Permission to FileStream Directory on MSDN question

Similar Messages

• More than one network home directory? (newbie question)

  I have a brand new shiny XServer for a small school. They wanted their Macs managed and secured so I eagerly started moving ahead with it. Now, because of the specific file sharing requirements of the school (teachers want access to student accounts and files for homework and such) I created a standard, by-the-book Network Home folder. Then I thought about it, and I shared another directory as a Network User Home folder. And now none of my networked user accounts can log in. They all give me "can't log in, there is an error".
  Is what I did possible? Allowed? Recommended? Discouraged? Can you actually define two separate Network User Home folders on the same server, and then assign different users to different home folders? My server crapped out and now I may have to wipe/reinstall the whole thing to fix it.
  Does anybody have any experience with home folders like that?
  Any information would be dearly appreciated,
  Thanks.

  Each user can have one and only one home directory, network or local. (Yes, even if you use Mobile Accounts or Portable Homes each account still has one home directory. You just have multiple copies of the user account and each copy has one home.)
  You can have multiple share points that serve as home directory share points. In other words, not all of your users' homes need to be stored in the same place. By "network home directory share point," we mean a shared folder (share point) that has a corresponding dynamic automount record in the directory domain. The share point mounts at /Network/Servers/servername/path/to/sharepoint, and users defined in the directory domain can have their network homes defined there.
  If you want to grant a group of teachers (let's call it teachers for simplicity) read/write access to student home directories, I'd suggest the following strategy:
  1. Create two network home directory share points - one to house the students' homes and one to house the teachers' homes. For this example, let's say that the student home directory share point is located at /Volumes/Disk1/StudentHomes.
  2. Create home directories for each student as you normally would.
  3. Then add an ACL that allows members of the teachers group to read/write within the student home directory share point. For our example:
  sudo chmod -R +ai "group:teachers allow readattr,readextattr,readsecurity,list,search,\
  read,execute,writeattr,writeextattr,delete,deletechild,add_file,addsubdirectory,\
  write,append,fileinherit,directoryinherit" /Volumes/Disk1/StudentHomes.
  4. Now teachers simply navigate to /Network/Servers/yourservername/path.../StudentHomes/student's name and dig around to find what they want. (The teachers have read/write control of all student home directories now.)
  5. When your teachers find it a little inconvenient to dig around in each student's home, suggest the following alternative: Simply create a share point to which students have read-only access and teachers can read/write. Within that share point, create "turn-in" folders for each teacher or class, and give students write-only (drop box) permission to the sub-folder. You could get more granular than this simple example where all students can turn anything into any teacher's "turn-in" folder, though.
  --Gerrit

• Open Directory and LDAP questions/difficulties

  Hi, my company is about to try out OSX Server to replace our old Irix file server. In order to do this we need to run through a number of tests in order to validate the idea. Basically, the test setup is a PM G5 running OSX Server 10.4 and a connected Mac and/or PC on the G5's second ethernet port as test clients. The first ethernet port is connected to the local subnet (192.168.1.x) and, ideally, the OSX Server should have its own subnet on the second port and serve DHCP, AFP and SMB to that port only, along with an OD shared directory providing both authentication and home directories for users. (later on, if all is successful, it will serve those services on the company subnet). DNS is supplied by a separate server on the subnet (DNS caching server running tinydns)
  I've read my way through the OSX Server documentation, and gathered all the information the Worksheet requires. The problems started occuring because we installed OSX Server over an OSX Client and broke off the Server Assistent, because we were worried at the time that turning on a Windows PDC would collide with our current (and very flaky) Samba server running on the Irix machine, and that DHCP might also collide with our current dhcp server.
  As a consequence, we tried to set it up via the Server Admin Panel, Network Prefs, and the Workgroup Manager, after having connected the second ethernet port of the G5.
  Doing this, and setting the OD service to an OD Master, along with a Search base of dc=hostname, dc=domain, dc=tld has not exactly changed much. The problem is that the info panel says that LDAP is not running. This confuses me no end. I thought OD was based upon LDAP. The server name in the Server Admin panel is hostname.local. And now I get to my real questions (finally):
  1.Would it be better to just wipe the machine and start again using the Assistent, and set up the ODMaster that way?
  2.When is an ODMaster not a local directory and when is it a shared directory (the hostname.local worries me)
  3.What services exactly need to be running for the ODMaster to function properly
  3.How do I configure the local subnet on the second port (should I use the Gateway Assistent or do it by hand), and how do I only serve those services to that port (do I do it by setting the router/gateway for those services as the IP of the second port or as localhost).
  4.Do I need to simply enable LDAPv3 on the clients and set the search path to automatic to get the clients to Autheticate?
  5.Do user and groups added to the hostname.local become part of the OD Domain?
  I'm sorry if I come across as a total newbie. I'm used to doing most of this on the commandline in Linux (except for LDAP, which is new to me), and the GUI. I have managed to entangle myself quite nicely in all this and could really use some pointers.
  Thanks in advance
  Theo.
  PowerBook G4   Mac OS X (10.4.7)  

  1. Starting with a freshly installed OS X Server is recommended, but start no services at first, you need working DNS with reverse zone for the server IP to run OD Master (and other services). If the server domain is to be different from the existing network domain name setup DNS in OS X for the test domain.
  2. I'm not sure I understand the question. LDAP/OD can be used on the server to "house" the user accounts but you don't have to bind computers to it.
  If you don't use the more advanced possibilities with LDAP/OD I don't think the clients even need to have LDAP configured to be able to authenticate.
  hostname.local = hostname and the standard Bonjour domainname .local ?
  3a. DNS, so that reverse lookup works for the hostname before setting up OD Master. OD needs a "true" domainname Bonjour isn't sufficient. Setup/use something like mydomain.private.
  3b. You don't need to do NAT, you can also route between two subnets (you would need a static route in your Internet router too).
  If you want NAT you can use the GW assistant. The interface on the top of the list in Network config (where you can add more/alias interfaces) is the "main" interface used as the "WAN"/"Internet" interface.
  4. If the clients are "standalone" (not bound to the OD domain or not using server based homefolders and such) I think you only need LDAP if you want the clients to be able to search for info in OD/LDAP. Not needed for authentication.
  You can send out LDAP info with DHCP.
  5. If you mean you add/enter users and groups to OD/LDAP directory it just means you can have different servers/clients using a central repository(?) for authentication purposes.
  If you add (bind) machines to the domain you can to control what clients can do locally (priviledges), which applications they can run and so forth.
  In /etc/smb.conf you can say which interface to use för samba (don't remember what to enter though). And if using the firewall (you must if you want NAT) you can stop Bonjour (mDNS - multicasts) from entering the "old" network if you like/need.

• Using extensions without having write permission to ext directory

  I'm trying to deploy a servlet and I need to use a Java extension so that I can get a dll required by one of my libraries into the Java path (the dll is packed in a jar). The problem, however, is that the user of the client machine is not guaranteed to have write permission to <jre>/lib/ext. Is there a way that I can specify an alternate directory for the jar to be placed in that the client user's permission will allow (e.g. Temporary Internet Files, Temp Directory, in the home directory, etc.)? Alternatively, is way to get the dll uploaded to the client machine without using extensions? Requiring the client user to manually install the file is not an option.
  Thank you.

  I solved this Problem myself!
  It is possible to give permission on status transition. That was what i was searching for!
  Thanks!

• Default directory structure - simple question.

  I need to add a configuration file to my application.
  I thought about adding it to either the web or web/resources directory of my project.
  My question is this:
  How do I reference either of these directories in my File access routine?
  Thanks

  Ah OK, now I see .. You can use a propertiesfile and put it in the classpath (inside a WAR, it can be the root of the package or the WEB-INF/lib directory). Then you can retrieve it by ClassLoader#getSystemResourceAsStream().
  Basically:
  String filename = "config.properties";
  InputStream input = ClassLoader.getSystemResourceAsStream(filename);
  Properties properties = new Properties();
  properties.load(input);
  input.close();
  String someKey = properties.getProperty("someKey");Where config.properties looks like:someKey = someValue
  anotherKey = anotherValueAlso see the java.util.Properties API.

• Directory Share Permissions Question

  Hello, Using MS server 2008 R2
  On the server we have a "D:" drive with several NTFS shared directories that were setup by another team.
  when I look at the share permissions, I see some that are Read/Write, and I see one called 'Contribute'.
  what is the 'Contribute' permission?
  Why would this be used instead of just Read/Write?
  Thanks
  MisterT99

  Greetings!
  It is a SharePoint related permission. Refer to the link below for more information:
  Permission levels and permissions
  Regards.
  Mahdi Tehrani   |  
    |  
  www.mahditehrani.ir
  Please click on Propose As Answer or to mark this post as
  and helpful for other people.
  This posting is provided AS-IS with no warranties, and confers no rights.
  How to query members of 'Local Administrators' group in all computers?

• Directory manager resource question

  Folks,
  On page 273 on the Iplanet DS Admin Guide it says that the directory manager receives unlimited resources by default. Using Dirsync, I get limits on look throughs and size limits. Also, from the console, the DM can only display 5000 entries (is this a console limitation???).
  Is this correct? If so, then why do dirsyncs fail to the message server fail unless I up those limits?
  thanks,
  keith

  I was wrong. It is not the directory manager but some guy named:
  uid=msg-admin-wip.acu.edu-20030205161045, ou=People, o=<mail domain>, o=<mailhead>,dc=<school>,dc=edu
  Once I fixed this entry's nsLookThroughLimit and nsSizeLimit and reset the defaults to 5000 and 200 respectively, dirsync still works.
  I found this out only by searching through the ldap logs for who was connecting.
  thanks and sorry,
  keith

• Recently lost permission to entire directory

  My wife and I have been sharing a folder in /Users/Shared that contained 5 iphoto libraries. All of a sudden, one day her user rights to access the iphoto library folder with all 5 libraries is gone. She gets an error that the iphoto library is locked, or the disk is locked. We have been successfully sharing these libraries for a while and now I have no clue how to restore her rights. info for those who don't know, only applies to change the rights of the current object, and doesn't change rights for all future items so that is not the answer. How does one loose rights so easily? Why does this even exist? Why can't shared be shared like it is on a PC? what's with all the security? I'm just trying to enjoy a computer with my wife and i'm having a rought time of it. I tried repairing disk permissions, but that didn't help. We are at a total loss and nobody who i've asked that owns a mac knows the answer.
  Can anybody help me? I don't know where else to get help.
  Thanks

  What are the permissions of the particular libraries in question? What are the permissions for the /Users/Shared/ folder and the /Users/ folder.
  Did you know you can share iTunes and iPhoto libraries from within each application? It should not be necessary to put the library in the /Users/Shared/ folder.

• SQL 2014 changed my NTFS permission - default backup directory setup

  Hello everybody.
  Today I realize that new SQL 2014 changed my existing folder permissions (NTFS). This folder was shared for domain users and had set NTFS permissions for domain users and local administrators.
  In setup of SQL I set backup directory to this shared folder and continued with setup. After finisting setup I realize that this folder is not accesible via network. Finally I realized that setup changed permissions - it added his MSSQL$INSTANCENAME account
  into Security Tab and added all permissions to it. Other permissions was erased!
  What the hell MS is wrong with you?
  I must retake ownership to this folder and subfolder to fix it.
  This is not funny and I think it is a BUG! I think that older SQL servers do not have begavior like this new one 2014.
  Maybe it will be helpfully for somebody.
  Maybe Microsoft found his lost saying - This is NOT a BUG, it is a FEATURE!
  Have a nice day and keep calm.
  Jarda Nechvatal

  it added his MSSQL$INSTANCENAME account into Security Tab and added all permissions to it.
  Other permissions was erased!
  Hello Jarda,
  That's nothing new and you have this behaviour in all SQL Server Versions; the SQL Server Service account is the owner of all subfolders of the Installation, even because the account needs permissions to read+write to those folders. So it is not a bug, it's
  by design and if you need different permissions on those folders then you have to define them manually.
  Olaf Helper
  [ Blog] [ Xing] [ MVP]

• Chmod / File permission when creating directory

  Hello,
  I'm updating an existing website that is developed by someone else.
  One of the scripts is used to upload files and is written in JSP (while all other pages are PHP). In this script, a directory is created using following code:
  File uploadDir = new File(folder);
  if (!uploadDir.exists()) {
  uploadDir.mkdir();
  This creates a folder with the following arguments: drwxr-xr-x (nummeric: 755).
  This means that only the owner has write-permissions... In another script, the same directory must be used to store some more files. This script is written in PHP and can't access the folder to write.
  How can I chmod / set permissions so the group can also write (775)? Using the first JSP-script...
  Thanks in advance.
  Greetz,
  l:x
  lx(at)lxit.be

  There is no way in java to change the umask of mkdir because to do so is platform-specific.
  Either have a separate daemon process look for directories and change permissions, change the default umask of the user the script executes as, or drop to a system call with Runtime.getRuntime and execute chmod yourself.
  [this post written from a unix perspective: change terminonolgy as appropriate for windows]

• Group Permission on Active Directory ?

  Hello every body ...
  PLz Help Me .
  I want To create the Group That its members can remote as a limited user and disconnect automatically at 14:00 pm from Server . (with AD)
  how to do this job ?

  hello Mr
  Thank for your Attention
  Active Directory on Windows Server 2008 r2 .
  I want To create the Group That
  its members can remote as a limited user to one member server and disconnect automatically at 14:00 pm from Server . (with AD)

• OID DIP (Directory Integration Platform) Question

  Does anyone have any experience or knowledge with running numerous DIP Profiles on an OID? We're looking at 500+ DIP Profiles, each of them running very frequently, every few minutes. Will it be a problem for OID to handle this number of DIP Profiles?
  Any help would be greatly appreciated.Thanks!

  We are syncing user information from a non-LDAP directory. Unfortunately, our DIT structure is such that certain types of users (as defined by geographic locations) are contained within separate folders. We have over 500 different "types" of users, each with their own place (container) in the tree. This removes the possibility of having one DIP mapping file. Each office has it's own mapping file and own config file that queries based upon said location.
  Thanks.

• Annoying "home directory is full" question

  The bizzare would happen mostly when a outcoming mail sending, either through .Mac or a pop3 gmail local account, and it would happen 4-5 times each day, and even twice might occure during just one hour!
  I tried check the surface of harddisk using OnyX and Techtool, nothing wrong; the file system, disk and disk premission had been repaired everytime; and I using a scheduled applescript to reindex the envelopeIndex file every other day (/usr/bin/sqlite3 ~/Library/Mail/'Envelope Index' vacuum"); and I also sometime followed the instructions on Apple website to just simply remove the EnvelopIndex and restart and let Mail to reconstruct the Mail boxes.......
  I tried every methods that I had googled and imagined, but I could not do A thing to the bizzare's happening.... faint!
  Yesterday I went to Applecare center to replace the topcase, and while I was talking with the tech. it was mentioned that they had using the Mail.app for years and none of them had met the bizzare for ONCE, and most of them did not using the .Mac service but some other POP3 mail instead.
  Would the bizzare just occure when using with the .Mac mail? is it a kind of IMAP flaw or whatever something like it?
  Could anyone help me figure out the problem?
  Message was edited by: Kelip

  Hello,
  I think your problem originates from your routine reindex script, and the use of .mac or IMAP account. The reindexing should not be needed except in rare cases, so long as you do not move things around in the Mail folder manually in the Finder. Also, as seen in the support doc linked below, Apple seems to treat .mac and IMAP situations differently in cases where forcing reindexing is needed -- see:
  http://docs.info.apple.com/article.html?path=Mail/2.0/en/ml1002.html
  For .mac and IMAP accounts, there must be some sort of index kept on the server, since access with more than one computer or email client will track the changes. Thus the Envelope Index in one computer's Mail folder cannot be inclusive of things on the server, at least not for certain.
  I would cease to do this scripted reindexing immediately, and I would follow the support document procedure to force one last reindexing of the local mailboxes.
  Also, a Gmail account, while POP access, is not a true POP server, so there might be problems there, although there are true local mailboxes in the Account folder for the Gmail account, that would have to be included in indexing.
  Ernie

• No write permission to the directory -error

  Hi,
  Now i am performing cloning in 11i in Linux box
  During the post clone operation on the target system
  I got the following error:
  No write permissions to the Inventory pointed by /u01/oracle/acouatdb/10.2.0/oraInst.loc: /u01/oracle/oraInventory
  Please run the script /tmp/orainstRoot.sh as root
  Restart adclone.pl after performing required corrections
  What i have to do
  Please help me

  While running the postclone in appstier
  When it is of 40% completed
  The error has occured as :
  AC-50207:Fatal:Failed to execute one or more of the config tools during Context Value Management
  Deactivating Context Value management System
  Restored the context file in:
  /u01/oracle/oraappl/admin/ORA_atlas.xml
  Aborting the running of context Value management
  java.lang.Exception:config Tool Failure
  at oracl.....................
  Skipping the starting of services
  INFO: Rapid Clone completed successsfully,but Autoconfig run recorded some errors.
  Please review the Autoconfig section in the logfile.If require you can re-run Autoconfig from command line after fixing the problem
  Once Autoconfig issue is fixed you can start the services
  Please help me..

• Database storing directory-like structure question

  I have a database with a column called File which store the fullpath and name of a file.
  e.g. "\root\myfolder1\myfile.txt"
  My problem is I would like to retrieve all content inside a particular folder, e.g. all content inside \root. What should I do?
  Thank you very much~

  thx...
  but the problem is I just want to have the direct children inside the folder.
  e.g., I got 3 entries in the database
  "\root\layer1\layer2\a.txt"
  "\root\layer1\"
  "\root\layer1\b.txt"
  I don't want to have those "\root\layer1\b.txt" or "\root\layer1\layer2\a.txt" returned.
  Thank you very much again.