Permissions issue with OSX 10.5.8
This is likely a newbie question. I am new to OS X, but I am familiar with Linux/Unix Terminal usage.
I have a permissions issue with OSX 10.5.8.
I cannot use basic commands on the Terminal, such as mkdir, on my own home directory. I get an error message saying the operation is not permitted.
I have traced the probable culprit down to default ACL permissions settings.
So after hours of research on Google, I found out that ACL are turned on by default in OSX 10.5.8.
But I don't know how to safely use it yet, so I need help.
I'm not quite familiar with ACL, so I need to know how to add myself safely and securely to modify my home directory.
The command is with chmod. Can this also be done via the GUI?
What is the option for chmod to modify my home directory?
Is it:
*$ cd ~*
*$ chmod +a "user:john allow write" .*
*$ chmod +a "user:john allow delete" .*
Alternatively, if I use the "chmod -N ." command on the home directory, will that safely remove all ACL? Or is that recipe for a major security hole in my machine?
Thanks!
There are many people on this board that know way more than I do. Sometimes there is the tendency to copy/paste some kind of boilerplate response though, especially if there isn't quite enough information about a particular problem, so just keep trying.
You should be able to add anything you want to your user directory without the use of any ACL entries. The purpose for the *deny delete* entries on the system created folders would probably be to reduce customer service calls about "accidentally" deleting some of the folders that the system expects to be there - it does not affect creating items.
To verify that there aren't other attributes getting in the way, open the /Applications/Utilities/Terminal application, copy/paste the following command(s) into the window (there is a trailing space), drag the problem folder(s) from a Finder window to the Terminal window (this will paste the path), press return and post back with the results:
/usr/bin/who am i; /bin/ls -leO@d
These commands will display the ownership and permissions, including any ACL entries and extended attributes.
On my Leopard user folder the permissions are drwxr-xr-x+ with an ACL entry *group:everyone deny delete*. These permissions allow read/write for me, read for everyone else, and an administrator authentication will be needed to delete the folder. These are similar to what you posted earlier, so maybe there is something else going on in there.
Similar Messages
-
Migration Assistant and permissions issues with new Mac Pro
Hi There,
I've not had any significant issues with Migration Assistant in the past but I can't create a reliable system with my new Mac Pro.
After using Migration Assistant during the initial setup, my user account wasn't even transferred. I tried restarting but in the end, I followed these instructions to reset and run the assitant again: http://stationinthemetro.com/2013/11/10/make-mavericks-re-run-the-setup-assistan t
I've just finished running it for a second time, and while the user account is now on my new system, there are so many permissions issues that the system is unusable (I can't even run Safari). Creative cloud, 1Password, safari, Dropbox are all apps that give me Disk i/o or permissions errors.
If I look in the user folder, many directories within it have a red minus icon. I've tried fixing permissions using Disk Utility but something is not right.
In the past, the new system just boots like the old one but this time round, it asked me to create an account after Migration Assistant had finished - is this normal? I used the same username and password as before but I'm not sure Migration Assistantis working properly.
Does anyone know a full-proof way of fixing and transferring my account without having to spend hours downloading OSX for a full erase and install?
Any help would be much appreciated.
Cheers
BenThanks for the reply,
I didn't understand exactly what to put into AppleScript sorry (never used it before) - so I just ran the following from the Terminal:
$ echo $UID
$ sudo chown -R 503 ~
And restarted - everything works now - thanks heaps.
What had happened and is this something I did or did Migration Assistant just get confused?
I have 3 new Mc Pros to setup on Monday so just want to ensure those are hassle free.
Cheers
Ben -
VPP Distribution issues with OSX Server Profile Manager
Hi, I have a new issue with my OSX 10.9.5 Server. I use VPP to distribute apps to users devices, when I would add a new user I would send them an invitation message through /profilemanager . All was working well until recenetly , the message still arrives in the users mailbox however when you click the "sign in" link on the "receive apps and books from xxxxx" email instead of opening through the Mac App store app it now opens Safari and connects to the profile manager server , any ideas ? it never has done this before and although I thought it was a new feature or method I can not seem to resolve the issue.
Hi if when you are redirected back to your Mac Server you enter the user name and password of the user you are trying to receive VPP apps for i.e the Open Directory credentials it will then open the App Store providing the credentials are correctly entered so it looks like an additional layer of security. The process is click on the link in the VPP invite email, this takes you to your Mac Server profile manager, log on with your OD account, App store then opens on your Mac like it used to.
-
Error creating custom reports. Permissions issue with custom reports
I am having permission issues with reports. I am building a new Configuration Manager 2012 infrastructure and I have configured the Site server on Server1 and the DB is on Server2. Server2 also hosts the Reporting Point and SSRS roles/features. If
I look in Monitoring at the Site Status and Component Status are all green no issues with the setup.
Running SQL 2008 SP2 (no CUs). I have a service account that I used to install Configuration Manager and SQL. This service account is running the SQL service on Server2 and i am using the same account as the Reporting Services Point Account.
I log into the SCCM console with a different user account, lets call it Admin1. This account is a member of the Full Administrator role. I can run any built in report.
When I open the SSRS website and try to create a custom report I connect the DataSource using Windows Authentication. So the Datasource is connecting using the logged in users account. In this case Admin1. I test the connection and it connects fine.
I test this query. (Select * from v_R_System) I only have about 10 workstations discovered so the report shouldn’t be very big. I get an error “The Select permission was denied on the object ‘v_R_System’, Database ‘CM_XXX’, schema ‘dbo’. (Microsoft sql server,
Error: 229)”
I have fixed the SELECT permission error by going into the database (using SQL Management studio) and granting Admin1 Select rights to the Configuration Manager database. I can now run the above query and make custom reports.
My 2<sup>nd</sup> problem is that other members of the Full Administrator role cannot run these custom reports unless I go into the database and grant them the SELECT permission.
Question:
Should I have to manually go into the database to add SELECT permissions(i could use a group)? shouldnt Configuration Manager take care of this for me?
Maybe the built in reports use the SQL service account rights and the custom ones do not? Am I doing something wrong with the Datasource when I create these custom reports?
What is the correct process for creating custom reports?I think i am getting closer to a solution. After the Custom report is created. i can go back into the report. Delete the DataSource. Then browse for a dataSource. there is a datasource located in http://server2/reportserver/ConfigMgr_XXX/
That datasource is used by all builtin reports. if you view the properties on the Credentials tab it is set to "do not use credentials" and the option is greyed out / cannot be changed.
it looks like i still need the SELECT permissions on the database to create the report initially but at least i have solved the problem with viewing these reports.
Can anyone confirm that what i did is correct? -
Permissions issues with multiple volumes
I'm currently running one boot volume with Snow Leopard and one with Mountain Lion on my Mac Pro. Due to current software compatibility-related issues, I need to be able to use both volumes regularly as part of my workflow for now, though I plan to transition fully to 10.8 in the next couple months. Right now, I'm running into a permissions issue that is impeding my workflow. When I first set up the 10.8 volume, I had access to all the folders in my main user account on the 10.6 volume. However, yesterday I used the process described in the link below to change name of my home folder, which includes creating a new user account. With this new user account, I find that I do not have access to user content on my 10.6 volume.
http://support.apple.com/kb/HT1428
I know how to change permissions in the "Get Info" window, but I'm wondering if there's a way to globally give this account the same permissions the original one had. (Actually, I thought that was what the process in that support article was supposed to do, so perhaps I've done something wrong...) As it is right now, if I've granted myself read and write permissions to the Documents folder, but those permissions seem to have "cascaded" inconsistently--some files and folders are still blocked, others are accessible. Can anyone help me out with this? For now, I'm just going to copy the files I need over, but I need a better solution.Anyone have any ideas?
-
I just suddenly started having issues with my permissions with folders on external drives. Many of my folders (which appear to be random) no longer allow me to read or write them, and a dialog box appears saying I do not have permssion to access the folders. I only have one user which is the admin user.... what could have caused this? I have some drives with duplicate data on them, and different folders appear with the loss of access then others on other drives. I thought this was specific to my newest MBP (10.7.2) but notice both my older MBP and my really old G4 do the same thing, but with different folders each time. I have repaired permissions twice on the newest MBP to no avail. When I get info on a restricted folder, I notice that under 'permissions' my username does not appear, just a 'fetching....' but no username ever appears. If I unlock the folder using my admin password, I can change access for 'everyone' to read and write, and then I can access it. But what is going on here? All drives have been verified under disc utility, and as I mentioned, I have repaired permissions on the MBP which seem to be fine. This is weird..... (and a little alarming)
Select the icon of the volume in the Finder and open the Info window. Click the lock icon in the lower right corner and authenticate. Then do either of the following:
Check the box to Ignore ownership on this volume.
In the Sharing & Permissions section, give yourself read & write privileges, then select Apply to enclosed items from the menu with the gear icon. -
Permissions issue with Entourage after upgrading to Leopard
I upgraded my system to Leopard and in doing so, did a "clean" install. I copied my backup Database file to the Identity folder and now i get "you do not have sufficient permissions to view contents of this folder" when trying to launch. If i let Entourage create a new database file, it works fine....
Maciej Samsel wrote:
GIMP 2.2 crashes on start and the details explain some versioning problem of X11 native libraries. It might be issue on GIMP side that expects differen binaries to be installed (and perhaps removed by Apple due to compatibility issue). I just wanted to point this to be expected.
GIMP 2.4 for Mac OS X is not official release yet. It is only realease candidate and it should come soon hopefully with X11 issue being resolved in Leopard.
I believe that there are some known issues with X11 and BSD "under the hood" with Leopard. Fink is also broken and my old Darwin X11 attempts to run but nothing happens. -
Disk Utilities/Permissions Issues with Leopard
What is wrong with Leopard's permissions? I have had numerous permissions issues, and had to reformat my two disk drives and Archive & Install Leopard on my startup disk after a Tiger to Leopard Upgrade.
Now when I run Disk Utilities and Repair Permissions (which I do routinely), what used to take a minute or two in Tiger now takes a half hour (or longer) in Leopard?
I ran Disk Utilities on my MacPro and it has taken nearly 25 minutes and is still going. My MacBook Pro is estimating the time at 1-minute remaining (where it started), and it has also been going for 25 minutes plus. I would like to go to bed, and don't want to leave my MBP running over night if I don't have to.
This is a major issue and one which Apple needs to address immediately. I trust I am not the only User having this issue, is this the case?No your not the only one. It's been reported throughout the discussions. Appears that some of the errors reported in disk utility will not effect performance. Still, I expect that something is being observed and worked on as an update..
-
Permissions issue with Time Machine backup store
I am struggling with a Time Machine permissions issue on an iMac running OS X 10.10.2 + OS X Server 4.0.3, and backing itself up to an external USB disk.
Backups complete successfully, but I am unable to carry out any user-level operations such as accessing the "time travel" interface via Enter Time Machine from the menu bar. Invoking Enter Time Machine fails with the error Can't connect to a current Time Machine backup disk. Likewise, although tmutil will correctly list the backup destination, tmutil listbackups produces an error:
$ tmutil listbackups
2015-02-05 16:53:19.413 tmutil[29181:2324148] Error enumerating (null): The file “Backups.backupdb” couldn’t be opened because you don’t have permission to view it.
No machine directory found for host.
My system logs are full of similar error messages from Finder.
On the back volume, the permisisons to the store are set to owner root and group wheel, and there is an access control list applied to the directory and Backups.backupdb:
$ ls -lae
total 2688
drwxrwxr-x 12 root wheel 476 Feb 4 22:29 .
drwxrwxrwt@ 9 root admin 306 Feb 4 11:57 ..
0: group:everyone deny add_file,add_subdirectory,directory_inherit,only_inherit
drwxrwx---+ 6 root wheel 204 Jan 30 13:49 Backups.backupdb
0: group:everyone deny add_file,delete,add_subdirectory,delete_child,writeattr,writeextattr,chown
-rwxr-xr-x@ 1 root wheel 115716 Nov 13 02:43 tmbootpicker.ef
The problem is clearly the drwxrwx--- permissions applied to the store. I can temporarily revert these with chmod, after which all the user-level operations described above work correctly. But on the next backup, backupd will revert the permissions to give wheel write access and remove rx privileges for everyone else. It doesn't leave anything in the system log to suggest why it is making this change.
I have a MacBook also running OS X 10.10.2, without the Server pack. This also backs up to a (different) external volume. On this volume the owner, group and access control list for the store are set as above, but the permissions are (and remain) what I would have expected, drwxr-xr-x.
Is there any obvious reason why backupd should be modifying the permissions in this way — and is there any way to stop it?Thanks - I was seeing exact same problem on one of my client's machines (10.10.2 with OS X Server). I could see wrong group of "wheel" but wasn't certain that just changing to "staff" would be enough - but seems to have sorted things out
-
Privileges/permissions issue with drop box/archive folder
Hi there,
I'm having an issue with the permissions on a folder on my iMac. I'm running Leopard. Here at our office, I have my computer set up just like everyone else; within my drop box I have an folder titled "Archive", and within the archive folder I have a folder named after the boss' external hard drive. When the files are on her hard drive, she moves them into this folder so that we know they're completed and can be burned to disc.
For some reason though, she can no longer access this folder in my drop to drag anything into it. One day I found something online that told me to set something through my system preferences. It worked, but I can't remember what I did! The folder seems to have "relapsed" and once again, she can't access it. "Get Info" doesn't work, no matter how many times I change the permissions- it always says everyone should be able to read and write. I've also tried changing permissions and shared folders in the "Sharing" section of system preferences. It just doesn't seem to want to go. I think she might be running Tiger; is there a possibility that that's the issue?
Any thoughts? Any help is greatly appreciated! Thanks!I would check the system preferences / sharing / file sharing .. highlight file sharing (leftside) and setting to edit changes will be on right side for 10.6.x S Leopard. I would look for a somewhat similar setup in Tiger for its file sharing settings.
-
Permanent solution to permissions issue with ML and iPhoto?
Hi, since upgrading my late-2011 Imac to ML, I have had issues with iPhoto. (All updates have been applied as they become available.) I am using a shared iphoto library across two user accounts. Both users are Admin accounts. When user A loads pictures, user B cannot see them til we have run the 'repair permissions' option. Same happens in reverse ie user B loads photos and we need to repair permissions for them to be visible to user A. (Thumbnails are available but when clicking through to the actual photo we get the 'exclamation mark / point of death'.) Any ideas on a permanent fix for this, as the need to do this every time is a pain tbh.
Hi, since upgrading my late-2011 Imac to ML, I have had issues with iPhoto. (All updates have been applied as they become available.) I am using a shared iphoto library across two user accounts. Both users are Admin accounts. When user A loads pictures, user B cannot see them til we have run the 'repair permissions' option. Same happens in reverse ie user B loads photos and we need to repair permissions for them to be visible to user A. (Thumbnails are available but when clicking through to the actual photo we get the 'exclamation mark / point of death'.) Any ideas on a permanent fix for this, as the need to do this every time is a pain tbh.
-
Mighty mouse usb and wireless issues with OSX 10.6.1
Since upgrading to OSX 10.6.1 I have experienced intermittent mighty mouse issues with both the USB and wireless mouse. Essentially the mouse works as a pointer. However, I cannot select anything or use the mouse buttons. I need to re-start the machine in order to get it to work properly again. Anyone else had this issue or have suggestions for fixing it?
Pushing the power button briefly on my iMac turns off the display and stops the hard drive running (both my internal and external drive). Pushing it briefly again brings everything back up in about 2 seconds - it's not a full startup. That's why I call it "sleep" - cause that's what it seems to be doing.
-
Permissions issues with WebServer
We host our own website on our Xserver (v. 10.4.something). There are two of us who add folders and files to the website, but we often run into permissions issues. If a file is created on the server itself, logged in as Admin, we're fine. But if one of us FTPs in (often easier than physically walking over to said server to move the files manually), then whatever directories we create and files we place are defaulted to read-only for every other user.
Is there a way to set our user account permissions or WebServer permissions to automatically be read-write for the groups we belong to?
Thanks
-RitaYou could probably use inherited ACL's for this? If you enable ACL's (requires reboot in 10.4.x server, 10.5.x has ACL enabled by default) then you can use server admin and specify ACL's as desired (Including inheritance or otherwise). This way you could set it as such that specific groups / users or even everyone has whatever access you need for directories and files based on the settings you specify.
HTH. -
Triple Display Issue with OSX Lion
I have the following setup:
iMac OSX (Snow Leopard)
3.06 GHz Intel Core i3
4GB 1333 MHz DDR3
500GB Hard Drive
I have 3 monitors hooked up, one is a 24 inch benQ through mini display with vga and then i have the 21.5 imac and then a 23 inch acer hooked up with an external usb video card usb to dvi. I had this setup before lion was released when i was using snow leopard and it worked perfectly fine, but now with the lion update it does not work the screen just continuiously flickers on and off; i tried swapping monitors and it still doesnt work so it has to do with a possible software issue.
I have updated to the latest drivers, installed restarted and everything i can think of; does anyone have any suggestions?
This is a video I made of my issue:
http://www.youtube.com/watch?v=h23Rtkfiuq8&feature=channel_video_title
If anyone can help i would GREATLY appreciate it!I'm pretty sure its not a monitor issue, as the issues vary between monitors
I'm pretty sure this is a display and adapter and interface problem, especially when the name(s) of your display(s) show up wrong after sleep.
The Mac uses one display driver that is highly parameterized. The parameters to be used are set by sending a query to the display for its name and capabilities. This query is sent on the secondary digital data channel, and is sometimes referred to as EDID data.
Currently both 20's are recognised as 'vga display' or 'color LCD', no resolution options are available, just what it defaults to (640 x 480)
When the name of the display is not correctly reflected in the name of its Display Preferences pane, that is a direct indication the display-adapter-cable-display part of the chain "dropped the ball" in resounding to the Mac's query for capabilities.
Adapters that do not pass the EDID data through, and displays that do not answer when queried for their name and capabilities are the primary source of problems. For example, TV sets that are not "paying attention" to the secondary data channel, and therefore do not answer the query, drive Mac users crazy.
The query is sent in response to four different events:
• System Startup
• wake form sleep
• cable insertion at the Mac-end (not necessarily at the Display-end)
• The use of the Option-Detect_Displays button in Displays Preferences window -
Permissions Issue with Infopath Data Connection
I'm not really sure how else to title this....
Issue - InfoPath Form on SharePoint 2010 gives 'You do not have permissions to access a SharePoint list that contains data required for this form to function correctly."
It gives a correlation ID
Log file shows
"Exception Message: The form cannot run the specified query. The list could not be found."
Note the look-up is to a SharePoint list on the same content database.
We have two Web-Front End servers with a load balancer. We've had a number of other permissions type issues when the 'token' gets switched from one server to another, so we have the HOSTs file on each server pointing back to itself, so that once a
server is 'grabbed' it stays on the same one.
The error we are having currently, only seems to be occurring on the first Web Front End Server.
Also we have sharepoint setup with an address of
http://sharepoint.domain.com as well as an alias. http://sharepoint.
The error we are having currently, only occurs if I use the fully qualified domain
" http://sharepoint.domain.com" on the InfoPath data connection. If I use the shortened alias, the error does not occur. That is the current/easy solution, but I would like
to fix it 'correctly' if possible.
So, it appears to me that only on one of the Web Front End servers, it isn't liking the fully qualified path when doing a data connection.Hi ,
Is the above issue fixed . if not please check below option
Check the List / Library [Source for dataconnection ] permission setting .
If the permission is unique [ restricted from root site]. we will the above type error message
Velu K
Maybe you are looking for
-
Problem in scenario : file to idoc through bpm
hi, iam working on a scenario ,which splits invoice packets and sends it various receivers. i encounter an error when sending the split message to the receiver.the error is, [i<b>]"cannot convert the sending service into an ale logic
-
Not allowing to update RG23A part 1
Hi All, I have done a GR with capturing the excise. but after this i captured the excise with J1IEX, reference to GR, but when i am going to update the excise register with T-code: J1i5 with reference to GR (material document), system showing the mes
-
I have FF7 @ home. simple mistake which is very irritating also is, in 3.6.2*, right-click-> 1st option -> Open in New Window but in FF 4 onwards its right-click -> 1st option -> Open in new tab!! Have it optional , check for update .. or get latest
-
I have writen simple fuction which have one parameter of String type. In this parameter i am sending an XML string. Is there anyone who knows how to parse this XML-String ? Thanks.
-
I have been using ps touch on my iPad 2 for months. Today it will not load all the way when I try to open it. It just freezes with photoshop touch on the screen. Has this happened to anyone else???