Permit udp any any to allow ping ?!

Similar Messages

• Permit ip any any

  Hi All,
  I have a question around the permit ip any any statement on an inbound ACL when using NAT. Is it safe? If I take the statement out of my list I can't do anything.
  Example:
  interface GigabitEthernet0/0.10
   encapsulation dot1Q 10
   ip address 192.168.1.1 255.255.255.192
   ip access-group IN_OUT_VLAN10 in
   no ip redirects
   no ip unreachables
   no ip proxy-arp
   ip nat inside
   ip virtual-reassembly in
  end
  ip access-list extended IN_OUT_VLAN10
   permit udp any any eq bootpc
   permit udp any any eq bootps
   deny   ip 192.168.1.0 0.0.0.63 192.168.1.64 0.0.0.63
   deny   ip 192.168.1.0 0.0.0.63 192.168.1.128 0.0.0.63
   deny   ip 192.168.1.0 0.0.0.63 192.168.1.192 0.0.0.63
   permit ip any any
  Above list is to block my internal subnets*
  interface Dialer1
    mtu 1492
   ip address negotiated
   ip access-group OUTSIDE_INSIDE in
   no ip redirects
   no ip unreachables
   no ip proxy-arp
   ip verify unicast source reachable-via rx allow-default 100
   ip nat outside
   ip inspect IN_OUT_CBAC out
   ip virtual-reassembly in
   encapsulation ppp
   ip tcp adjust-mss 1452
   dialer pool 1
   dialer-group 1
   no keepalive
   ppp authentication chap callin
   ppp chap hostname ******
   ppp chap password ******
   no cdp enable
  end
  ip access-list extended OUTSIDE_INSIDE
   remark OUTSIDE_INSIDE_ALLOW
   remark *****
   permit tcp host ********* any eq 22 log-input
   remark ***********
   permit tcp host ************* any eq 22 log-input
   remark *********
   permit tcp host ************* any eq 22 log-input
   remark OUTSIDE_INSIDE_BLOCK
   deny   icmp any any echo
   deny   icmp any any echo-reply
   deny   tcp any any eq 22 log-input
   deny   udp any any eq 22 log-input
   deny   tcp any any eq telnet log-input
   deny   udp any any eq 23 log-input
   permit ip any any <<<<< Without this here I have no traffic*
  ip nat inside source list VLAN10_OUTSIDE interface Dialer1 overload
  ip inspect name IN_OUT_CBAC tcp
  ip inspect name IN_OUT_CBAC udp
  ip inspect name IN_OUT_CBAC icmp
  Above is a basic firewall for outbound connections and returning traffic** (I hope)
  My question is do I need to put every single port I want to allow in and out in even though I am using NAT? It will be an insane list especially with gaming as XBOX uses random ports each time. I don't have any static NAT entries so when I do a port scan they are all closed as expected except 22 and 23 which I have closed only to specific hosts. Does IP here mean basically IP as in routing addresses etc (which would make sense) or does it mean the entire TCP/IP suite like TCP and UDP ports etc..
  This has confused me so long I thought I would ask.. I see it on a lot of SMB routers with ADSL etc using NAT..
  Thank you kindly everyone.

  Sorry Colin, here we are
  #sh ip inspect all
  Session audit trail is disabled
  Session alert is enabled
  one-minute (sampling period) thresholds are [unlimited : unlimited] connections
  max-incomplete sessions thresholds are [unlimited : unlimited]
  max-incomplete tcp connections per host is unlimited. Block-time 0 minute.
  tcp synwait-time is 30 sec -- tcp finwait-time is 5 sec
  tcp idle-time is 3600 sec -- udp idle-time is 30 sec
  tcp reassembly queue length 16; timeout 5 sec; memory-limit 1024 kilo bytes
  dns-timeout is 5 sec
  Inspection Rule Configuration
   Inspection name IN_OUT_CBAC
      tcp alert is on audit-trail is off timeout 3600
      udp alert is on audit-trail is off timeout 30
      icmp alert is on audit-trail is off timeout 10
  Interface Configuration
   Interface Dialer1
    Inbound inspection rule is not set
    Outgoing inspection rule is IN_OUT_CBAC
      tcp alert is on audit-trail is off timeout 3600
      udp alert is on audit-trail is off timeout 30
      icmp alert is on audit-trail is off timeout 10
    Inbound access list is OUTSIDE_INSIDE
    Outgoing access list is not set
  Established Sessions
   Session 29F5EA3C (192.168.1.198:55435)=>(54.194.173.224:5671) tcp SIS_OPEN
   Session 29F5282C (192.168.1.14:62790)=>(54.243.233.199:443) tcp SIS_OPEN
   Session 29F4FAE4 (192.168.1.14:62795)=>(17.110.224.20:443) tcp SIS_OPEN
   Session 29F51914 (192.168.1.13:58339)=>(65.20.0.43:993) tcp SIS_OPEN
   Session 29F54CD4 (192.168.1.13:58341)=>(65.20.0.43:993) tcp SIS_OPEN
   Session 29F5E5EC (192.168.1.13:58340)=>(65.20.0.43:993) tcp SIS_OPEN
   Session 29F52A54 (192.168.1.13:58314)=>(17.172.239.80:443) tcp SIS_OPEN
   Session 29F5C36C (192.168.1.17:49964)=>(157.55.236.97:443) tcp SIS_OPEN
   Session 29F4FF34 (192.168.1.14:62797)=>(216.157.12.18:80) tcp SIS_OPEN
   Session 29F5DF74 (192.168.1.14:62723)=>(69.171.235.48:443) tcp SIS_OPEN
   Session 29F5534C (192.168.1.14:62794)=>(66.117.29.37:443) tcp SIS_OPEN
   Session 29F5F2DC (192.168.1.14:62793)=>(81.144.168.143:443) tcp SIS_OPEN
   Session 29F52EA4 (192.168.1.18:53043)=>(17.110.226.11:443) tcp SIS_OPEN

• "permit tcp any any established" and IOS Firewall

  Guys, I need some clarification here. I have already asked couple TAC guys but they either did not know the answer right away or they wanted to send me to another team who might answer it...
  I have a single router. One LAN, one WAN. It is an 800 series router and IOS Firewall feature is turned on as follows:
  ip inspect name IOS_Firewall tcp
  ip inspect name IOS_Firewall udp
  ip inspect name IOS_Firewall icmp
  interface FastEthernet4
  ip address dhcp
  ip access-group 161 in
  ip nat outside
  ip inspect IOS_Firewall out
  ip virtual-reassembly
  duplex auto
  speed auto
  no cdp enable
  crypto map mymap
  access-list 161 permit udp any any eq ntp
  access-list 161 permit udp any any eq bootpc
  access-list 161 permit tcp any any established
  access-list 161 permit icmp any any
  access-list 161 permit esp any any
  access-list 161 permit gre any any
  access-list 161 permit udp any any eq isakmp
  access-list 161 permit udp any any eq non500-isakmp
  access-list 161 permit udp any eq non500-isakmp any
  access-list 161 permit udp any eq isakmp any
  access-list 161 permit udp any eq domain any
  access-list 161 permit tcp any any eq telnet
  access-list 161 permit tcp any any eq 1723
  access-list 161 permit tcp any any eq 4500
  access-list 161 permit tcp any any eq 5000
  access-list 161 permit tcp any any eq 5500
  access-list 161 deny   ip any any log
  My question is, is the statement "access-list 161 permit tcp any any established"  required since I already have the IOS Firewall feature turned on?
  Thank you

  No you do not need it with CBAC's TCP inspection enabled.

• Purpose of inside_access_in permit ip any any

  Hi All,
  Reviewing some firewalls from a company acquisition and moving to standardize configs with the existing firewalls.  I see they've configured the following, and I fail to see it's purpose and hoping someone can provide some insight.
  These are 5505's:
  access-list inside_access_in extended permit icmp any any
  access-list inside_access_in extended permit ip any any
  access-group inside_access_in in interface inside
  Don't understand the purpose of this. The inside interface is security 100, and the outside is security 0.  Aren't these flows allowed by default?  I get that you can specify inside_access_in when you want to limit what can go outside, but in the can of "any any" above, I don't see the point.
  access-list outside_access_in extended permit icmp any any
  access-group outside_access_in in interface outside
  Same thing here ---> It's my understanding that ICMP, HTTPS & SSH all occur before the firewall function comes into play on a 5505, so isn't this ACL also moot?

  I've sometimes seen the "inside_access_in" case used to trigger logging or hits against the access-list for a very basic connection accounting function. Beyond that though, it's a pretty superfluous command.
  I could speculate that some inexperienced admin put it in just to satisfy any doubt he/she may have had when asked "are you SURE the firewall isn't blocking my traffic?" (although it may still have been if there was an inspection rule being hit :-p )
  The outside one would allow pinging initiated from the outside of internal hosts that are externally addressable. (Although if that's the only entry in the ACL it would prevent all other outside-initiated traffic.) 

• K9A2 Promise T3 SATA connectors: Any settings allow for DVD burners?

  The references to SAS and "storage device only" for the Promise T3 controller are a bit cryptic for me, so I'm wondering if anyone can spell out what (if any) settings allow the Promise to control DVD drives.  Win2k Server is my OS.

  Anyone tested whether there is any difference in disk performance when the RAID is on the Promise versus the SB600?
  If it were the same, I imagine that one might run drives off the T3 and SATA burners off the SB600 in IDE mode? 

• After loading yosemite can't get permissions from any network PC - OK from MACs on network...any advice?

  after loading yosemite can't get permissions from any network PC - OK from MACs on network...any advice?

  would love to...way over my head so far...upgraded to Yosemite 10.10.2 - I have another MAC (motorola chipset...maybe 10.6?) and 3 PCs on the network...the older MAC linked up through the network just fine...
  I can see the Yosemite MAC on the PCs...I can open customer file folders (I am a printer) from the shared drive...I can drag files (let's just call them PDFs, they mostly are) to the MAC customer file...but if I try to open them from the PC I get an error message that says permission denied - or may be in use by another user. There are no other users. After I uploaded to Yosemite, I noticed most if not all drives and or folders had permissions changed to either no access or to read only...I've changed as many as I could find...drives, and folders...I can open those same files if I'm on the yosemite mac...Here's the catch, though...I was on a different floor and that PC can open a PDF on the Yosemite...but the RIP that prints our large format prints now won't print those files (whole RIP locks up) unless they are first dragged to the PC desktop...then all is fine. I thought it was MAC upgrade oriented, but I do have a PC that halfway works...I'm really stymied...

• How to allow ping from inside to outside in 2900 router?

  Hi,
  I have a Cisco router 2900 with firewall, i need to know how can i allow the ping from self zone to outside zone, i trried to create policy from self to outside but i still didn't allow ping or tracert, i get that message when i try to ping from cisco router:
  "Unrecognized host or address, or protocol not running"
  any help will be appreciated.
  Thank you

  Hi jcarvaja
  here is the used configuration:
  Building configuration...
  Current configuration : 5584 bytes
  ! Last configuration change at 09:00:20 UTC Tue Apr 9 2013 by admin
  version 15.1
  service timestamps debug datetime msec localtime show-timezone
  service timestamps log datetime msec localtime show-timezone
  no service password-encryption
  service udp-small-servers
  service tcp-small-servers
  service sequence-numbers
  hostname Router
  boot-start-marker
  boot-end-marker
  security authentication failure rate 3 log
  security passwords min-length 6
  no logging buffered
  no logging console
  enable secret 5
  no aaa new-model
  no ipv6 cef
  ip source-route
  ip gratuitous-arps
  ip icmp rate-limit unreachable 1
  ip cef
  ip name-server 163.121.128.134
  ip name-server 163.121.128.135
  ip port-map user-custom-fleet port tcp 2000 list 1
  multilink bundle-name authenticated
  crypto pki token default removal timeout 0
  crypto pki trustpoint TP-self-signed-324261422
  enrollment selfsigned
  subject-name cn=IOS-Self-Signed-Certificate-324261422
  revocation-check none
  crypto pki certificate chain TP-self-signed-324261422
  certificate self-signed 01
    30820229 30820192 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
    30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
    69666963 6174652D 33323432 36313432 32301E17 0D313330 34303930 38343034
    375A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
    532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3332 34323631
    34323230 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
    B8ABD60F 8C879B3B BC1C1643 48059AD2 F940A700 6D58161E 37D53E6E E028B806
    61EAA942 CED2A3C6 3FB3A47E 20E05B10 0941A9D8 38FFA6F9 D2B9E52C 225A57BA
    14F8842A A26E7E02 38E9F7C8 328504D0 5C3EEE41 CC75B237 BBD07CBA 1A850540
    2A5AAFAD 4553FB03 0E366211 9AC09967 4DC03082 0AF546A3 F6AA2739 1D8A8AA9
    02030100 01A35330 51300F06 03551D13 0101FF04 05300301 01FF301F 0603551D
    23041830 16801428 FEEB3910 B7A1D374 1F86BCD5 96CEDF75 8DF11E30 1D060355
    1D0E0416 041428FE EB3910B7 A1D3741F 86BCD596 CEDF758D F11E300D 06092A86
    4886F70D 01010405 00038181 006BBF7A 430905F6 D5B27B0D 96315504 87816DAA
    B5EA86D9 6E9A1D58 7B328C88 A6A358D0 00D035A9 8CDDEC41 15AF0108 F5CB1072
    B0485D7D CFC0D0CB 71E9B153 FB7B8B40 40C157E4 B254D01C 890D615F D8395545
    F0B47E0B 57341EB2 C0CE0039 DC18EAD6 078986F0 A5A5D04F D5041DB6 23CAA002
    4901248C 95B61A0B 3ED5B26A EF
        quit
  license udi pid CISCO2901/K9 sn FCZ1526C3JL
  object-group service Outside-Reply
  icmp echo-reply
  username admin privilege 15 secret 5
  redundancy
  ip finger
  ip tcp synwait-time 10
  ip ssh time-out 60
  ip ssh authentication-retries 2
  class-map type inspect match-any Deny_ALL
  match access-group name dwdwd
  class-map type inspect match-any Inside-Outside
  match protocol http
  match protocol https
  match protocol dns
  class-map type inspect match-any ICMP_RQST
  match protocol icmp
  policy-map type inspect Inside-Outside
  class type inspect Inside-Outside
    inspect
  class class-default
    drop
  policy-map type inspect Self_to_Outside
  class type inspect ICMP_RQST
    inspect
  class class-default
    drop
  policy-map type inspect Outside_to_Self
  class type inspect Deny_ALL
    pass log
  class class-default
    drop
  zone security IN
  zone security OUT
  zone-pair security Self_to_Outside source self destination OUT
  service-policy type inspect Self_to_Outside
  zone-pair security Outside_to_Self source OUT destination self
  service-policy type inspect Outside_to_Self
  zone-pair security Inside-Outside source IN destination OUT
  service-policy type inspect Inside-Outside
  interface GigabitEthernet0/0
  ip address 101.101.100.245 255.255.255.0
  ip mask-reply
  ip directed-broadcast
  ip flow ingress
  duplex auto
  speed auto
  interface GigabitEthernet0/1
  description $FW_INSIDE$
  ip address 49.31.152.80 255.255.255.248
  ip mask-reply
  ip directed-broadcast
  ip flow ingress
  zone-member security IN
  duplex auto
  speed auto
  interface Serial0/0/0
  no ip address
  ip mask-reply
  ip directed-broadcast
  ip flow ingress
  encapsulation frame-relay IETF
  no fair-queue
  frame-relay lmi-type q933a
  interface Serial0/0/0.16 point-to-point
  description $FW_OUTSIDE$
  ip address 172.17.18.122 255.255.255.252
  ip mask-reply
  ip directed-broadcast
  ip flow ingress
  ip verify unicast reverse-path
  zone-member security OUT
  frame-relay interface-dlci 16  
  interface Serial0/0/1
  no ip address
  ip mask-reply
  ip directed-broadcast
  ip flow ingress
  shutdown
  clock rate 2000000
  ip forward-protocol nd
  ip http server
  ip http access-class 2
  ip http authentication local
  ip http secure-server
  ip route 0.0.0.0 0.0.0.0 Serial0/0/0.16
  ip identd
  ip access-list extended ICMP
  remark CCP_ACL Category=128
  permit ip any any
  ip access-list extended deeef
  remark CCP_ACL Category=128
  permit ip any any
  ip access-list extended dwdwd
  remark CCP_ACL Category=1
  permit object-group Outside-Reply any any
  access-list 1 remark CCP_ACL Category=1
  access-list 1 permit 196.219.234.77
  access-list 2 remark Auto generated by SDM Management Access feature
  access-list 2 remark CCP_ACL Category=1
  access-list 2 permit 101.101.100.0 0.0.0.255
  access-list 2 permit 10.20.10.0 0.0.1.255
  no cdp run
  control-plane
  line con 0
  login local
  transport output telnet
  line aux 0
  login local
  transport output telnet
  line vty 0 4
  login local
  transport input all
  line vty 5 15
  login local
  transport input all
  scheduler allocate 20000 1000
  end

• How to give write permissions to any file in mac os x 10.8.3

  How can we give write access to the file in mac os x 10.8.3.It is not allowing to login as root user also.Can any one please help me in this.I think in mac os x 10.8.3 security update only bloocked this root access.We can give permissions to anyfile upto mac os x 10.8.2.How can we edit any system files?

  Download TextWrangler from BareBones' website, not the Mac App Store. It will allow you to edit system files by authenticating. The Mac App store version doesn't have that capability.
  You could also edit them in the Terminal with pico, nano, emacs (perhaps more). TextWrangler is much easier to use, though.

• Have Windows 8.1 and have tried all fixes suggested on her but still can't get it to ask if I want passwords saved. These are sites that do permit it.Any ideas?

  I have one computer with Windows 7 and an older version of Firefox, not sure exactly which one. I have never had a problem with saving passwords on it. I now have a new computer with Windows 8.1 and the latest version of Firefox, installed 5.29.14, and it is only randomly saving passwords. All the sites I've tried are ones that permit this, and I was able to save them on Explorer. I've checked my settings and save password is enabled--it seems Firefox is being selective about what it will save passwords for. Is this something new or is there a way to change it so it the box will always pop up asking me to if I want to save a password? Thanks for any help!

  I appreciate your help but I am not a very expert computer user. I have checked that I am permitting passwords to be saved and it does work on some sites. I don't know how to do the first two things you mentioned
  "You can toggle the signon.overrideAutocomplete pref to true on the about:config page.
  You can remove autocomplete=off with a bookmarklet to make Firefox store form data like names and passwords. "
  I found a bookmarklet on the page above but I don't know how one applies them.
  What baffles me is why I've never experienced this issue with Windows 7 and the version of Firefox I am using on it. It works just fine on the Aetna site and all the others I'm having this problem wit Do you think it may be a Windows 8.1 issue? Or something with the new version of Firefox? As I said, I've got Win7 and an older version of Firefox that I use with it. I'm reluctant to update to a newer version of Firefox on my old computer in case that is the problem.
  Thanks very much for your help and any other suggestions are very much appreciated.

• Is there *any* way to ping MIDlet using default SMS/call (j2me)

  Hi,
  I'm writing a server style MIDlet which is polling a bluetooth device, the nature of the server is such that the phone running the MIDlet (in my case, a Motorola L6) is dedicated, it needs do nothing other than run the server, it is assumed it will not be used for anything else. Specifically the only phone calls or SMS messages it receives should be specific ping requests to server. The server will run 24/7, and should be resistant to being suspended by incoming calls (I've noted this could be a problem in itself).
  All I really want is for a 3rd party, without any special client software, to be able to ping the server (prompt it) to dispatch a set of text data to a pre-defined phone number via SMS (using WMA TextMessage).
  Basically someone should be able to set up the server, and then, with any phone (with no specific client MIDlet installed), be able to call or SMS the server and get a response posted back (to a fixed number, not necessarily to originating phone number).
  Does anyone know any way, no matter how hacky (needn't be pretty), to achieve this? You cannot receive SMS notifications on default port. An incoming call will call pauseApp which I could use - but not resume it, so server remains suspended. There are ways around having app suspended on receipt of call/SMS, but they involve never receiving the pauseApp notification, so I'm back to square one. I've wondered if I could check the free disk space on the MIDP profile (somehow) to 'detect' when it reduces in size, thus suggesting an SMS must have come in. Can a user send an SMS to a specific port with standard SMS-send interface (certainly can't see how myself, as no ':' character available). Can you hack the phone to re-route incoming SMS messages to something other than the default port?
  Is there a specific phone that might do this (I just need a phone supporting j2me bluetooth API, needn't be motorola L6)?.
  I think this can be done with Symbian (of which I know very little), and ultimately I might need to start programming with that, but I'd really prefer to continue using j2me..
  Any ideas would be greatly appreciated, I've spent a fair bit of time trolling for answers with only limited success.
  Cheers
  Edited by: bbloff on Oct 10, 2007 8:50 PM

  The tunnel default gateway is needed to let the internal firewall and router handle the routing for all decrypted IPsec packets. Today, after a Cisco IOS? EasyVPN Client connects to a Cisco IOS EasyVPN Server, there is no simple way for the client to send the tunnel traffic to the internal corporate network (other than to have the entire routing table on the IPsec gateway). In this type of implementation, the Cisco IOS routers use the default gateway to route all packets toward the Internet that do not have a more specific route. The tunnel default gateway gives customers the flexibility to control how they handle IPsec tunneled traffic

• HT4736 Taking too long (2 minutes) to locate and download photos into Photo '11 9.5 (902.7 build running on an older Intel based MacBook Pro with iPhoto libraries on a USB2 External HD).  I checked and repaired HD permissions. Any ideas?

  Regarding iPhoto '11 9.5 (902.7 build running on an older Intel based MacBook Pro with iPhoto libraries on a USB2 External HD).  I am dealing with iPhoto taking too long to download photos.  Specifically, I rechecked and repaired HD permissions. I am running the most current software my five year old Intel MacBook Pro can run.   What happens is that when I connect an external SD card, or my iPhone, the new version of iPhoto takes up to two full minutes to fully acknowledge the device. Then locate new photos and be ready to download them to my external HD.  I am kind of concerned about this.  This has never happened before. 
  I take 20,000 photos a year.  I really don't want to lose any.  Or is there something I am doing wrong?  Or need to be aware of?  Any experienced suggestions would be appreciated.  Thanks.  Have a great day.
  PS.... The cameras I use are Canon SX-30, Nikon D3100, and my iPhone 4S.  Thanks again for your assistance.

  Hello Old Toad.... Those sound like great ideas. 
  I thought I checked and repaired disk permissions on my main boot HD.  That boot disk is Mac OS Extended (Journaled)  Capacity 749.3 GB.  Available 562.53 GB.   BUT.... now that I think of it.... the Seagate external HD with USB2 interface is: Mac OS Extended (Journaled), Capacity 639.79 GB, Available 36.2 GB with my latest iPhoto Library 517.37 GB that was already scanned & updated to be read by the latest iPhoto version. 
  I'll try your suggestions tonight as far as double checking 'permissions' and setting up a tiny test library.
  Or maybe it's time to fill up another External HD?
  I appreciate your and anyone else's suggestions to try.
  Have a great day. ~~ David in Rochester NY

• Don't have correct permissions to any drive other than the boot drive

  I installed SL, and when it came time to enter in the user name, it said the name was already taken xxxx and so I entered yyyy. As an example.
  Now User yyyy has Read / Write permissions for everything on Drive 1, the boot drive, but ALL of the other hard drives have xxxx as having Read / Write permissions, and not for my new account yyyy. So everytime I need to write a file to a hard drive, I have to fix permission for the folder the file resides in. This is getting old fast.
  How can I change all my drives, folders, files, etc, etc to have yyyy permissions added without doing them 1 at a time?

  what kind of backups? manual ones? then it's ok to do the following
  select a drive and enter command+i. in the resulting popup, unlock the lock at the bottom, change the permissions as you want, then click on the "gears" action button at the bottom and select "apply to enclosed items".
  However, let me stress here that you should NEVER EVER use "apply to enclosed items" on ANY system created folders, system drives or TM drives. that includes btw things like your home folder, your desktop folder etc. use it ONLY on folders you made yourself. using it on a system drive will have catastrophic results. using it on any system created folder will likely have highly unpleasant ones because such folders often have invisible ACLs and using this button will propagate them inside.

• Permz - Quickly change file permissions in any file manager

  Designed to be integrated into any file manager, permz is a bash script which presents a GUI menu.  You can use it to quickly change file permissions and ownership as a normal user or as root, and delete files as root.  I wrote this because I have yet to see a file manager that isn't cumbersome for this - the mechanism is usually buried on a second tab of the Properties window, and changing permissions often involves multiple clicks in a grid. To change the owner of a file, you need to type the username. And if the file is owned by root, you can't do anything.
  permz --help
  Presents a GUI menu for changing file permissions/ownership. May be run
  as a normal user or root.
  Requires: zenity gksu
  Optional: sudo (recommended to prevent multiple root password prompts)
  Usage: permz FILE [...]
  MENU FUNCTIONS:
  rwxrwxrwx Sets file(s) to given permissions
  Sticky Clear/Set Performs "chmod -t" or +t to clear or set the sticky
  bit. You may select to clear/set sticky in addition
  to changing other permissions.
  Recursive go-rxw "chmod -R go-rxw" on file(s) recursively, denying
  access to non-owners
  Recursive go-w "chmod -R go-w" on file(s) recursively, denying write
  to non-owners
  Recursive ugo+rX "chmod -R ugo+rX" giving read access to all. Also
  sets +x for directories and executables.
  Recursive ugo+w "chmod -R ugo+w" on file(s), giving write to all
  (You may select several compatible recursive functions above at once)
  Owner USER As ROOT Sets ownership to USER:USER as root
  DELETE As ROOT Deletes file(s) as root. Must be used alone or with
  "Perform Recursively" (to delete directories - USE
  WITH CAUTION). Not available if permz is run as root.
  Perform As ROOT Run as root to change selected permissions.
  (Use of root is automatic when changing ownership)
  Perform Recursively Adds -R to all chmod, chown, and delete commands to
  descend into subdirectories. Use in conjunction with
  any other functions. (Recursion is automatic for
  "Recursive" functions above)
  Current su command is set to: gksu -gS
  If you're somewhat familiar with bash, adding additional options or changing the existing ones is straightforward.
  I have tested it pretty thoroughly but if you do encounter anything amiss please let me know.
  More details at http://igurublog.wordpress.com/downloads/script-permz/
  And in the AUR at http://aur.archlinux.org/packages.php?ID=36978
  Instructions for integrating permz into PCManFM-Mod are here.
  Last edited by IgnorantGuru (2010-05-05 13:53:08)

  rransom wrote:Recursive ugo+rX would be more useful than "Recursive ugo+r (dirs +x)".  (The +X feature of chmod is available at least in GNU coreutils, FreeBSD, and POSIX 2003.)
  Done - thanks for the tip.  I also left the old code active in there with just the menu option disabled, so if anyone wants it the other way or wants both it's easy to enable.  The difference is that the old way won't make any files +x, just dirs.
  permz doesn't provide every possible setting of permissions, just common ones, so you may want to customize it.  But I used to have these as user actions when I used Krusader and I found these were the handy ones, at least for me.

• Does iPhone have any apps for ping'ing like Blackberries?

  I have an ordinary LG cell phone which i can hardly wait for the contract to expire. Furthermore, I hate blackberry phones. I want an iPhone to be my next phone. However, is there any apps that work like blackberries ping'ing each other? I the blackberry world, this is instantaneous messaging --->as opposed to regular texting whereby a text can take up to twenty minutes for the recipient to get a text sent from, say, my lousy LG cell phone.

  email is only as good and as fast as the ISP available and texting is only as good as one's cell phone carrier. BB's, I must admit, are amazingly fast like a bzillionth of a second with like zero delay, .... UNLIKE email or texting. When i text my wife from my LG cell phone to her identical LG cell phone using Telus mobility, there can be as much as twenty minutes until the text is delivered (i sht you not, ....as we tested it on several occasions the time it took for a text to go from one phone to another and we were sitting right beside each other). BB's don't have any delay.... none/zero/goose-eagg/nada.

• Will repairing Permissions disrupt any currently running services.

  I have a server that is set up running DNS, Open Directory, and Software Update services. It is the latest update, 10.5.8. I just wanted to know if anyone knows if running a permissions repair will disrupt any of these services.
  Thanks

  it won't interrupt these services
  we run permissions repair on live machines all the time.. no problems.