Setting the permissions to the personal folder in KM

Similar Messages

• Disc Utility always set wrong permissions of the startup disc

  The permissions of the startup disc should be "drwxrwxr-t 39 root admin", right?
  But everytime I repair my permissions with disc utility I get the (german) message:
  Benutzer unterscheidet sich für ., Soll-Wert: 501, Ist-Wert: 0
  Die Gruppe unterscheidet sich für ., Soll-Wert: 501, Ist-Wert: 80.
  Die Zugriffsrechte unterscheiden sich für ., Soll-Wert: drwxr-xr-x , Ist-Wert: drwxrwxr-t .
  And the permissions of the startup disc are set to:
  drwxr-xr-x 39 Nomis101 Nomis101
  (I've read that out with "$ ls -ld /")
  Than I "repair" the permissions with "$ chmod 1775 /". And next time I use disc utility I have the same again.
  I've repaired the permissions in single user mode, I've booted from the install DVD and reseted my ACLs, I've removed my ACLs. But nothing seems to help.
  Sometimes I also have the issue that I cannot move any file on my desktop anymore or that I have suddenly no write permissions in the folder /Volumes/Macintosh HD
  I suspect MacPorts 1.7 or Mercurial as the malefactor, because the issues accumulate after I've done something with MacPorts (or Mercurial). But I'am not sure with that.

  {quote:title=V.K. wrote in another thread...:}If I'm not mistaken you told me once a while ago how to modify permissions database which seems to be required there.{quote}
  Hmm, that's actually a bit of a tough one - Sorry, but I think it's beyond me.
  My understanding of the permissions database consists of only what I have been able to piece together from tinkering, and while I have been able to edit individual entries and have "repair permissions" behave as expected with the edits, "/" is a bit different.
  Basically, every time something is installed that results in an update to the permissions database, entries are added, i.e. the entry for a file isn't edited but rather a whole new entry is added. That applies to a given file in the update, as well as every folder on the path to that file. Since installations are pretty much all rooted in "/", that means a new entry for "/" is created every time any installer updates the receipt database, and other things may add entries as well -- I have 88 entries for "/" in there on my system. This does't display all of the entries, but a slightly more user-friendly way is to view most of them is to use:<pre>
  pkgutil --file-info /</pre>
  I haven't dug that deeply, but I don't know what determines which entry will be used during the actual permissions verification / repair operation (it's been a while but I seem to recall that it wasn't as simple a matter as "most recent", for example), so figuring out which one to edit might be a challenge.
  And there are cases like "/" where there are entries in the database, but as you pointed out, that seem to be ignored when repairing of verifying permissions, and I have no idea what flags the system to ignore those.
  Interestingly, of the 88 entries on my system, 83 call for "1775" permissions, but 5 of them (mostly "Safari" updates but also the "BaseSystem" package) actually say the permissions should be "1755"...
  I think for the OP, the bigger issue is trying to figure out (and stopping) whatever it is that keeps wrecking security by changing the ownership to the user...

• DPM 2012 R2 UR4 - DPM could not set security permissions on the replica or recovery point volume that was created.

  Hi All,
  I am running a fresh install of SCDPM 2012 R2 with a protection group that is backing up the 'C:\', Bare Metal and System State of some VMs. If i add any additional servers to the group since the first creation it returns the following error: 
  Modify protection group: System State & Bare Metal Recovery failed:
  Error 419: DPM could not set security permissions on the replica or recovery point volume that was created.
  Error details: The process cannot access the file because it is being used by another process
  Recommended action: Review the error details, take appropriate action and retry the operation.
  If i re-create the whole protection group it works fine.
  Could any one advise any further diagnostics I can do to try and locate the reason behind not being able to modify the group after the first creation? I can add new servers to other PGs without any issues.
  Thanks in advance,
  Dan

  If you are protecting any of the system state/BMR protection. Can you stop protection by deleting the older recovery points and then recreate the protection group.
  This thread mentions this to be a hardware issue, albeit with less information on what exact hardware issue:
  https://social.technet.microsoft.com/Forums/en-US/480679c2-1079-4847-ab38-5cc8f454ef86/error-419-dpm-could-not-set-security-permissions-on-the-replica-or-recovery-point-volume-that-was?forum=dataprotectionmanager
  Regards, Trinadh [MSFT] This posting is provided AS IS with no warranties, and confers no rights. If you found the reply helpful, please MARK IT AS ANSWER. Looking for source of information for DPM? http://blogs.technet.com/b/dpm/ http://technet.microsoft.com/en-in/library/hh758173.aspx

• Setting up permissions on the file server

  I am attempting to set up a file server with the OS X Server that came with my mac mini.
  I need to be able to set up permissions for 4 different users to be able to read and write, however with no permission to delete.
  I went to the MacMini section (on the left hand corner of the server app), then storage, and from there set up custom permissions
  I added the four users as a group.
  When I added the group to have access to the needed file, I clicked on the drop downs.
  I allowed all permissions for inheritance and reading. I selected all permissions for writting except for "delete" and "Delete subfolders and files"
  This give me a "-" sign next to write versus the check symbol (like it was shown for Read and Inheritance)
  After I set this up... I went to one of the users to test it out, it would not allow me to drop a file on the server or delete anything.
  How do I get this to work the way I want it!?!

  You can not do this with a single ACE.  Or at least I've never been able to.  This shoud resolve.
  Please make sure you test this however.  Remember that trying to overwrite is a delete and then a write.  So if you deny delete, then you can not replace a file or folder with one of the same name.  Also, renaming a file is also a delete.  You will not be able to rename.  Make sure you test this before putting into production to ensure you are getting the behavior you want.
  You have a share point named Archive.  You have a group called Archive_Users.  The Archive_Users are allowed to read and write but NOT delete data in the Archive.  Do do this, follow these steps:
  1:  Create a group called Archive_Users and place your users into the group.
  2:  Define your share point in File Sharing.
  3:  Edit to share point to add the group.  Press the + button and start typing the group name.  When it appears, set the permission to Read Write.  You permission window should have 4 entries at this point.  The everyone, the group (likely staff), and the owner (likely the server admin).  Then the one you added.  The bottom three are POSIX, the final one is an ACE.
  4:  Now, you need to get your hands dirty and create a custom ACE.  Server.app does not allow you to use the Deny rules so break out Terminal.
  5:  I will assume the Archive folder is in this path /Shares/Archive.  First get a list of the folder's ACL using:
  ls -le /Shares/Archive
  It should like like the following:
  drwxr-xr-x+ 2 carbon  wheel   68 Feb 18 22:27 Archive
  0: user:_spotlight inherited allow list,search,file_inherit,directory_inherit
  1: group:archive_users allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextat tr,writeextattr,readsecurity,file_inherit,directory_inherit
  6:  Now you must add your deny rule.  Use the following command:
  chmod +a# 2 "group:archive_users deny delete,file_inherit,directory_inherit" /Shares/Archive
  The syntax here is to add (+a) an ACE at index 2 (# 2), an ACE for the group archive_users that states the group can no delete any file or folder and this is inherited all the way down.
  7:  If you have content in the folder already, be sure to propagate the permissions.
  8:  Test, test, test.
  Remember, the deny rules can have some odd effects.  As mentioned, I can think of the renaming and the overwrite as possible deterrents.
  A possible alternative is to not give everyone read write access to the Archive. It might be more sane to define two groups.  The first groups, Archive_admins, is a subset of users who are entrusted with moving data to archived status.  The second group, Archive_users, is the rest of the team and they have read only access, allowing them to pull data but not edit the archive.  This allows you to use two simple ACEs in Server.app:  Archive_admin = read/write and Archive_users = read.
  R-
  Apple Consultants Network
  Apple Professional Services
  Author "Mavericks Server – Foundation Services" :: Exclusively available in Apple's iBooks Store

• Can I set public permissions for the Training Catalog?

  We want to have all users be able to get into the Training Catalog and self enroll. We have over 7,000 employees with no distribution list for all people. How do I set permissions for all employees to see the training catalog and self enroll?

  Ah, support strikes again. The Training catalog is not, and cannot be set to publicly viewable. This permission setting is only available to objects in the Content Library.
  If you go to the Training Tab and then Training Catalog you will see an option to Set Permissions for the Training Catalog. Select that and you will be able to add any individual or group from the list on the left to the list on the right to give them view permissions. There will be no "Make Publicly Viewable" option.
  If an individual is not listed in the right hand list (or a member of a group on the right hand list), then they will get the Not Authorized message.

• Can anyone post an overview of the permissions of the server folder

  I saved the server data on an external drive.
  I accidently cut off the power source. All services had failures since then.
  So I thought I could repair it if I would just restore the whole system from the TM Backup from a time before the cut off.
  All services do work now except Mail, Profile Manager and Wiki.
  So I stopped Mail again, deleted all its data from the server folder(s) and restored it manually from TM.
  Now I have huge permission problems. How can I fix this? I don't know how the permissions should be? Can anyone tell me, please?!

  schwaijo wrote:
  Hello jschell,
  thank you for your answer.
  let me try to clarify question with a few more facts about that what i want to do.
  I saw a example where the .dll file wich should be uses has been made available with:
  System.loadLibrary("XTapi");<<and the methods that are used has been declared with:
  private native int initTapi();<< for exampleWhat i want to do is, to access the methods of tapi32.dll file of windows in the same way, but there is nowhere to find a documentation about this file.
  You have a JNI library and you are not the owner or at least you do not have the source code.
  The JNI methods in the dlls cannot be accessed via java in any other manner than what the java code of the library already does. That is because the C signature of the name depends on the java package and class names.
  As I noted you can find the methods of the dll. You could, with a LOT of work reverse engineer the dll.
  So,can anybody tell me weather there is a way in JNI to get more Informations about the methodes in that file?As I already said, there are OS specific tools that allow you to determine at least the name of the method. I suspect that is all the information that exists.

• Exported and later Imported .pst files retain the permissions from the original Mailbox.

  After migrating from Exchange 2003 to 2010 something strange happens when exporting folders to a .pst file and importing them in another mailbox.
  The acces right that are applied, are those from the original mailbox.
  I have been searching on the internet about this strange behaviour, but it seems our organization is the only one where is applies.
  Does anybody have any ideas what can be the cause?

  Hi,
  For example, userA was granted permissions to the Inbox folder of userB's mailbox. You exported userB's Inbox folder to PST file and then imported to userC's mailbox. After that, userA had permissions for Inbox folder in userC's mailbox as well. This is
  what you had encountered, is it right?
  Generally, permissions aren't preserved when you export folders to PST file, only the content itself is exported. I recommend you remove this mailbox folder permission using the Remove-MailboxFolderPermission command to check the result.
  Best regards,
  Belinda
  Belinda Ma
  TechNet Community Support

• When a win7 users accesses a file on the server the permissions on the file revert to read only.

  Hi there,
  Originally my enviroment was 100% Mac, but now we have merged with another company who are all PC users.
  The issue I'm having is when a Windows 7 client accesses a file on the Snow Leopard server the file becomes Read Only, and I have to manually propergate the permissions to fix it. This isn't an issue with XP users.
  So far this is only happening with Excel files.
  Is anyone else experiencing this issue?  Any help would be greatly appreciated.
  Cheers,
  J

  I'm having a similar issue as well.  Excel 2007 appears to be the culprit, but hard for me to say.  Running 10.6.8 here as well.

• Did 10.6.5 alter the permissions of the top level of the startup volume?

  Since applying the 10.6.5 update it seems that non-admin users have read/write access to the top level directory of the startup volume. That means that non-admin users can create items there.
  I am wondeing if this is a normal change for 10.6.5 or if something is weird with my system.
  We updated from 10.6.4 via Software Update. This machine has only ever had Snow Leopard installed on it.
  (Note that top level sub-folders such as Library and System do not appear to be affected by this)

  Are you referring to the ownership and privileges for the drive? If so then if they aren't set at the default it's because of something a user has done because the installer makes no such changes. You can return them to the default as follows;
  1. Select the drive and Press COMMAND-I to open the Get Info window.
  2. In the Ownership and Sharing section at the bottom is a checkbox labeled, "Ignore permissions on this volume." If the box is checked then click on the lock icon and authenticate. Uncheck the box.
  3. Open the Terminal application in the Utilities folder and enter the following command then press RETURN:
  sudo chown root:admin "/Volumes/Macintosh HD"
  You will be asked to enter your admin password which will not be echoed.
  If you now click onto the still open Get Info window you should now see the proper info:
  Owner=system with r/w privileges
  Group=admin with r/w privileges
  Everyone is read-only
  Click on the lock icon to prevent any changes. Close the window then quit the Terminal.

• To change automatically the permissions once the document's classification has been changed

  Hi,
  For example I have a document where its classification is Public (so all users can see) and it is changed to Restricted. Is there a way that when the classification property is changed in a document library, only the restricted users will have permission
  to access it please? I need to be done automatically NOT manually.
  Thanks

  Hi,
  Extending the solution of Gilles, you can consider the code as below for setting item level permission:
  using System;
  using System.Security.Permissions;
  using Microsoft.SharePoint;
  using Microsoft.SharePoint.Utilities;
  using Microsoft.SharePoint.Workflow;
  namespace ItemLevelSecurity.ItemSecurity
  /// <summary>
  /// List Item Events
  /// </summary>
  public class ItemSecurity : SPItemEventReceiver
  /// <summary>
  /// An item was added.
  /// </summary>
  public override void ItemAdded(SPItemEventProperties properties)
  SPSecurity.RunWithElevatedPrivileges(delegate()
  try
  using (SPSite oSPSite = new SPSite(properties.SiteId))
  using (SPWeb oSPWeb = oSPSite.OpenWeb(properties.RelativeWebUrl))
  //get the list item that was created
  SPListItem item = oSPWeb.Lists[properties.ListId].GetItemById(properties.ListItem.ID);
  //get the author user who created the item
  SPFieldUserValue valAuthor = new SPFieldUserValue(properties.Web, item["Created By"].ToString());
  SPUser oAuthor = valAuthor.User;
  //assign read permission to item author
  AssignPermissionsToItem(item,oAuthor,SPRoleType.Reader);
  //update the item
  item.Update();
  base.ItemAdded(properties);
  catch (Exception ex)
  properties.ErrorMessage = ex.Message;
  properties.Status = SPEventReceiverStatus.CancelWithError;
  properties.Cancel = true;
  public static void AssignPermissionsToItem(SPListItem item, SPPrincipal obj, SPRoleType roleType)
  if (!item.HasUniqueRoleAssignments)
  item.BreakRoleInheritance(false, true);
  SPRoleAssignment roleAssignment = new SPRoleAssignment(obj);
  SPRoleDefinition roleDefinition = item.Web.RoleDefinitions.GetByType(roleType);
  roleAssignment.RoleDefinitionBindings.Add(roleDefinition);
  item.RoleAssignments.Add(roleAssignment);
  Reference:
  https://social.technet.microsoft.com/Forums/en-US/c5b445c1-a6c9-44ca-8fc6-ec18aedc35f1/setting-item-level-access-rights-on-sharepoint-list-item-in-itemadding-event-handler?forum=sharepointdevelopment
  Best Regards,
  Eric
  Eric Tao
  TechNet Community Support

• Can I set new shared folders to inherit permissions from the parent folder?

  Am running file sharing on an OS 10.9.5 machine.  This is not an OS-X Server.
  9 users connect to this machine.  They create folders and store files on it.  All the users who connect are in a group which has read and write permissions on the volume in which they store files.  But when they create new folders, the permissions on the new folder is 755.  I have changed the umask to 002 and this works for users who might create a folder locally but does not work for network connected users.  All users are AFP and, if it matters, are on 10.8.5.  The OS versions are held back for good reason.
  Is there a way to enable Inherited Permissions for new network created folders on the standard client OS?
  If not, can I do so on the server OS?  I have several older OS-X Server machines where this is a possibility.
  (Sorry if this is a duplicate but most posts like this seem to concern locally created files and folders and not network shared folders.)

  It can be done more easily with OS X Server, but you can do it anyway if you're familiar with the shell. See the section headed "ACL MANIPULATION OPTIONS" in the chmod(1) man page.

• What are the correct permissions for the Home folder?

  Since buying my first mac (G4 iMac) I've since bought 2 other macs & transferred my home folder from the older computer each time. Since then I've messed around with the permissions of the Home folder a few times to try share files & folders between my Windows PCs. So the permissions of the Home folder on all computers could be messed up a little.
  I want to set up permissions how they should be set up as default.
  I created another user account with admin priveliges & it looks like the Home folder should be set up as follows:
  Owner: 'my name'
  Access: Read & Write
  Group: admin or 'my name'
  Access: Read only
  Others: Read only
  And the sub folders (Documents, Pictures etc.) should be set up as follows:
  Owner: 'my name'
  Access: Read & Write
  Group: admin or 'my name'
  Access: No access
  Others: No accesss
  Is this correct, & if so shall I just set permissions on my Home folder exactly the same as the new account I set up?
  Or is there some way of resetting permissions for the Home folder?
  (I know repairing permissions with Disk Utility doesn't do this).
  Power Mac G5 Dual 2.3, 2.5 GB RAM, 20 Cinema Display | MacBook Pro 2.0 15"   Mac OS X (10.4.6)  

  Mac OS X does not have a built-in way of doing this, but you can make one yourself. Open the Script Editor in the /Applications/AppleScript/ folder and enter the following:
  do shell script "chmod 755 ~"
  try
  do shell script "chmod 700 ~/Desktop"
  end try
  try
  do shell script "chmod 700 ~/Documents"
  end try
  try
  do shell script "chmod 700 ~/Library"
  end try
  try
  do shell script "chmod 700 ~/Music"
  end try
  try
  do shell script "chmod 700 ~/Pictures"
  end try
  try
  do shell script "chmod 755 ~/Public"
  end try
  try
  do shell script "chmod 755 ~/Sites"
  end try
  This script can be saved as an application, which makes it possible to fix the permissions on a home folder with two clicks. The try statements are included so that the script will run if a folder doesn't exist. If the ~ object is a symbolic link, the permissions on it may not be changed; you can use the code block
  tell application "Finder"
  set the_home to POSIX path of (home as alias)
  end tell
  do shell script ("chmod 755 " & the_home)
  in this case. The rest of the script works as before.
  (12450)

• Error DF024 stops Dreamweaver CC from installing - needs correct permissions to the spec. File/folder (Win7) How?

  Dreamweaver CC won't install past 82%. It says - Error DF024. Try Setting correct permissions to the specified file/folder or parent folder so that administrator has rights to modify it.(seq170) How do I do this in Windows7?

  Additionally you may also try installing in hidden admin account: http://www.howtogeek.com/howto/windows-vista/enable-the-hidden-administrator-account-on-wi ndows-vista/.
  Regards,
  Romit Sinha

• How do I restore the user to the home folder permissions?

  I just got an iMac from a friend and had changed the username and password for the administrator user.  Then I was going to change the home folder name.  I was looking at the info on the home folder (which at this point is still tied to the old user).  I inadvertantly removed the user from the permissions before adding the new username or even allowing all users to access the home folder.  Now I cannot access the home folder at all.  How do I restore the permissions to the home folder or add the user back to the allowed users with access to the home folder?

  dalefromdallas,
  First you should do a clean install of the computer, while your friend may have included apps, they do not belong to you unless your friend gave y ou the install media and license codes. Considering the machine is also running 10.9.2. this machine will be forever tied to his AppleID which exposes him financially. You should get the 10.6.X DVD from your friend (I'm assuming he upgrade from 10.6.x at some point) and do an erase and install, then update it to 10.6.8 then upgrade yourself to 10.9.2 Mavericks. Then you will have a clean system, otherwise you will be working with a pretty kludged system that will probably be trouble.

• Limiting User permissions to the user folder

  Hello, 
  So I have recently been placed in charge of a network.  The prior network administrator arranged the permissions so that users have access to the user folder on the server.  The issue comes in where unauthorized users can access other user's documents
  on their desktop or in the other user's My Documents.  I have tried changing the permissions so that users only have access to their own user folder, but so far any change to the permissions cuts the user off from their own desktop and documents.  
  Is their a way to limit users access so they only have access to their own user profile? 
  Any help would be appreciated.  
  Thanks

  Hi,
  Is the profile roaming profile are local profile. if roaming profile the fileserver Share folder should have the permission administrator full permission and user read permission
  In active directory user properties on the profile select \\servername\sharename\%username%
  This will resolve your problem
  Thanks
  Syed Abdul Kadar M.