Permissions for package owner for kill session?

Similar Messages

• Procedure for Killing sessions

  Hi All,
  Almost everyday we have requirement to kill user sessions for dev user, I'm thinking to create a procedure for this and grant to the users so that they can kill it by themself.
  Below is the what I got from Ask Tom forum, however appreciate if someone can share few information if already imlemented in there environment
  <quote>
  create or replace procedure kill_session( p_sid in number,
  p_serial# in number)
  is
  ignore pls_integer;
  BEGIN
  select count(*) into ignore
  from V$session
  where username = USER
  and sid = p_sid
  and serial# = p_serial# ;
  if ( ignore = 1 )
  then
  execute immediate '
  alter system kill session ''' ||
  to_char(p_sid,'999999')||','||
  to_char(p_serial#,'999999')||'''';
  else
  raise_application_error( -20001,
  'You do not own session ''' ||
  p_sid || ',' || p_serial# ||
  end if;
  END;/
  grant execute on kill_session to <username>
  </quote>
  Regards,
  shaan

  rp0428 wrote:
  >
  Instead of killing session with alter systemn kill session, better you opt for below two methods (still perform the same)
  >
  Please clarify what you mean. KILL and DISCONNECT do NOT perform the same.
  From the SQL Language doc
  http://docs.oracle.com/cd/B28359_01/server.111/b28286/statements_2013.htm
  KILL is the nice one -
  >
  The KILL SESSION clause lets you mark a session as terminated, roll back ongoing transactions, release all session locks, and partially recover session resources
  >
  While DISCONNECT is the ogre
  >
  Use the DISCONNECT SESSION clause to disconnect the current session by destroying the dedicated server process (or virtual circuit if the connection was made by way of a Shared Sever).
  >
  The difference between the two is roughly analogous to the difference between SHUTDOWN IMMEDIATE and SHUTDOWN ABORT.
  I agree that, for OPs use case DISCONNECT (with IMMEDIATE or POST TRANSACTION) may be better since it gets rid of things immediately while KILL can leave things hanging around for a while.From the same link:
  DISCONNECT SESSION Clause:
  The POST_TRANSACTION setting allows ongoing transactions to complete before the session is disconnected. If the session has no ongoing transactions, then this clause has the same effect described for as KILL SESSION.
  The IMMEDIATE setting disconnects the session and recovers the entire session state immediately, without waiting for ongoing transactions to complete.
  If you also specify POST_TRANSACTION and the session has ongoing transactions, then the IMMEDIATE keyword is ignored.
  If you do not specify POST_TRANSACTION, or you specify POST_TRANSACTION but the session has no ongoing transactions, then this clause has the same effect as described for KILL SESSION IMMEDIATE.
  basically the difference is not between DISCONNECT and KILL SESSION, the difference exists if you allow pending/ongoing transactions to finish(IMMEDIATE vs POST_TRANSACTION)
  Edited by: Keilor on Jun 25, 2012 12:57 PM
  Edited by: Keilor on Jun 25, 2012 1:39 PM

• Clearing OS SPIDs for KILLED sessions

  Hi All,
  I had killed some sessions in the DB (10.2.0.3) and their status is set to KILLED in v$session.
  I am trying to find the OS PIDs of these sessions to do a "kill -9 " but I could not get them. I am using the below query which is not returning anything as the entry does not exist in v$process:
  select
  p.spid
  from v$session s, v$process p
  where p.addr = s.paddr
  and s.status='KILLED';
  Is there any way to get the OS PIDs of these sessions or to clear the KILLED rows from v$session without bouncing the database.
  Regards,
  Bharath.

  hi,
  once you kill the user then his process and memory will be released..
  post the output of v$session;
  regards,
  Deepak

• ALTER SYSTEM KILL SESSION

  Hello Everybody,
  1) Is there any difference between “ALTER SYSTEM KILL SESSION & “kill -9”? Which one is the preferred method?
  2) When we do alter system kill 'sid, serial#'. Are we killing the user process or the server process?
  thanks in advance

  Welcome to the forum!
  Whenever you post provide your 4 digit Oracle version (result of SELECT * FROM V$VERSION)
  >
  Hello Everybody,
  1) Is there any difference between “ALTER SYSTEM KILL SESSION & “kill -9”? Which one is the preferred method?
  2) When we do alter system kill 'sid, serial#'. Are we killing the user process or the server process?
  >
  You should only use the 'kill' from the OS as a last resort.
  There are TWO Oracle options: KILL session and DISCONNECT session. Only rarely, in my experience will DISCONNECT SESSION not get the job done.
  See ALTER SYSTEM in the SQL Language doc
  http://docs.oracle.com/cd/B28359_01/server.111/b28286/statements_2013.htm
  >
  end_session_clauses
  The end_session_clauses give you several ways to end the current session.
  DISCONNECT SESSION Clause
  Use the DISCONNECT SESSION clause to disconnect the current session by destroying the dedicated server process (or virtual circuit if the connection was made by way of a Shared Sever). To use this clause, your instance must have the database open. You must identify the session with both of the following values from the V$SESSION view:
  •For integer1, specify the value of the SID column.
  •For integer2, specify the value of the SERIAL# column.
  If system parameters are appropriately configured, then application failover will take effect.
  •The POST_TRANSACTION setting allows ongoing transactions to complete before the session is disconnected. If the session has no ongoing transactions, then this clause has the same effect described for as KILL SESSION.
  •The IMMEDIATE setting disconnects the session and recovers the entire session state immediately, without waiting for ongoing transactions to complete.
  ◦If you also specify POST_TRANSACTION and the session has ongoing transactions, then the IMMEDIATE keyword is ignored.
  ◦If you do not specify POST_TRANSACTION, or you specify POST_TRANSACTION but the session has no ongoing transactions, then this clause has the same effect as described for KILL SESSION IMMEDIATE.
  See Also:
  "Disconnecting a Session: Example"
  KILL SESSION Clause
  The KILL SESSION clause lets you mark a session as terminated, roll back ongoing transactions, release all session locks, and partially recover session resources. To use this clause, your instance must have the database open. Your session and the session to be terminated must be on the same instance unless you specify integer3.You must identify the session with the following values from the V$SESSION view:
  •For integer1, specify the value of the SID column.
  •For integer2, specify the value of the SERIAL# column.
  •For the optional integer3, specify the ID of the instance where the target session to be killed exists. You can find the instance ID by querying the GV$ tables.
  If the session is performing some activity that must be completed, such as waiting for a reply from a remote database or rolling back a transaction, then Oracle Database waits for this activity to complete, marks the session as terminated, and then returns control to you. If the waiting lasts a minute, then Oracle Database marks the session to be terminated and returns control to you with a message that the session is marked to be terminated. The PMON background process then marks the session as terminated when the activity is complete.
  Whether or not the session has an ongoing transaction, Oracle Database does not recover the entire session state until the session user issues a request to the session and receives a message that the session has been terminated.
  See Also:
  "Terminating a Session: Example"
  IMMEDIATE Specify IMMEDIATE to instruct Oracle Database to roll back ongoing transactions, release all session locks, recover the entire session state, and return control to you immediately.

• When I repair disk permissions I get the following:Repairing permissions for "MacIntosh HD" Determining correct file permissions. Permissions differ on ./Library/Widgets, should be drwxr-xr-x , they are drwxrwxr-x  Owner and group corrected on ./Library/W

  Repairing permissions for “MacIntosh HD”
  Determining correct file permissions.
  Permissions differ on ./Library/Widgets, should be drwxr-xr-x , they are drwxrwxr-x
  Owner and group corrected on ./Library/Widgets
  Permissions corrected on ./Library/Widgets
  Permissions differ on ./System/Library/User Template, should be drwx------ , they are drwxr-xr-x
  Owner and group corrected on ./System/Library/User Template
  Permissions corrected on ./System/Library/User Template
  Group differs on ./usr/bin/fetchmail, should be 0, group is 6
  Permissions differ on ./usr/bin/fetchmail, should be -rwxr-xr-x , they are -rwxr-sr-x
  Owner and group corrected on ./usr/bin/fetchmail
  Permissions corrected on ./usr/bin/fetchmail
  Permissions differ on ./usr/lib/php/build/Makefile.global, should be -r--r--r-- , they are -r-xr-xr-x
  Owner and group corrected on ./usr/lib/php/build/Makefile.global
  Permissions corrected on ./usr/lib/php/build/Makefile.global
  Permissions differ on ./usr/lib/php/build/acinclude.m4, should be -r--r--r-- , they are -r-xr-xr-x
  Owner and group corrected on ./usr/lib/php/build/acinclude.m4
  Permissions corrected on ./usr/lib/php/build/acinclude.m4
  Permissions differ on ./usr/lib/php/build/mkdep.awk, should be -r--r--r-- , they are -r-xr-xr-x
  Owner and group corrected on ./usr/lib/php/build/mkdep.awk
  Permissions corrected on ./usr/lib/php/build/mkdep.awk
  Permissions differ on ./usr/lib/php/build/phpize.m4, should be -r--r--r-- , they are -r-xr-xr-x
  Owner and group corrected on ./usr/lib/php/build/phpize.m4
  Permissions corrected on ./usr/lib/php/build/phpize.m4
  Permissions differ on ./usr/lib/php/build/scan_makefile_in.awk, should be -r--r--r-- , they are -r-xr-xr-x
  Owner and group corrected on ./usr/lib/php/build/scan_makefile_in.awk
  Permissions corrected on ./usr/lib/php/build/scan_makefile_in.awk
  Permissions differ on ./usr/lib/system/libmathCommon.A.dylib, should be -r-xr-xr-x , they are -rwxr-xr-x
  Owner and group corrected on ./usr/lib/system/libmathCommon.A.dylib
  Permissions corrected on ./usr/lib/system/libmathCommon.A.dylib
  Permissions differ on ./usr/libexec/dumpemacs, should be -r-sr-xr-x , they are -r-xr-xr-x
  Owner and group corrected on ./usr/libexec/dumpemacs
  Permissions corrected on ./usr/libexec/dumpemacs
  Permissions repair complete
  The privileges have been verified or repaired on the selected volume
  Then I sometimes get the brown screen that states,You must re-start your computer.
  I have already zeroed out the hard drive and re-installed Panther and the upgrade Tiger disc.
  I repair permissions using the Tiger disc upgrade.
  Can anyone help me with this??

  > I repair permissions using the Tiger disc upgrade.
  One thing to note...  When running Repair Disk Permissions, it is best to run it while started up normally, from your normal startup disk, not from a Mac OS X installation disc.  The only time you should run it while started up from an installation disc is if some problem is preventing you from starting up normally. OTOH, Repair Disk can only be used when starting up from a different disk (such as an installation disc).
  So, I would start up normally, run Disk Utility, and use Repair Disk Permissions on your normal startup disk.
  NOTE:  Repair Disk Permissions often gives alerts messages that can be ignored.  They are more "informational," not serious errors.
  http://support.apple.com/kb/TS1448
  You should still run it periodically.  When you run it, what needs to be repaired has been repaired; consider the rest of it an FYI.  I've never experience a problem, where a Repair Disk Permissions message actually caused a problem.  But, if you ever get an error while running Repair Disk (or Verify Disk), that is usually a serious problem.

• How to know (package , procedures or functions) name for current sessions

  Hi all
  I'm DBA and i want to find way to get object name whatever (package , procedures or functions) for current running statement in active session.
  To clarify when i open session browser from toad i can see active sessions and see current statement for every session but without the name of the object.
  Is there any way to know this point.
  thanks in advance

  select *
    from dba_objects
  where object_id in (select nvl(t.PLSQL_ENTRY_OBJECT_ID,-1)
                         from v$session t
                        where sid = 452)
  Ramin Hashimzade

• Clear the entry for killed/sniped session in v$session

  Dear all,
  In our production database(11.2.0.1.0) running on windows 2008 server many client session showing inactive from last 4-5 hour and I want to kill those session because all sessions are dedicated so for this I created a resource plan set its idle time after certain interval session status is showing killed but it is not removing entries from v$session but our client demand is it must be clear from v$session so for this i was using DOS command taskkill utility to kill particular os process so I want to know what is the smartest way to do this.

  This is known behavior, not an issue.
  In a dedicated server environment when the session is killed and the rollback completes the process goes away so a join between v$session and v$process will fail. The v$session entry also usually goes away rather quickly, though I have seen cases where the v$session entry hung around till the instance was bounced. But normally Oracle will overlay the v$session entry with a new session using the same sid but a different serial# within seconds on a busy system.
  Mark @ http://dbaspot.com/oracle-server/40419-killed-sessions.html
  Metalink doc id 1023442.6 is also something confirming it.
  See also below link and last reply by Mr. Braj Kishore Mahto.
  http://dbaforums.org/oracle/index.php?showtopic=3039
  Regards
  Girish Sharma
  Edited by: Girish Sharma on Nov 21, 2012 5:35 PM
  So, what is best in this regard :
  ALTER SYSTEM DISCONNECT SESSION
  The ALTER SYSTEM DISCONNECT SESSION syntax is an alternative method for killing Oracle sessions. Unlike the KILL SESSION command which asks the session to kill itself, the DISCONNECT SESSION command kills the dedicated server process (or virtual circuit when using Shared Sever), which is equivalent to killing the server process from the operating system. The basic syntax is similar to the KILL SESSION command with the addition of the POST_TRANSACTION clause. The SID and SERIAL# values of the relevant session can be substituted into one of the following statements.
  SQL> ALTER SYSTEM DISCONNECT SESSION 'sid,serial#' POST_TRANSACTION;
  SQL> ALTER SYSTEM DISCONNECT SESSION 'sid,serial#' IMMEDIATE;
  http://www.oracle-base.com/articles/misc/killing-oracle-sessions.php#disconnect_session

• Appropriate permissions for the custom list

  Hi,
  Recently
  I have taken up SharePoint 2013 exam and I got bit confused for one of the question i.e.
  Case Study: Consolidated Messenger
  You are the lead architect developer and web administrator of SharePoint 2013 for your company.
  Consolidated Messenger is a national company with hundreds of franchises
  Consolidated Messenger sells franchises to franchisees. Franchisees have three user types
  User and its Role
  Franchise Manager- Response for managing the franchise
  Franchise Employee- Responsible for managing accounts and setting pick-up and drop-off locations for couriers
  Courier- Responsible for picking up and dropping off packages
  You need to set appropriate permissions for the franchise employees
  customer list and customer sub site access. What should you do?
  A) Add franchise employees to the Members group in the CorporateSiteCollection site collection.
  Break inheritance at the
  franchisee sub site level.
  Create a custom role definition at the
  franchisee sub site level.
  Add franchise employees to the custom role.
  B)
  Create a custom role definition in the CorporateSiteCollection site collection with the limited access to the customers list.
  Add franchise employees to the custom role at the CorporateSiteCollection site collection
  Break inheritance at the
  sub site level.
  Add franchise owners to the Owners group
  at the
  sub site level.
  C)
  Create a custom role definition in the CorporateSiteCollection site collection with the limited access to the customers list.
  Add franchise employees to the custom role.
  Add full inheritance of the role definition and permissions at the site level
  D) Add franchise employees to the Visitors group in the CorporateSiteCollection site collection.
  Break inheritance at the
  franchisee sub site level.
  Create a custom role definition at the
  sub site level with Full Control permissions.
  Add franchise employees to the custom role.
  I feel that both options B and C are applicable but I couldn’t come to conclusion.
  Please
  share your opinion the same.
  Regards,
  Sudheer
  Thanks & Regards, Sudheer

  @Naga, As per non disclosure agreement that you have signed / agreed with Microsoft, I think you should not share confidential exam questions or answers. That would amount to violation of NDA.
  Hope this helps!
  MCITP: SharePoint 2010 Administrator
  MCTS - MOSS 2007 Configuring, .NET 2.0
  | SharePoint Architect | Evangelist |
  http://www.sharepointdeveloper.in/
  http://ramakrishnaraja.blogspot.com/

• Permissions for software use in managed account

  I have developed educational software that I cannot access through a managed account in 10.4 and 10.3. When installed in 10.4, I can access it from an admin account, but in a managed account, I get a message saying I do not have permission. In System Preferences>Accounts>Managed Account>ParentalControls>Finder&System>Applications, the software is not included in the list, but clicking Locate lets me click it from a list but the message comes up that the software "...does not work with the limitations you have selected." I do not see where I selected any limitations except to make the account managed. In 10.3, I went into SystemPreferences>Accounts>Managed Account and the list of software to assign permissions in managed account (Limitations) has a place to check a box in front of the software, but the box does not stay checked after trying unsuccessfully to open the software. I use PackageMaker as my installer software and have checked all the permissions for read/write/execute (0777) for owner, group, and others. However, when I go into the installed software's GetInfo Ownership & Permissions and the owner is the managed account, the pull-downs are grey and disabled. The same happens when I merely drag/drop the software into the Applications folder.

  ..." I get a message saying I do not have permission"...
  That message really annoys me because it is an example of a poorly worded (misleading) dialogue - the problem has nothing to do with unix "permissions". It just means the app isn't in the list of applications approved by the "admin" for use in the managed account.
  If you are the developer, make sure you have given your app a unique 'CFBundleIdentifier' or else it likely won't be possible to add the programme to 'mcx_settings', meaning it won't work in a "managed" account.
  http://docs.info.apple.com/article.html?artnum=300842
  http://developer.apple.com/qa/qa2004/qa1373.html
  If the app isn't a "package", give it a unique "creator" code there is probably some procedure somewhere about figuring out what is allowed or what has already been taken, but I'm not a developer so I can't give you any more details...

• Unique permissions for Toplevel teamsite and NewForm.aspx?

  Perhapse I dont know how to seach for this but I cant manage to find anything in the forums here that addreses this specifically.  If I am in error concerning that PLEASE point me in the right direction, otherwise this is my issue:
  I have created a form based on a list I have created for capturing "engagements" (new task requests for a team within my department).  The goal of this form is to help us make record of (and track) tasks from other departments we get
  in hallway conversations, emails or IM clients.  A way for us to say "yeah sure we can help you with that...but please go here and file a request so I have something to log my time aginst."  We call that request an "Engagement"
  so my list is an "Engagement Request" list and it lives on our Sharepoint 2010 Team site.  *Yes I am aware there are a plethora of ticketing systems out there that might be able to better facilitate this but that isnt an option for us and I
  am the poor sod tasked with making it happen  using Sharepoint.
  What I am trying to do is set the permissions for the NewForm.aspx associated with this list so that anyone with a AD account can access it to create a new item (an "engagement request") but lock down access to the rest of the site..including
  the list (because one person who is engageing us for a password rest has no business seeing the record/status of our other engagments.  At this point I have figured out how to route the users (who have previously requested and been granted access
  to the site) from the Enagement form BACK to the the main menu so they dont automatically see the list.  Basically I added an image top the Top level team site that says "Engagment", linked it directly to the NewForm.aspx URL and
  appended it with the "?source=https//" bit at the end which will re-direct the user back to the Toplevel site on save/submit rather than the Allitems display of the list they just added a new item (Engagment) to. 
  Ok now that I have explained all that...and I apologize for the overly verbose nature of this post but what I need to do is set it so that anyone with a valid AD account can access the top level site of the teamsite...and Add a new item to the engament list...
  but that is all, nothing else.  I cant allow them to go into the other lists and libraries on the teamsite.  My research indicates that I can set unique permissions on things all the way down to files but I cant seem to wrap my mind around how to
  grant automatic access to the toplevel site (and the NewForm.aspx) but NOT everything else.
  I have been assigned as one of the owners of said site so I should have the required permissions to do this. Im just not sure HOW to do this.  Any assistance would be greatly appreciated.
  ~Confused SharePoint Teamsite owner

  Daniel,
  Thank YOU for taking the time to reply!
  Unfortunately I do not have the Enterprise version of SharePoint 2010 (and therefore no access to InfoPath form services) so I was forced to configure the permissions for the list using the browser interface.  As you suggested I configured the permissions
  for the top-level site  in the collection as such so that anyone within the ADS\Domain users group was part of a custom "Name of My Department Visitors" group (separate from the default SharePoint "Visitors" group). 
  I then managed the permissions on that group to have "Contribute" access.  After this I made EVERYTHING under The Main Page unique secured.
  I then went into the actual list that tracks the "engagements" and went to the List settings (via the ribbon) / Advanced Settings (under the General Settings heading) and set the "Create and Edit access:" option to "Create items
  and edit items that were created by the user".
  Using this setup I was able to log into the site using my test user account (which is part of the ADS\Domain users group) then access the "Engagement" New Item list and create an entry.  From here my re-direct dumped me back to the main page. 
  When I browse manually to that engagements listing I can now see (and Edit) the item I created (using my test user account) but NONE of the other items in the list.

• Read-only access permissions for new files/folders?

  System:
  Clean Install on new intel Xserve
  10.4.8 Server w/ Open Directory
  Windows clients can read/write completely fine...
  Clients connecting using AFP (whether Standard or Kerberos authentication) can access files, but when new files/folders are created on the server, they register as full permissions for the user who created them, but not for the rest of the group.
  The share(s) in question are set using POSIX from WGM: Full access for owner/group/everyone (changed it to this thinking it would help, but it does not). Of course, no one can make changes to a newly-created/deposited files/folders, which is just plain silly.
  I can chmod the permissions recursively from a script (which fixes the problem, of course) on a regular basis so that its not (as much of) an issue, but there is still a 5-minute lag for the script to kick in, since we don't want to bombard the server with chmod requests every minute....which is unnecessary in the first place!
  I have plenty of other setups which are identical but have no such issue...
  Any reason why POSIX permissions on the share are being ignored from every user account?
  Thanks,
  k

  "That's default posix behaviour no matter what access permissions you set on the sharepoint."
  I'm afraid this is dead wrong. What matters most is how you set permissions on the share, not if you've chosen to inherit vs. using POSIX. POSIX is still used in inherit functions, though you can use ACL's to override them. In this case, ACL's are not being used on those shares (though we tried it).
  After all, why would Apple (let alone anyone else) even offer the ability to change POSIX permissions on a share if it didn't have any effect? That would be somewhat contradictory in nature.
  Like I said before, I have several other installations which are identically setup that have no such issues.
  As for Windows, it is also not set to inherit permissions; we're setting those explicitly. And they work fine.
  Any other ideas?
  Thanks,
  k

• Remote Desktop Service Manager - configure permissions for Remote Desktop Users to Send Message, Disconnect, Logoff

  Hello, dear colleagues.
  We are using Windows Server 2012 R2 as Remote Desktop Server. Also use Windows Server 2008 R2 with Remote Desktop Service Manager to control RDS user sessions (Send Message, Disconnect, Logoff, Query Info). 
  Send Message, Disconnect, Logoff options works only for users in Administrators group.
  I can't to configure permissions for Remote Desktop Users, specific user or AD group. 
  To set permissions I'm running RDS Host Configuration on Windows Server 2008 R2 and connect to Windows Server 2012 R2. Then double-click
  RDP-Tcp, Security tab, add specific user account , AD group or configure
  advanced permissions
  for Remote Desktop Users.  
  But, as I sad above, these options works only for users in Administrators group. How to make it work for Remote Desktop Users or specific user, AD group?
  Thanks.
  P.S. If move specific user from Remote Desktop Users group to Administrators group on
  Windows Server 2012 R2 - it works. 

  Hi,
  You can prevent administrators from changing the permissions for a connection by applying the
  Do not allow local administrators to customize permissions Group Policy setting. 
  This Group Policy setting is located in Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security
  Apart there is one command with which you can set the permission for that check the related
  article. Additionally checkthis
  thread for more detail.
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Need insight for setting up permissions for sharing an external hd via OS X 10.6?

  Hello intelligent lifeforms,
  My supervisor and friend passed away a little over a year ago, and I am now trying to fill his shoes as the networking guru and could use some assistance.  I'm trying to share an external hard drive that is connected to my Mac Pro OS X 10.6 workstation with a Mac Pro OS X 10.4 workstation user.  I've tried setting up a Sharing Only account in my System Preferences-Accounts for the 10.4 user, and under System Preference-Sharing I turned File Sharing: On, added the Shared Folder, added the User and set priveleges as "Read Only."  My intentions are for the 10.4 user to only be able to copy files from the external hard drive so as to protect the archived files being stored there from being tampered with.  However, there is a User group listed as "Everyone" that I can't remove and believe it is taking precedence over the 10.4 account that I setup.  I do not know where this Everyone group originated from but believe it to be some kind of default group and a major obstacle.
  When the 10.4 user copies a folder from the external hd to his workstation and later copies it to a volume on our Xserve OS X 10.2 the folder shows that I do not have privileges to do anything to the folder (there is a red circle with a minus sign in it on the folder icon).  Eventually, I am to backup these files to the external hd where lies my dilemma.
  The volume on the Xserve being copied to is setup under Workgroup Manger-Sharing-Share Points-General:  "Share this item and its contents" IS checked, Owner: admin-Read & Write, Group: staff-Read & Write (where said user has been added to the staff group), Everyone: none (I do not think the Everyone group listed on the server has anything to do with the Everyone group on my machine?), Enable disk quotas on this volume is NOT checked.
  My tests show that the permissions are being carried over from the external hd Everyone group (Read Only) because even when the 10.4 user's permissions are set to Read & Write in System Preferences-Sharing-File Sharing-Users the folder still shows to be Read Only when it's copied.  I've even tried setting his Desktop privileges to Read & Write hoping that when he copies the folder the permissions would be overwritten.  Unfortunately, the only way to give me priveleges is for the 10.4 user to change them manually through Get Info from his workstation.  This is counterproductive to the workflow I'm trying to establish.  I've tried wrapping my brain around the flowchart of coordinating permissions/privileges between the different machines but to no success.
  Also, a note to add is I've observed a User: Firebird Database that is listed under System Preferences-Sharing on both of our workstations.  It cannot be removed either and I do not know where it is originating from.
  Is there anyone out there that has any insight to this situation?
  Perplexed,
  carl_prepress

  "Everyone" is not a Group.
  Every file has underlying Access settings for System, Owner, Group, and World.
  Access settings for Everyone mean everyone-else that is not explicitly mentioned in the other settings. It is the same as the Unix "World".
  If you set the Priviledges for a file to Everyone=Read, then any user with any credentials can read it.
  The User Categories Owner, Group, and Everyone
  You can assign standard POSIX access permissions separately to three categories of users:
  Owner—A user who creates a new item (file or folder) on the file server is its owner and automatically has Read & Write permissions for that folder. By default, the owner of an item and the server administrator are the only users who can change its access privileges (allow a group or everyone to use the item). The administrator can also transfer ownership of the shared item to another user.
  Note: When you copy an item to a drop box on an Apple file server, ownership of the item doesn’t change, but only the owner of the drop box or root has access to its contents.
  Group—You can put users who need the same access to files and folders into group accounts. Only one group can be assigned access permissions to a shared item. For more information on creating groups, see the user management guide.
  Everyone—Everyone is any user who can log in to the file server: registered users and guests. Hierarchy of Permissions
  If a user is included in more than one category of users, each of which has different permissions, these rules apply:
  • GrouppermissionsoverrideEveryonepermissions.
  • OwnerpermissionsoverrideGrouppermissions.
  For example, when a user is both the owner of a shared item and a member of the group assigned to it, the user has the permissions assigned to the owner.

• Disk Permissions for OS9 Partition?

  I am running 10.3.9 and OS9 on separate partitions. What are the correct disk permissions for OS9 when running in OSX. When I install from the restore disks it only lets me install on the OSX partition(owner-root/group admin). I have dragged the OS9 system folders over to the freshly formatted OS9 drive but my permissions on that drive are owner-mbell/group-mbell. Should I change the disk permissions to the same as the OSX drive or will they work with myself being the owner of the drive?

  ...

• What are the correct permissions for the Home folder?

  Since buying my first mac (G4 iMac) I've since bought 2 other macs & transferred my home folder from the older computer each time. Since then I've messed around with the permissions of the Home folder a few times to try share files & folders between my Windows PCs. So the permissions of the Home folder on all computers could be messed up a little.
  I want to set up permissions how they should be set up as default.
  I created another user account with admin priveliges & it looks like the Home folder should be set up as follows:
  Owner: 'my name'
  Access: Read & Write
  Group: admin or 'my name'
  Access: Read only
  Others: Read only
  And the sub folders (Documents, Pictures etc.) should be set up as follows:
  Owner: 'my name'
  Access: Read & Write
  Group: admin or 'my name'
  Access: No access
  Others: No accesss
  Is this correct, & if so shall I just set permissions on my Home folder exactly the same as the new account I set up?
  Or is there some way of resetting permissions for the Home folder?
  (I know repairing permissions with Disk Utility doesn't do this).
  Power Mac G5 Dual 2.3, 2.5 GB RAM, 20 Cinema Display | MacBook Pro 2.0 15"   Mac OS X (10.4.6)  

  Mac OS X does not have a built-in way of doing this, but you can make one yourself. Open the Script Editor in the /Applications/AppleScript/ folder and enter the following:
  do shell script "chmod 755 ~"
  try
  do shell script "chmod 700 ~/Desktop"
  end try
  try
  do shell script "chmod 700 ~/Documents"
  end try
  try
  do shell script "chmod 700 ~/Library"
  end try
  try
  do shell script "chmod 700 ~/Music"
  end try
  try
  do shell script "chmod 700 ~/Pictures"
  end try
  try
  do shell script "chmod 755 ~/Public"
  end try
  try
  do shell script "chmod 755 ~/Sites"
  end try
  This script can be saved as an application, which makes it possible to fix the permissions on a home folder with two clicks. The try statements are included so that the script will run if a folder doesn't exist. If the ~ object is a symbolic link, the permissions on it may not be changed; you can use the code block
  tell application "Finder"
  set the_home to POSIX path of (home as alias)
  end tell
  do shell script ("chmod 755 " & the_home)
  in this case. The rest of the script works as before.
  (12450)