just do it through sqlplus.
  The change the password of the lightweight user by logging in as portal30 and then change password from Account Info.

• More than one network home directory? (newbie question)

  I have a brand new shiny XServer for a small school. They wanted their Macs managed and secured so I eagerly started moving ahead with it. Now, because of the specific file sharing requirements of the school (teachers want access to student accounts and files for homework and such) I created a standard, by-the-book Network Home folder. Then I thought about it, and I shared another directory as a Network User Home folder. And now none of my networked user accounts can log in. They all give me "can't log in, there is an error".
  Is what I did possible? Allowed? Recommended? Discouraged? Can you actually define two separate Network User Home folders on the same server, and then assign different users to different home folders? My server crapped out and now I may have to wipe/reinstall the whole thing to fix it.
  Does anybody have any experience with home folders like that?
  Any information would be dearly appreciated,
  Thanks.

  Each user can have one and only one home directory, network or local. (Yes, even if you use Mobile Accounts or Portable Homes each account still has one home directory. You just have multiple copies of the user account and each copy has one home.)
  You can have multiple share points that serve as home directory share points. In other words, not all of your users' homes need to be stored in the same place. By "network home directory share point," we mean a shared folder (share point) that has a corresponding dynamic automount record in the directory domain. The share point mounts at /Network/Servers/servername/path/to/sharepoint, and users defined in the directory domain can have their network homes defined there.
  If you want to grant a group of teachers (let's call it teachers for simplicity) read/write access to student home directories, I'd suggest the following strategy:
  1. Create two network home directory share points - one to house the students' homes and one to house the teachers' homes. For this example, let's say that the student home directory share point is located at /Volumes/Disk1/StudentHomes.
  2. Create home directories for each student as you normally would.
  3. Then add an ACL that allows members of the teachers group to read/write within the student home directory share point. For our example:
  sudo chmod -R +ai "group:teachers allow readattr,readextattr,readsecurity,list,search,\
  read,execute,writeattr,writeextattr,delete,deletechild,add_file,addsubdirectory,\
  write,append,fileinherit,directoryinherit" /Volumes/Disk1/StudentHomes.
  4. Now teachers simply navigate to /Network/Servers/yourservername/path.../StudentHomes/student's name and dig around to find what they want. (The teachers have read/write control of all student home directories now.)
  5. When your teachers find it a little inconvenient to dig around in each student's home, suggest the following alternative: Simply create a share point to which students have read-only access and teachers can read/write. Within that share point, create "turn-in" folders for each teacher or class, and give students write-only (drop box) permission to the sub-folder. You could get more granular than this simple example where all students can turn anything into any teacher's "turn-in" folder, though.
  --Gerrit

• Portable Home Directory no longer works on Lion bound to Active DirectoryAD

  Hi, All,
  I look after about 30 MacBook Air/Pro connected to a predominantly Windows corporate network.
  A few months back, I installed a MacOS Server running OpenDirectory and Software Update Services for managing the MacBooks - they are configured in the standard "magic triangle" configuration, bound both to the Active Directory (running on a handfull of Windows 2003-R2 servers) and OpenDirectory; they are configured to use the Mac Server for Software Updates, and with Portable Home Directories replicated on a network share point (through AFP) to keep a backup of the user's data.
  When all the MacBooks were running Snow Leopard, everything was running fine... but the last couple of laptops purchased came with Lion and they cannot synchronise their PHD's anymore :-(
  I have spent a lot of time trying to pin-point the problem, including replicating a whole test-network with its own AD/OD and client Snow-Leopard/Lion laptops to try various configurations... my conclusions so far are that:
  1- using Snow Leopard clients, it just works
  2- using a Lion client, when the network user account is configured in the default Users O.U. on Active Directory, it just works
  3- using a Lion client, when the network user account is configured in another O.U. than Users (e.g. Company-Name or External-Contractors), then the PHD syncinc doesn't work at all
  4- the failure symptoms are a popup window when trying to do a manual sync saying that "your network home at (null) does not allow writing" - if automatic syncing is configured through MCX, it just fails silently
  5- when PHD syncing fails, I can log on using the network account, manually mount the share point used for the network home in the Finder and read and write to it without a problem; so it' not a permission problem, but the fact that the network home directory is (null)
  6- I have traced the root cause to the FileSyncAgent process which raises an exception at startup - here's what I see as the salient lines from the logfile (i've edited out the username):
  0:: [12/02/07 12:45:00.512] ******************************************************************************
  0:: [12/02/07 12:45:00.512] FileSyncAgent-502.2 (r?, BUILT:?, PID:385, OS:11D50b, ARCH:x86_64-64) starting
  0:: [12/02/07 12:45:00.512] LA: FileSyncAgent -launchedByLaunchd -iDiskPlist
  0:: [12/02/07 12:45:00.512] ******************************************************************************
  0:: [12/02/07 12:45:00.512] Engineering log verbosity level = 1
  1:: [12/02/07 12:45:00.512] Registered isRunning port with name 'com.apple.FileSyncAgent.iDisk.isRunning'
  1:: [12/02/07 12:45:00.846] Temporary disk storage at "/Users/[USERNAME]/Library/Caches/Cleanup At Startup/FileSyncAgent-1727909307".
  1:: [12/02/07 12:45:00.846] UserAgentString = "DotMacKit-like, File-Sync-Direct/502.2.? (11D50b x86_64-64)"
  1:: [12/02/07 12:45:03.249] +[SSyncSet_PHD createPHDSyncSetForLocalPath:remoteHomeSpec:mountSuffixPath:name:]: Creating Sync Set with name "HomeSync_Mirror".
  1:: [12/02/07 12:45:03.249] -[SSyncSet_PHD _setupNewPHDSyncSetWithLocalPath:homeSpec:mountSuffixPath:]: We've been given local home path '/Users/[USERNAME]'.
  1:: [12/02/07 12:45:03.249] -[SSyncSet_PHD _setupNewPHDSyncSetWithLocalPath:homeSpec:mountSuffixPath:]: local home at "/Users/[USERNAME]"
  <PHD> 1:: [12/02/07 12:45:06.458] Added new sync set "HomeSync_Mirror".
  <PHD> 1:: [12/02/07 12:45:06.465] _incomingIPC: SFCreatePHDSyncSetMsgId (17) took 3.217627 seconds.
  <PHD> 1:: [12/02/07 12:45:06.526] Scheduling next sync of "HomeSync_Mirror" at 2012-02-07 12:45:16 +0000
  <PHD> 1:: [12/02/07 12:45:18.122] ==========================================================
  <PHD> 0:: [12/02/07 12:45:18.123] Starting automatic sync of "HomeSync_Mirror".
  <PHD> 1:: [12/02/07 12:45:18.126] Peer "local" reports changes since last sync.
  <PHD> 0:: [12/02/07 12:45:18.128] EXCEPTION: NilPtr <-[SPeer_FS_PHD mountPeerVolume] (Peer-FS-PHD.m:142): "'((homePath))' is nil">
  <PHD> 0:: [12/02/07 12:45:18.128] BACKTRACE: {
  <PHD> 0:: [12/02/07 12:45:18.128] ? | 0x105003493  
  <PHD> 0:: [12/02/07 12:45:18.128] ? | 0x104f70866  
  <PHD> 0:: [12/02/07 12:45:18.128] ? | 0x104f6fabd  
  <PHD> 0:: [12/02/07 12:45:18.128] ? | 0x104f6ecb4  
  <PHD> 0:: [12/02/07 12:45:18.128] ? | 0x7fff924bb74e
  <PHD> 0:: [12/02/07 12:45:18.128] ? | 0x7fff924bb6c6
  <PHD> 0:: [12/02/07 12:45:18.128] ? | 0x7fff901998bf
  <PHD> 0:: [12/02/07 12:45:18.128] ? | 0x7fff9019cb75
  <PHD> 0:: [12/02/07 12:45:18.128] }
  7- if I use the same user account from a Snow-Leopard client, the mountPeerVolume finds the remote home_dir, mounts it and happilly trawls through the two directories to figure out what needs to be copied; I get something along the lines of:
  0:: [12/02/08 18:44:15.344] Starting manual sync of "HomeSync_Mirror".
  1:: [12/02/08 18:44:15.363] -[SPeer_FS_PHD mountPeerVolume]: We've been given remote home path "/Volumes/[USERNAME]".
  1:: [12/02/08 18:44:15.363] -[SPeer_FS_PHD mountPeerVolume]: Remote home path exists.
  1:: [12/02/08 18:44:15.363] -[SPeer_FS_PHD mountPeerVolume]: Final path to PHD remote home root = "/Volumes[USERNAME]"
  8- if I use a Lion client and a user account configured in the Users O.U. on Active Directory, it works similarly well
  9- in the failing use-case, if I run a "dscl xxx -read /Users/xxx" to verify that the DirectoryServices deamon returns some information, all looks good: I get all my A.D. user details, including email config and network home_directory, the MCX payload, etc
  10- the only difference that I can see when running dscl between the "working use-case" and the "failing use-case" is that the Attribute for the network home directory is called HomeDirectory (working) or OriginalHomeDirectory (failing) - but the actual value is present and correct in both cases
  11- I have enabled SMB as well as AFP file sharing to ensure that it's not a protocol problem rather than the share point itself that causes problem - no difference
  12- I have upgraded the MacOS Server to 10.7.3 (from 10.7.2) - no difference
  13- I have upgraded the Lion client from 10.7.2 to 10.7.3 - no difference
  14- I have tried to manually configure the Directory Search path on the Lion client to map HomeDirectory to OriginalHomeDirectory - either the mapping didn't work or it's not the real cause of the problem, as again: no difference.
  15- I have contacted AppleCare, raised a case with all the details above, been escalated from level 1 to 2 and 3 - and basically have been told that customers have reported very similar problems & that no more detail is available to me as it is a Directory Services related problem - if I want to take it further with Apple, I need Enterprise OS Support (and hence $1000s per year - and no real guarantee of result)
  [thanks to anyone who's read until now]...
  So my questions are (as I can't believe that I'm the only one using "proper O.U.'s" for managing users in Active Directory):
  - has anyone experienced this before?
  - does someone know of a workaround (other than "stick to SnowLeo" or "redesign your whole A.D."!)?
  - can someone help me figure out where the FileSyncAgent process tries to get its remote home directory from - as this might point to a solution?
  Many thanks

  I was able to fix the issue here. Steps Taken:  From the comand line I ran
  dscl /Search read /Users/jdoe HomeDirectory
  It returned # No such key: HomeDirectory
  This was the big clue.... it should have returned
  HomeDirectory: <home_dir><url>afp://files.hihllc.lan/Users/jdoe</url><path>/</path></home_dir>
  I unbound the Mac from AD and ran the following command in terminal.
  dscacheutil -flushcache
  I then went into OS X sharing preferences and renamed the computer slightly, so it would create a new computer record in AD. I rebound the machine to AD making sure in Directory Utility Advanced, under User Experience that Force local home directory on start up disk was unchecked and Network protocol to be used was AFP.
  I then ran
  dscl /Search read /Users/jdoe HomeDirectory
  and it returned
  HomeDirectory: <home_dir><url>afp://files.hihllc.lan/Users/jdoe</url><path>/</path></home_dir>
  I had the user reboot... which was necessary. When he logged in HomeSync fired up. He had quite a few conflicts, so I told him to select use files on this computer for all conflicts.
  I checked the FileSyncAgent.logs and it was good.
  Let me know if this fixes your issue.
  Thanks,
  Ray

• Mobile Home Directory: Setting a relative location for various sub-nets

  Question Summary:
  1) Is it possible to define a home directory for mobile account users that is relative to the host's subnet?
  2) How does one accomplish #1 if possible?
  Details
  Setup
  Users access hosts on three LAN networks connected through the WAN via Branch-Office VPN connections (persistant VPN tunnels that connect our LANs)
  If User1 from LAN1 travels to LAN2, User1 has difficulty working, because the mobile account definition points to a host on LAN1 for HomeDirectory syncing, so all files are synced across a slow (5Mb/s) connection shared by all other users.  For some users (The CEO, for example), this sync entails transferring Gigs of personal data, so the Mobile Sync across the VPN literally takes several days, if it completes at all.
  My ideal setup would allow User1 from LAN1 to access a host at a relative location as apposed to an absolute location.  In other words, if LAN1 has the home folder at 192.168.76.23:/HomeFolders/User1, then when User1 moves to LAN2, the HomeFolder becomes 192.168.78.23:/HomeFolders/User1. Regardless the subnet, the User account would be defined in such a way that the HomeFolder would be sought at 192.168.X.23:/HomeFolders/shortUserId
  These home folders between the hosts 192.168.76.23 and 192.168.78.23 on LAN1 and LAN2, respectively, could be kept in sync during off hours so that at the beginning of each shift, all files are in all three locations ready for local use, fast access, and more importantly, fast home-syncing during the work day.
  Equipment
  OS X Yosemite running on various iMac and MacBook hardware configurations.
  OS X Server 4 running OD replicas and local DNS's on each LAN.
  Ample space for redundant data storage on all networks.
  Question
  How do I define a HomeDirectory as a relative location to the Mobile Account Users host machine or host machine IP address?
  Alternatively, is there a way that I can define a HomeDirectory using a Fully Qualified Domain Name so that I can use the local DNS server to force the redirect?
  Previously Tried Idea(s)
  Using the same Bonjour Computer Name
  On one test, I tried to trick the system by setting the name of the HomeDirectory computer to the same name on all networks. The thought behind this is that, when looking at the HomeDirectory path, the address is defined by the computer name, so if the local computer name matches, the system will automatically point to the host that is on the current LAN, as apposed to the host of the same name on the previous LAN.
  This failed due to the fact that the system providing the HomeDirectory storage is the same system that is providing OD replica services, and OD replication requires that each system have a unique name.

  Hi,
  Yes my home directory is set
  more /etc/passwd
  sfsys1d:x:301:201:sys1 dev sftp user:/interfaces/dev/system1:/usr/bin/csh
  when i log in they go to this directory, through a shell and through ftp ( haven't checked sftp yet)
  However i can still go up directories and see what is in the directories above
  the permissions are set as below
  drwx------   3 root
  sshusers  
  3 Sep  6 08:38 interfaces
  drwx--x---   3 root
  sshusers  
  3 Sep  6 15:49 dev
  drwxr-----   5 sfsys1d sshusers  
  7 Sep 19 14:52 system1
  I have tried various other permission 700, 710, 740 etc and they all give different results but not the correct one.
  The best I have managed to get so far is that they cannot list the files in the other directories, however if they know the names they can still go to them,  this also didn;t work in the windows ftp client, as it just showed the file/dirs anyway.
  Thanks
  Kerry

• No write permissions in my home directory

  Hi,
  I'm having a weird issue with my Mac. I am unable to create new files or directories in my home directory. For instance:
  Bergy Bit> cd ~
  Bergy Bit> cp temp.txt temp1.txt
  cp: temp1.txt: Permission denied
  I can override this with sudo, but it's a major pain to do this every time. I have no problem writing in any of the sub-directories in my home directory. Here's the output from ls -ale in /Users:
  Bergy Bit> ls -ale
  total 0
  drwxr-xr-x 5 root admin 170 Dec 4 2007 ./
  drwxrwxr-t 37 root admin 1326 Dec 18 16:51 ../
  -rw-r--r-- 1 root wheel 0 Sep 23 2007 .localized
  drwxrwxrwt 5 root wheel 170 Feb 14 2008 Shared/
  drwxr-xr-x+ 74 lgerhardt staff 2516 Feb 26 15:17 lgerhardt/
  0: group:everyone deny addfile,delete,add_subdirectory,deletechild,writeattr,writeextattr,chown
  Any ideas what's going on?
  Thanks,
  Lisa

  The standard ACE is
  group:everyone deny delete
  I don't know how you got all of that other stuff.
  You should be able to fix it with:sudo chmod =a# 0 "group:everyone deny delete" /Users/lgerhardt/

• Unable to create directories in automounted home directory

  The subject pretty much says it all.
  I'm able to create, update, and delete files in my home directory, but as soon as I try mkdir, I get a permission denied error.
  I've ensured that NFSMAPID_DOMAIN is set on both machines. Cat'ing
  /var/run/nsf4_domain show the same values on both machines.
  I'm not sure what else to check at this point.
  Any ideas?

  Strange, did you tried patch 118376-02 (intel) or 118375-02 (SPARC)? It claims to fixe the mkdir in different-NFS-domain problem, maybe it fixes more than that..
  //Magnus

• Does anyone know what the file "memeodhelper is? It's preventing me from backing up my home directory. I can't even find the file with search. Hidden somehow?

  I would like to backup my Mac by copying my home directory to an external disk. When I try this, it always gets hung up on a file called "memeodhelper" saying I don't have permission to access the file and the paste stops. Can't find the file with a search. Any ideas?

  Hi Ray,
  Spotlight is no good for finding anything Apple thinks you don't need to find.
  You can "fix" that error...
  http://www.somewhereville.com/?tag=memeodhelper
  Or likely trash it...
  https://discussions.apple.com/message/11237019?messageID=11237019&tstart=0#11237 019?messageID=11237019&tstart=0
  Find Any File...
  http://apps.tempel.org/FindAnyFile/
  Hold Option or alt key when selecting Find to Find All.
  EasyFind...
  http://www.devon-technologies.com/download/
  Near the bottom of the page.

• Smc and smuser both put wrong home directory in /etc/passwd

  Hello,
  I'm trying to use 'smuser add' as an alternative to 'useradd' in a setuid script, using -d to specify a home directory other than the default. Unfortunately, although the directory is created in the right place, the default is written into /etc/passwd.
  %smuser add -u sapadm -p ***** -- -d /appuser/inputs/tom -g sapusers -n tom -s /bin/sh
  Loading Tool: com.sun.admin.usermgr.cli.user.UserMgrCli from localhost
  Login to localhost as user sapadm was successful.
  Download of com.sun.admin.usermgr.cli.user.UserMgrCli from localhost was successful.
  % ls -al /appuser/inputs/tom
  total 14
  drwxr-x--- 2 tom sapusers 5 Mar 28 15:48 .
  drwxr-xr-x 3 sj staff 3 Mar 28 15:48 ..
  -rw-r--r-- 1 tom sapusers 136 Mar 28 15:48 .cshrc
  -rw-r--r-- 1 tom sapusers 157 Mar 28 15:48 .login
  -rw-r--r-- 1 tom sapusers 174 Mar 28 15:48 .profile
  % cat /etc/passwd
  tom:x:101:1002::/home/tom:/bin/sh
  % ls -al /home/tom
  /home/tom: No such file or directory
  % uname -a
  SunOS sun03 5.10 Generic_127112-07 i86pc i386 i86pc
  Exactly the same thing happens when I use the SMC2.1 GUI - even though it echoes back to me that the directory path qill /appuser/inputs before I hit 'finish', the directory is created correctly, but /home/tom goes into /etc/passwd.
  Is there any fix/workaround for this, or am I back to an old-fashioned useradd in a setuid script?
  Thanks
  -- Steve

  Father wrote:
  that way, they are chrooted into an empty directory and have no files they can tamper with
  isnt that a little dangerous??
  What files a user can change is determined by the files' permission settings, not by the user's homedir. The homedir only tells what the initial working directory when a user logs in is, nothing else, it doesn't implicit writing or even reading access. So no, it's not dangerous, not even a little.