Mount point won't allow read/write for non-root user

Similar Messages

• NetworkManager applet doesn't prompt for VPN secret for non-root user

  I'm using NetworkManager in GNOME DE. When logged in as non-root user, I'm unable to connect to a vpnc profile.
  * As non-root, I am able to add/remove/alter/connect to WiFi network profiles with no trouble.
  * As non-root, I am also able to add/remove/alter vpnc profiles.
  * However, the VPN group key and VPN user password do not appear to store properly when adding/editing the profile as non-root. I can enter them, but when I bring the dialog back up, they are always blank. Even so, I can see an entry for vpnc in the Gnome keyring.
  * When I slide the on/off switch to try to connect with the vpn profile, there is no prompt for the VPN group key or password. The switch just slides back to Off immediately and I can see the text 'authentication required' flash briefly where it shows the connection status. After that flashes, the connection status is back to 'Not connected'. No error message displays.
  * If I sign in as root, there are no problems. The VPN 'secrets' will save properly in the dialog, and also if I leave them blank, I'm prompted for them when I activate the connection.
  * Creating the connection as 'root' is not an option, as this doesn't appear in profile list when signing on as non-root.
  Any ideas on where to look or what to check? As mentioned above, non-root can maintain WiFi connections through NetworkManager just fine, so the problem appears localized to VPN 'secrets'. Also other applications (i.e. Evolution) have no trouble in dealing with authentication.
  I do have polkit installed:
  extra/polkit 0.110-2 [installed]
  Application development toolkit for controlling system-wide privileges
  extra/polkit-kde 0.99.0-2
  Daemon providing a polkit authentication UI for KDE
  extra/polkit-qt 0.103.0-2
  A library that allows developers to access PolicyKit API with a nice Qt-style API
  community/polkit-gnome 0.105-1 [installed]
  PolicyKit integration for the GNOME desktop

  Update/more information on this...
  My typical/preferred setup for my VPNs is to save the VPN group key, but to be prompted for my VPN user password on each connect. So, this is how I was trying to setup in the applet. Interestingly, I have found that if I save BOTH of the 'secrets' to the keyring, then I can connect!
  The behavior is still as above in the dialog -- both secrets are blank if I edit the connection, although they are present in the Gnome keyring. As long as they are BOTH there, I can connect fine. But, if I have either of them set to 'Always Ask', then I am not prompted for them and the connection fails.
  Although I can work with this, I would certainly still like to figure out what is going on and fix it, as it does bother me that it works that way:
  * Why can't the dialog redisplay my secrets when I edit a connection as non-root?
  * Why doesn't Always Ask work to prompt me for secrets when running as non-root?
  Any ideas? I've used the Gnome/NetworkManager/vpnc combination on other desktops (this is my first Arch), and I have never seen anything like this.

• [SOLVED] Systemctl poweroff etc hangs for non-root user

  Hi. I recently messed up /etc/passwd and /etc/group as explained here . It seems it might be related.
  The problem I have now is that the power management commands (systemctl {poweroff, hibernate, suspend}) "hangs" for my non-root user. They do nothing, and are not even logged to the journal.
  When run as root they all work just fine.
  I've tried reinstalling systemd, but not its dependencies.
  Maybe systemd had a user or group that got lost from the files?
  Last edited by Bladtman242 (2012-12-03 11:56:35)

  Just in case:
  /etc/passwd wrote:root:x:0:0:root:/root:/bin/zsh
  bin:x:1:1:bin:/bin:/bin/false
  daemon:x:2:2:daemon:/sbin:/bin/false
  mail:x:8:12:mail:/var/spool/mail:/bin/false
  ftp:x:14:11:ftp:/srv/ftp:/bin/false
  http:x:33:33:http:/srv/http:/bin/false
  nobody:x:99:99:nobody:/:/bin/false
  dbus:x:81:81:System message bus:/:/bin/false
  bladt:x:1000:100:Sigurt Bladt Dinesen,,,:/home/bladt:/bin/zsh
  avahi:x:84:84:avahi:/:/bin/false
  ntp:x:87:87:Network Time Protocol:/var/lib/ntp:/bin/false
  git:x:999:999:git daemon user:/:/bin/bash
  uuidd:x:998:998::/:/sbin/nologin
  mysql:x:89:89::/var/lib/mysql:/bin/false
  /etc/group wrote:root:x:0:root
  bin:x:1:root,bin,daemon
  daemon:x:2:root,bin,daemon
  sys:x:3:root,bin
  adm:x:4:root,daemon
  tty:x:5:
  disk:x:6:root
  lp:x:7:daemon,bladt
  mem:x:8:
  kmem:x:9:
  wheel:x:10:root,bladt
  ftp:x:11:
  mail:x:12:
  uucp:x:14:bladt
  log:x:19:root
  utmp:x:20:
  locate:x:21:
  rfkill:x:24:
  smmsp:x:25:
  http:x:33:
  games:x:50:bladt
  network:x:90:
  video:x:91:bladt
  audio:x:92:bladt
  optical:x:93:bladt
  floppy:x:94:
  storage:x:95:bladt
  scanner:x:96:bladt
  power:x:98:bladt
  nobody:x:99:
  users:x:100:
  dbus:x:81:
  avahi:x:84:
  ntp:x:87:
  lock:x:54:
  git:x:999:
  uuidd:x:998:
  mysql:x:89:

• Read Only for Non Trusted Users

  Hi everyone:
  Is it possible to forbid non trusted (or non certified) users for modifying the pdf (I'm interested in signing protection particularly) but allowing them to open the pdf in READ ONLY mode?
  I'm wondering how to do it using Adobe Acrobat Professional 8 (info with Adobe Acrobat Pro X will be also appreciated) and opening the pdfs in their Reader corresponding versions (managing non trusted users as READ ONLY users).
  Thanks for your time
  Regards,
  Javier

  Thanks Bill:
  I've been trying what you said, and is possible to "lock" the pdf so it's in read only mode via password (using Adobe Acrobat X). Is it possible to do the same with certificates? As far as I have seen, if you use certificates policies, you use the certificate to encrypt the document but then, non certified users are not allowed to access the pdf. I'm really interested in using certification restrictions but being able to access the pdf: I want to simulate the READ ONLY MODE for everybody and the WRITE mode for certified users.
  Using this kind of restrictions, the only problem that I see (for end users) is that they should disable secure settings before editing / signing (this two options appear disabled with this method). Is it possible to get them available and open the "enter password" dialog when clicking them, not managing the security properties?
  Thanks for your time
  Regards
  Javier

• Bash issue on solaris 8 ( Segmentation fault for non root users)

  Hi,
  This is solaris 8 on sparc and a NFS file server for the NIS+ environment. As supposed to be this file server is nis+ client.
  Now this issue happens only sometimes and goes away on its own but it did not this time.
  I connect to file server using ssh, system closes my session,
  this is ssh -vvv log , copied here : http://pastebin.ca/1633893Please note that my shell is /bin/bash. It worked 99% time but not now, nothing is changed on system.
  If I ssh root@fileserver then ssh connection works fine. root can also run bash command. and run other commands in bash
  For a normal user with csh if the user tries "bash" , then gets
  user@fileserver%> bash
  Segmentation Fault
  I am thinking this is somewhere related to rpc but I do not see any errors on nis+ server nor on fileserver.
  %>truss bash o/p is here :
  http://pastebin.ca/1633907Please let me know what is this issue related to. If by stopping/restarting a process helps that would be great.
  one more thing to note is, other nis+ clients can mount shares from this fileserver properly and authentication also works fine on them even for users with /bin/bash shell and bash does work manually also.
  If you need any other info, please let me know
  Please help!
  Thanks!

  Anyone any idea? I thought the truss o/p copied in pastebin might be very useful
  Additional info, for someone with /bin/tcsh as shell, when su - <user> from root account, following messages come up
  free(4b31688) bad block. (memtop = 4b7e400 membot = 9c9a0)
  free(4b31688) bad block. (memtop = 4b7e400 membot = 9c9a0)
  free(4b316c8) bad block. (memtop = 4b7e400 membot = 9c9a0)
  free(4b316c8) bad block. (memtop = 4b7e400 membot = 9c9a0)
  free(4b31448) bad block. (memtop = 4b7ec00 membot = 9c9a0)
  free(4b31448) bad block. (memtop = 4b7ec00 membot = 9c9a0)
  free(49fca08) bad block. (memtop = 4b7f400 membot = 9c9a0)
  free(49fca08) bad block. (memtop = 4b7f400 membot = 9c9a0)$ truss -f -t stat,open /bin/bash
  http://pastebin.ca/1635134

• [Solved] Non-root user cannot access mounted ntfs filesystem

  Hi -,
  i have a dualboot system (arch/xfce + win7) and i use a ntfs partition /dev/sda2 to store files i use with both operating systems. I added the partition to fstab and it gets mounted, but i cannot access it with my non-root user. With root it works fine...
  My fstab:
  # cat /etc/fstab
  # /etc/fstab: static file system information
  # <file system> <dir> <type> <options> <dump> <pass>
  tmpfs /tmp tmpfs nodev,nosuid 0 0
  LABEL=home /home ext4 defaults 0 1
  LABEL=root / ext4 defaults 0 1
  LABEL=swap swap swap defaults 0 0
  /dev/sda2 /media/sda2 ntfs defaults 0 2
  Is there any option that allows all users to use the mounted device? Or how is this usually done ...
  Last edited by muzzel (2012-05-30 20:39:58)

  See: NTFS-3G for important setup information.
  My fstab line looks like:
  /dev/sdb1 /media/Win_USB ntfs-3g uid=1000,gid=users,fmask=113,dmask=0022 0 0
  This sets up some important parameters which the NTFS-3G Wiki Page covers.  Basically, "ntfs" is only a basic driver and is built into the kernel.  "ntfs-3g" is a much better, and less disk-eating, driver that you should install and use if you need the drive in Linux any more than occasionally.  My fstab line makes my user (1000) the owner and the masks lets me write and etc to it.  When you install NTFS-3G it is automatically used when you use the mount command to mount NTFS drives.  In fstab, as above, you would specify it explicitly.
  You can find your own user number by entering "id" at a terminal.

• [SOLVED]Xorg won't work for my non root user

  I installed Arch Linux 2009.08 x86_64 Core inside Sun VirtualBox 3.0.8 and got up to the part of the Beginners' Guide that tells me to test X and it can never work for my non root user. Funny thing is, I tried running it as root and it worked even though my root user has no ~/.xinitrc file. Running startx or xinitrc as my non root user I get a small (maybe 400x600) white terminal but can't use my mouse or keyboard.
  After looking over the guide and doing a step I forgot and adding in all of the extra stuff the guide says might help I can use my mouse and keyboard in my non root users' small white terminal but X still won't start properly with xterm even though I put 'exec exterm' in my non root users' ~/.xinitrc file. Please help. Thanks for any help guys.
  Last edited by keiichi (2009-10-23 12:34:50)

  schuay wrote:
  keiichi wrote:After looking over the guide and doing a step I forgot and adding in all of the extra stuff the guide says might help I can use my mouse and keyboard in my non root users' small white terminal....
  I don't get it .. this sounds like xterm is starting up successfully (xterm is a small white terminal). Easiest way to get X up and running (imo) is
  sudo pacman -S gnome gdm xorg xf86-input-evdev
  sudo /etc/rc.d/hal start
  sudo /etc/rc.d/gdm start
  I didn't know that's what xterm was, thanks for telling me. Noob mistake.

• How to allow access to winrs for non-admin user?

  I have Windows Server 2012 (and Server 2008, but it is next priority) to monitor it using txwinrm. txwinrm library internally is using WinRS protocol. I have to monitor it using least privileged user, but don't know how to configure access for him.
  All I managed to do - is to configure remote Powershell session for my user, but it's look like that winrs and powershell sessions have different security descriptors:
  Invoke-Command -ComputerName 192.168.173.206 -Credential (credential Administrator $pwd) -ScriptBlock { 2 + 2}
  # gives 4
  Invoke-Command -ComputerName 192.168.173.206 -Credential (credential lpu1 $pwd) -ScriptBlock { 2 + 2}
  # gives 4
  winrs -r:192.168.173.206 -u:Administrator -p:$pwd 'powershell -command "2+2"'
  # gives 4
  winrs -r:192.168.173.206 -u:lpu1 -p:$pwd 'powershell -command "2+2"'
  # Gives Winrs error: Access is denied.
  Configuration for my user is following:
  (Get-Item WSMan:\localhost\Service\RootSDDL).value
  # O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;S-1-5-21-3231263931-1371906242-1889625497-1141)S:P(AU;FA;GA;;;WD)(AU;SA;GWGX;;;WD)
  (Get-PSSessionConfiguration -name Microsoft.Powershell).SecurityDescriptorSddl
  # O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;S-1-5-21-3231263931-1371906242-1889625497-1149)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
  (In each security descriptor my user is given general access to protected object).
  So what security descriptor should I set to make my winrs query work for non-admin user?

  Hi Bunyk,
  I can not recreate the erroe you posted, and please also post the screenshoot in your convenience.
  I tested with a non-domain user but has the local admin permission of the remote computer, and this worked, before running the remote cmdlet in powershell, I also configured the TrustedHosts.
  In addition, the access denied could be also caused to the Protocol Filtering on the remote server, for more detailed information, please refer to this thread:
  winrs error:access is denied
  I hope this helps.

• SQL tab not working in V2.1 EA1 for non-DBA users -- how to fix?

  In v2.1 EA 1 the tab to show the SQL script (DDL) in the object browser is not working for non-DBA users. In the prior version, these users would see a message about DBMS_METADATA and then the message would indicate that an "internal generator" would be used to generate the DDL script. After that brief message the DDL would show up as expected. This doesn't seem to be the case in the newest version.
  I issued the following two grants to a particular user which worked, but I am reluctant to issue the grants to "PUBLIC".
  SQL> grant execute on DBMS_METADATA to XXXXX;
  SQL> grant select_catalog_role to XXXXX;
  So, my questions are:
  1) Will the old functionality (that didn't require these privileges) be added to V2 at some point?
  2) What security implications are there for issueing the above grants to PUBLIC?
  NOTE: After granting execute on the DBMS_METADATA package, it still didn't work. I left that grant in place and granted SELECT_CATAOG_ROLE, so I can't say for sure that the 1st grant was required.
  Edited by: user615070 on Nov 19, 2009 9:30 AM
  Edited by: user615070 on Nov 19, 2009 10:06 AM

  An OEM account is separate from the database account. You need to use OEM UI to create an OEM account, however, for certain tasks to be done in the databases which OEM is monitoring they will also require separate database accounts within those databases. For example, to view the performance tab in OEM UI, a database account is required.
  OEM only has two types of users, i.e. Super Administrator and Administrator, but don't go by the names. You can grant an OEM 'Administrator' account access to specific targets and what they can do within OEM, such as only viewing reports, targets, and so on. For access within a database, the user created need not be a DBA either.
  I hope you understand.

• Acrobat 7 requires admin password at every launch for non admin users?

  acrobat 7 requires admin password at every launch for non admin users?
  any one with a solution or similar problem?
  thanks for any help.

  I've been avidly following all of the threads regarding this issue...yet none of the solutions have worked for me. I've got 11 Mac users that do not use the Creative Suite..only Acrobat, Quark, etc. I've tried installing and re-installing through both Admin and User accounts, I've tried the AdobeBib XML change, I've tried enabling Root and installing, changing permission on the Acrobat folder, etc. all to no avail. I still get asked for Admin Authentication every time Acrobat and Distiller are opened (except on the Admin account side). This is happening on one particular Mac (G4, 1GB Ram, OS 10.4.3) for both Acrobat Standard 6 and 7 as well. The biggest issue that also happens in tandem with the Acrobat installs is the inability to print from Quark. I get the following error when printing: "The process "pictwpstops" terminated unexpectedly on signal 6." Because of the necessity to print Quark documents, I have uninstalled all Acrobat on the machines until we can get a fix. This resolves the printing problem with Quark. The only option left is to set up all users as Admin accounts - which I really do not want to do. Any other suggestions out there? I've got more information available if needed.

• I received a notice that there is an update for my Lightroom 5. I have the non-creative cloud version. Is the update available for non-cloud users? It says to download click the link and it takes me to Cloud free trial screen.

  I received a notice that there is an update for my Lightroom 5. I have the non-creative cloud version. Is the update available for non-cloud users? It says to download click the link and it takes me to Cloud free trial screen.

  It is the same installer. You can run it as 30-days trial (CC version) and decide later for CC or stand-alone. To license as stand-alone, follow this guide.
  If you already have the LR6 license key, you can enter it during setup and do not need to follow the guide.

• Mounting usb devices as non-root user ??

  How can a non-root user mount a usb flash device?
  As root, the device is mounted as:
  mount -F pcfs /dev/dsk/c1tod0s2:c /mnt
  The vfstab entry for this is as follows:
  /dev/dsk/c1t0d0s2:c /dev/rdsk/c1t0d0s2 /flash pcfs 2 no -
  This is running Solaris 8 on a SunBlade150

  Hello.
  I had the same problem.
  If you do not have root rights on the computer the answer is: You cannot mount the device.
  I had root access and I wrote a C program that (un-)mounted all possible device files (the "s2" devices as well as the "s2:c" devices because some flash devices come without partition table).
  I chowned the file to root and set the "set effective user ID" bit in the file's permissions using chmod after logging in as root - so any user can start the program.
  I think this is the most flexible variant because USB devices sometimes are assigned other device names.
  Martin

• Can I burn photos onto a DVD/CD for non-Mac users?

  Can I burn photos onto a DVD/CD for non-Mac users? 

  You can burn a plain CD/DVD by just dragging the photos there; but, that may or may not be playable by everyone. To be sure that the result would be playable in any computer or CD/DVD player, it would be better to use either one of the apps already on your system - such as iPhoto. I don't use that myself - I use other third party software - but take a look at iPhoto help. And, you could make it more interesting by creating a slideshow - also in iPhoto, or iMovie. To give it the final cool touch, bring it into iDVD to give it a polished look if you'd like. You can burn it then from any of the above.
  If you happen to have Toast (an excellent burning app), you could use that as well (that is my preferred way to work). In Toast, you have multiple choices: burn a data CD/DVD for Mac only, for Mac & PC, etc, burn a picture CD, video DVD, etc, etc.

• User Interface Access Customisation for non admin users

  Hi,
  It is understood that for non-admin users, some features of the Planning Interface is not enabled and this can be controlled by proper access permissions. But, is it possible to extend the customization to provide some additional features in the menu bar for an user?
  For example, if View User wants to manage task lists. Is it possible by some sort of customization? Please advise.
  Thanks.

  Hi,
  You can create right click menus, and you can also create links on the tools page. Would any of these help you?
  Here is the doc on those subjects:
  Creating and Updating MenusAdministrators can create right-click menus and associate them with data forms, enabling users to click rows or columns in data forms and select menu items to:
  Launch another application, URL, or business rule, with or without runtime prompts
  Move to another data form
  Move to Manage Approvals with a predefined scenario and version
  The context of the right-click is relayed to the next action: the POV and the Page, the member the user clicked on, the members to the left (for rows), or above (for columns).
  When designing data forms, use Other Options to select menus available for Data Form menu item types. As you update applications, update the appropriate menus. For example, if you delete a business rule referenced by a menu, remove it from the menu.
  To create, edit, or delete menus:
  Select Administration, then Manage, then Menus.
  Perform one action:
  To create a menu, click Create, enter the menu's name, and click OK.
  To change a menu, select it and click Edit.
  To delete menus, select them, click Delete, and click OK.>
  Specifying Custom ToolsAdministrators can specify custom tools, or links, for users on the Tools page. Users having access to links can click links from the Tools menu to open pages in secondary browser windows.
  To specify custom tools:
  Select Administration, then Application, then Settings.
  For Show, select Advanced Settings.
  Click Go.
  Select Custom Tools.
  For each link:
  For Name, enter the displayed link name.
  For URL, enter a fully qualified URL, including the http:// prefix
  For User Type, select which users can access the link.
  Click Save.

• How to create a domain for a non-root user using the JES installer

  Some questions have been circulating on what are the steps to create a whole domain configuration using a non-root user. Here is one method that you can try....
  - Login as user "testuser", all operations are using the user I want to start the whole domain with
  - cd to the testuser home directory and created apptest (mkdir apptest)
  -created domain
  /opt/SUNWappserver/appserver/bin/asadmin create-domain adminuser admin adminport 4849 --domaindir /testuser/apptest testdomain
  Please enter adminpassword>adminadmin
  Please enter adminpassword again>adminadmin
  Please enter the master password>adminadmin
  Please enter the master password again>adminadmin
  - created nodeagent
  /opt/SUNWappserver/appserver/bin/asadmin create-node-agent user admin port 4849 password adminadmin agentdir /testuser/apptest testnode
  Please enter the master password>adminadmin
  - Start the domain
  /opt/SUNWappserver/appserver/bin/asadmin start-domain domaindir /testuser/apptest user admin testdomain
  Please enter password>adminadmin
  Please enter the master password>adminadmin
  Domain testdomain started.
  - Start the nodeagent
  /opt/SUNWappserver/appserver/bin/asadmin start-node-agent user admin agentdir /testuser/apptest/ testnode
  Please enter password>adminadmin
  Please enter the master password>adminadmin
  Command start-node-agent executed successfully.
  - create instance
  /opt/SUNWappserver/appserver/bin/asadmin create-instance nodeagent testnode user admin i1
  Please enter password>adminadmin
  Command create-instance executed successfully.
  - start instance
  /opt/SUNWappserver/appserver/bin/asadmin start-instance --user admin i1
  Please enter password>adminadmin
  Command start-instance executed successfully.

  And this can be used to the incident priority (same technique can be used for problems):
  private int GetIncidentPriority(EnterpriseManagementGroup emg)
  try
  //Get the incident settings class
  ManagementPackClass mpc = emg.EntityTypes.GetClass(new Guid("613c9f3e-9b94-1fef-4088-16c33bfd0be1"));
  //Get the emo for the incident settings
  EnterpriseManagementObject emo = emg.EntityObjects.GetObject<EnterpriseManagementObject>(mpc.Id, ObjectQueryOptions.Default);
  //Get the priority maxtrix and convert to XML
  if (emo[mpc, "PriorityMatrix"].Value != null && emo[mpc, "PriorityMatrix"].Value.ToString() != "")
  string sMatrixXML = emo[mpc, "PriorityMatrix"].Value.ToString();
  XmlDocument xmlDoc = new XmlDocument();
  xmlDoc.LoadXml(sMatrixXML);
  //Get the guid strings for impact and urgency (note - xml goes by urgency then impact)
  string sUrgencyGuid = "04b28bfb-8898-9af3-009b-979e58837852";
  string sImpactGuid = "11756265-f18e-e090-eed2-3aa923a4c872";
  foreach (XmlNode urgencynode in xmlDoc.ChildNodes[0].ChildNodes)
  if (urgencynode.Attributes.Count == 1 && urgencynode.Attributes["Id"].Value.ToString().ToLower() == sUrgencyGuid)
  foreach (XmlNode impactnode in urgencynode.ChildNodes)
  if (impactnode.Attributes.Count == 1 && impactnode.Attributes["Id"].Value.ToString().ToLower() == sImpactGuid)
  XmlNode prioritynode = impactnode.ChildNodes[0];
  return Convert.ToInt32(prioritynode.InnerXml);
  return 0;
  catch
  return 0;
  Rob Ford scsmnz.net
  Cireson www.cireson.com
  For a free SCSM 2012 Notify Analyst app click
  here