Sticky bit, ACL, POSIX

Similar Messages

• UIS GID and sticky bit problem

  Not sure the best place to post this, could not find a forum that really matched what I am asking.
  My Chronosync is having problems with not being able to backup certain files. (cover.jpg)
  I seem to have traced it to files with what I think is a Sticky bit....but I thought a file with a sticky bit was shown with a t as in:
  -rwxrwxrwxt
  but the problem files are shown :
  -rwxrwxrwx@
  It is a file that I have moved from one user to another via the Drop box...so i know that causes issues with UID GID and Sticky bits etc
  How in terminal do i correct the file permissions to:
  -rwxrwxrwx
  OK I could just re download the file or copy it from the other user another way...but I am still interested in this "@" attached to the permission string and how to change it.
  have tried various combinations of chown and chmod but cant get any change...
  I have seen some references to it being a indicator to the OS that it is a file downloaded from the internet...but how to remove this ?
  sh-3.2# ls -l
  total 1986808
  -rwxrwxrwx@ 1 bonair staff 6148 3 May 13:45 .DS_Store
  -rwxrwxrwx 1 bonair staff 174187271 3 May 14:11 01 - Bastity Chelt.flac
  -rwxrwxrwx 1 bonair staff 144769872 3 May 14:11 02 - Jersey.flac
  -rwxrwxrwx 1 bonair staff 179664537 3 May 14:11 03 - The Football Match.flac
  -rwxrwxrwx 1 bonair staff 133005983 3 May 14:11 04 - America.flac
  -rwxrwxrwx 1 bonair staff 38122932 3 May 14:11 05 - Zits.flac
  -rwxrwxrwx 1 bonair staff 54626233 3 May 14:11 06 - Number Plates.flac
  -rwxrwxrwx 1 bonair staff 129378885 3 May 14:11 07 - The Bus Trip.flac
  -rwxrwxrwx 1 bonair staff 57536059 3 May 14:11 08 - Car Insurance.flac
  -rwxrwxrwx 1 bonair staff 104705018 3 May 14:11 09 - Magic Roundabout.flac
  -rwxrwxrwx@ 1 bonair staff 471848 3 May 12:04 cover copy.jpg
  -rwxrwxrwx@ 1 bonair staff 471848 3 May 12:04 cover.jpg
  sh-3.2#

  I already gave you the Unix command to tell you what the @ indicates
  ls -aleO@ # lowercase l, lowercase e, capital O, and at sign
  Why not use it?
  I also suggested what each extended attribute might be, but without output from the above ls -leO@ I can only guess.
  Here are the relevant parts of "man ls"
  -a Include directory entries whose names begin with a dot (.).
  -l (The lowercase letter ``ell''.) List in long format. (See
  below.) If the output is to a terminal, a total sum for all the
  file sizes is output on a line before the long listing.
  -e Print the Access Control List (ACL) associated with the file, if
  present. Also see "man chmod".
  -O Include the file flags in a long (-l) output.
  Also see "man chflags".
  -@ Display extended attribute keys and sizes.
  There is no man page for extended attributes, however, there is a minimal amount of usage information built into the command:
  xattr --help
  usage: xattr [-l] file [file ...]
  xattr -p [-l] attr_name file [file ...]
  xattr -w attr_name attr_value file [file ...]
  xattr -d attr_name file [file ...]
  The first form lists the names of all xattrs on the given file(s).
  The second form (-p) prints the value of the xattr attr_name.
  The third form (-w) sets the value of the xattr attr_name to attr_value.
  The fourth form (-d) deletes the xattr attr_name.
  options:
  -h: print this help
  -l: print long format (attr_name: attr_value)

• Setting the sticky bit on a file fails in a zone

  On initial inspection, the sticky bit on directories seem to be consistent across both the Global zone and local zone. However, they are inconsistent for files. Is this a bug, and if it is how to I raise a defect report?
  Excerpt from chmod man page:
  If a regular file is not executable and has {stick bit} set, the file is assumed to be a swap file. In this case, the system's page cache will not be used to hold the file's data. If the {stick bit} bit is set on any other file, the results are unspecified.
  Solaris 10 update 4 (Global Zone).
  # uname -a
  SunOS mumble.amtest.com 5.10 Generic_120011-14 sun4v sparc SUNW,Sun-Fire-T1000
  # chmod 1777 testfile
  # ls -l testfile
  -rwxrwxrwt 1 root other 0 Jul 11 14:24 testfile
  # chmod 1770 testfile
  # ls -l testfile
  -rwxrwx--T 1 root other 0 Jul 11 14:24 testfile
  # chmod 1000 testfile
  # ls -l testfile
  ---------T 1 root other 0 Jul 11 14:24 testfile
  Solaris 10 update 4 (Local Zone)
  # uname -a
  SunOS qatamos-z1 5.10 Generic_120011-14 sun4v sparc SUNW,Sun-Fire-T1000
  # chmod 1777 testfile
  # ls -l testfile
  -rwxrwxrwx 1 root other 10 Jul 10 14:59 testfile
  # chmod 1770 testfile
  # ls -l testfile
  -rwxrwx--- 1 root other 10 Jul 10 14:59 testfile
  # chmod 1000 testfile
  # ls -l testfile
  ---------- 1 root other 10 Jul 10 14:59 testfile

  It isn't the fact that the bit isn't set. I guess the biggest complaint is that there is no error when trying to set the bit.
  chmod returns success, even though it failed to set the bit.
  Normally, if someone does not have enough privileges to modify permissions on a file, an error is returned.

• Sticky Bit - Problem...

  Hello,
  I have one thing to ask, to clarify... Some weeks ago after a system migration from win/sql to linux/oracle (and after an oracle upgrade from 10.2.0.4 to 11.2.0.1), we faced an error during DB13, the job Scheduled Update Statistics finished with an error! After some research, we found the solution... the reason was the version of oracle instant client that was the version 10.2.0.2 (the first version of this OIC)!
  So after I performed the update of oracle instant client (OIC) to version 10.2.0.4 (V3) the error finally disappeared... and it was the solution, which in that moment I thought it had been responsible for this correction!... but now I'm not so sure! Why?! Because the same problem appear again on another system, I performed the same solution, I updated the oracle instant client to version 10.2.0.4 v3 but unfortunately the problem still continue appear! So what I concluded, was that is not the solution, I realized this is not only because of the old OIC version that is installed in our system... there is other problem which is related to permissions!
  Later I discovered that the STICKY BIT (?) had been applied before I have upgraded the oracle instant client... and in fact in this new system, after the solution of oracle client update the error still continued appear and in fact only after the application of sticky bit in this system the error definitely no longer appear!
  So my question is what is this?... what is Sticky Bit?
  I looked in SAP Marketplace if there were any related sapnotes to sticky bit but I didn´t found anything... this is some mandatory procedure?... if so, sap recommends the application of this where? in which situations?
  I don´t know exactly what is STICKY bit and what he do... but the truth is that from the moment I applied it, with command ./saproot.sh (with root) on /sapmnt/SID/exe, we resolve the other part of this problem... I tried to search sapnotes in SAP marketplace about this sticky bit but I didn´t find anything... Can you explain me better if sap advice to apply this sticky bit... and if it can origin any problem or if there are any conflict with other things when we applied it on system!??
  Kind regards,
  Joao Dimas - Portugal

  Now I think I understand the meaning and what is its functionality... but explain me another thing, the application of sticky bit with ./saproot.sh <SAPSID> changed other four files: brarchive; brbackup; brconnect and icmbnd  (this five files now have a red colour)...
  Yes, and they have an "s" instead of an "x" if you use ls -l.
  The same thing is true for those files. The br*tools must be run as the user running/owning the database software (oraadm during startsap.
  So, if this is so important to run (because if I didn´t ran this command the job throught DB13 can not runs) why there isn´t sap notes or sap documentation, discussing this issue and the need to apply the sticky bit to fix this problem?
  It's documented - but hidden:
  http://help.sap.com/saphelp_nw70ehp1/helpdata/en/43/3753c4b87b6025e10000000a422035/frameset.htm
  Markus

• Sticky bit in unsupported AUR packages

  Hello,
  In my ventures to provide a PKGBUILD for an app called gnump3d, I've come across something with the unsupported (only?) build script packages in AUR that can cause some problems.
  Here is an (one) example of such a package:
  $ wget --quiet aur.archlinux.org/packages/tomcat/tomcat.tar.gz
  $ tar tvzf tomcat.tar.gz
  drwxr-sr-x nobody/aur 0 2006-06-27 02:50:53 tomcat/
  -rw-r--r-- nobody/aur 938 2006-06-27 02:49:10 tomcat/PKGBUILD
  -rw-r--r-- nobody/aur 415 2005-06-16 20:11:45 tomcat/tomcat.conf.d
  -rwxr-xr-x nobody/aur 706 2005-06-16 20:11:12 tomcat/tomcat
  Notice the owner, group and the sticky bit on the directory. These permissions seem to be standard for the AUR build script packages.
  Now, if use aurbuild to build this package, I get this content in the package:
  drwxr-sr-x root/root 0 2006-08-08 01:48:05 etc/
  drwxr-sr-x root/root 0 2006-08-08 01:48:05 etc/rc.d/
  -rwxr-xr-x root/root 706 2006-08-08 01:48:05 etc/rc.d/tomcat
  drwxr-sr-x root/root 0 2006-08-08 01:48:05 etc/conf.d/
  -rw-r--r-- root/root 415 2006-08-08 01:48:05 etc/conf.d/tomcat
  <SNIP>
  I'm pretty sure that these sticky bits weren't intended. If I build the package with yaourt, which uses srcpac as a backend, things get more troublesome:
  drwxr-sr-x root/549 0 2006-08-08 02:03:00 etc/
  drwxr-sr-x root/549 0 2006-08-08 02:03:00 etc/rc.d/
  -rwxr-xr-x root/549 706 2006-08-08 02:03:00 etc/rc.d/tomcat
  drwxr-sr-x root/549 0 2006-08-08 02:03:00 etc/conf.d/
  -rw-r--r-- root/549 415 2006-08-08 02:03:00 etc/conf.d/tomcat
  <SNIP>
  549 ought to be the group id of aur in the AUR repository.
  Careless usage of makepkg can also make this happen. Not building as root, but in a fakeroot environment, seems to prevent it from happen.
  From what I can see, the erroneous permissions are created when the install command is used in the PKGBUILD script, within the newly unpacked build script package.
  This is certainly not meant to bash the authors of aurbuild or yaourt (or tomcat; many PKGBUILDs use install, mine included), I just wanted to raise the issue. Can something be done about this? Don't know where, though. Removing the sticky bit on the directory in the build script package would be one solution. Or maybe makepkg could warn about erroneous permissions. Or... Or something? Is it a bug or a feature?
  Cheers

  Ok fixed aurbuild. Now it extracts the tarball from AUR into /tmp then copies it into the build dir which inherets the modes and owenership of the parent directory there (being $HOME), I'm pretty sure this is how tar does it.
  As pointed out above this setgid issue only occurred during root user builds.
  More info:
  -v1.5.1 (August 8, 2006)
  *Fixed inhereted setgid bit in the built the package resulting from AUR's set mode of the parent directory in the tarball.
  The unwanted inhereted bit occured only under the following circumstances:
  - user was root.
  - a 'install -m' line was excuted in the PKGBUILD without explicitly setting the first pair of octets, ie 644 instead of 0644
  - Any other type of 'chmod' command without the first octet set.
  If you have built any packages meeting the criteria list above, rebuild and install offending packages now. Run the update command to get the list of all
  packages built from AUR. String them together in a space separated line to aurbuild and use the menu to see if any install/chmod lines were used. You can
  use (s) from the menu to skip the current package and move on to the next.

• Sticky bit and chattr

  I want to protect my folders in $HOME from an accidental deletion. I applied chattr +i on them but i noticed that the last is applied recursively, thus, indeed the folder can't be deleted but also i can't write in it.
  I also tried to apply a sticky bit with chmod 1775 and change the ownership of the folder with chown root foldername. Normally, with sticky bit enabled, only the owner of the folder can delete it but, strangely, in my case although the folder is owned by root, i can delete it with my normal user.
  I noticed that the users folders in /home partition, although they are owned by the current user and have rwx permissions for the owner, they can't be deleted/changed. How is this achieved?

  It would require sticky bit to be set to every subfolder in /home. sticky bit isn't applied recursively by default. If you're worried about deleting your own files by accident it seems to me a better solution would be a daily incremental backup using something like rdiff-backup.

• Sticky bit changes the value of the script parameter 0

  Hi,
  I have a simple shell script:
  #!/bin/sh
  echo $0It simply returns its own name.
  But when I set a sticky bit on this script, it returns
  /dev/fd/3
  Is it like it is supposed to be? What is the rationale behind such behavior?
  I use Solaris 8.
  Thanks,
  Yevgeny

  I have a simple shell script:
  #!/bin/sh
  echo $0It simply returns its own name.
  But when I set a sticky bit on this script, it
  returns
  /dev/fd/3s/sticky/setuid/
  or
  s/sticky/setgid/
  Is it like it is supposed to be?Yes
  What is the rationale behind such behavior?If fixes a race condition for setuid / setgid "#!" interpreter scripts.
  Without it, someone could replace the script file during the small
  window between the kernel's exec of the interpreter /bin/sh and
  the time the /bin/sh shell opens the script.
  The fix is to pass a reference to the already open script file using
  the /dev/fd/N pseudo filesystem.

• Sticky Bit permissions

  hi,
  What's exact use of Sticky Bit permissions in unix .if oracle user does not have that permission wt will happen.

  user1175505 wrote:
  hi,
  What's exact use of Sticky Bit permissions in unix .if oracle user does not have that permission wt will happen.Please ask your Linux questions in the Linux forum:
  Oracle Linux

• Another iAS6 SP4 ? - sticky bits on, 5 kjs's, yet all activity routes thru 1 kjs

  Although StickyLB set, check marks did not show thru admin tool. Once app server was bounced, all activity was balanced (viewed via OS threads) and StickyLB showed checked thru one instance of admin tool. Other such happenings elsewhere?

  Tom:
  What kind of application are you using, Servlet or JSP or else?
  Alex

• Probleme with sharing, acl and posix

  i have xserve and xraid on 10.5.6
  all datas are on xraid volume
  but all rules are ignored
  sharing is ok but acl & posix are ignored for all sharing in xraid volume but ok in internal HD
  in terminal
  sudo fsaclctl -a /Volumes/XRAID/
  return
  ProcessVolume: processing /Volumes/XRAID
  Access control lists are supported on /Volumes/XRAID.
  ProcessVolume: processing
  error (-1) from . (Unknown error: -1). Support for access control lists is unknown.
  ProcessVolume: processing
  error (-1) from . (Unknown error: -1). Support for access control lists is unknown.
  any idea??

  Hi Tony,
  I've already had a look at Gerrit's explanation and it certainly clears things up. The way it is currently configured does actually work (I did some testing with regard to the 4th user creating folders) due to the ACLs being inherited.
  Basically, everything is working as it is, but it's just a bit of a bodge job (I think) having people using the same log-in account (albeit different short names, creating a pseudo-group).
  If Finder Comments were editable by users with RW access, rather than only the file owner, it would all work delightfully. I'm really surprised that this issue hasn't been raised before, which is leading me to believe that something in the way our permissions are set up is causing the problem. I even tried giving explicit write permissions to the .DS_Store file, but it still doesn't allow people to write comments.
  I did read somewhere that someone reckons that people with RW permissions (and not the file owner) can write Finder comments. Can anyone verify/de-verify (is that a word?!) this?
  Thanks,
  Tom

• Can't get sticky load balancing to work

  I'm really puzzled why sticky LB is not working for a simple case I'm trying. I have two simple JSP's, both registered (see web.xml and ias-web.xml below). I'm using lite session and set distributable to false. Just in case someone can tell by just looking at my session id if it's supposed to be sticky or not, it looks like following -
  GXLiteSessionID-4818869464307751325
  My two JSP's are also attached below, and they're pretty simple. A new session is supposed to be created in login page and clicking on the logout page invalidates the session.
  What I see is that each request (whether login or logout) is randomly sent to any server. For example, if I go to login once, further request to login or logout (whether through refresh or by clicking on the link) is not necessarily sent to the same server.
  Any idea what's missing in my setup? I've tried different types of load balancing (round robin, etc.) so I know that's not it.
  Thanks a lot in advance.
  Jitu
  -----web.xml-------
  <?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN' 'http://java.sun.com/j2ee/dtds/web-app_2_2.dtd'>
  <web-app>
  <display-name>WebDesk</display-name>
  <distributable>false</distributable>
  <servlet>
  <servlet-name>TestLogin.jsp</servlet-name>
  <jsp-file>TestLogin.jsp</jsp-file>
  </servlet>
  <servlet-mapping>
  <servlet-name>TestLogin.jsp</servlet-name>
  <url-pattern>TestLogin.jsp</url-pattern>
  </servlet-mapping>
  <servlet>
  <servlet-name>TestLogout.jsp</servlet-name>
  <jsp-file>TestLogout.jsp</jsp-file>
  </servlet>
  <servlet-mapping>
  <servlet-name>TestLogout.jsp</servlet-name>
  <url-pattern>TestLogout.jsp</url-pattern>
  </servlet-mapping>
  <login-config>
  <auth-method>BASIC</auth-method>
  <realm-name></realm-name>
  <form-login-config>
  <form-login-page></form-login-page>
  <form-error-page></form-error-page>
  </form-login-config>
  </login-config>
  </web-app>
  -----ias-web.xml------
  <?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE ias-web-app PUBLIC '-//Sun Microsystems, Inc.//DTD iAS Web Application 1.0//EN' 'http://developer.iplanet.com/appserver/dtds/IASWebApp_1_0.dtd'>
  <ias-web-app>
  <servlet>
  <servlet-name>TestLogin.jsp</servlet-name>
  <guid>{A6D6B277-288D-1C22-C3CA-0800209A2F7C}</guid>
  <servlet-info>
  <sticky>true</sticky>
  <sticky-lb>true</sticky-lb>
  </servlet-info>
  </servlet>
  <servlet>
  <servlet-name>TestLogout.jsp</servlet-name>
  <guid>{B88B7D19-28B9-1C22-EE63-0800209A2F7C}</guid>
  <servlet-info>
  <sticky>true</sticky>
  <sticky-lb>true</sticky-lb>
  </servlet-info>
  </servlet>
  <session-info>
  <impl>lite</impl>
  <timeout-type>last-access</timeout-type>
  <timeout>60</timeout>
  <secure>false</secure>
  <domain></domain>
  <path>/</path>
  <scope></scope>
  </session-info>
  </ias-web-app>
  -----TestLogin.jsp-------
  <%
       java.util.Date date = new java.util.Date();
       HttpSession sess = request.getSession(true);
       System.out.println(date + ":TestLogin.jsp: sessionid = " + sess.getId() + ", new = " + sess.isNew());
  %>
  <HTML>
  <HEAD>
  <TITLE>TestLogin</TITLE>
  </HEAD>
  <BODY BGCOLOR="#FFFFFF" topmargin=0 leftmargin=0 marginwidth=0 marginheight=0>
  <p>
  You are now logged in.<br>
  <br>
  TestLogin.jsp: sessionid = <%=sess.getId()%>, new = <%=sess.isNew()%><br>
  <br>
  Click here to logout.
  </BODY>
  </HTML>
  ----TestLogout.jsp-------
  <%
       java.util.Date date = new java.util.Date();
       HttpSession sess = request.getSession(true);
       System.out.println(date + ":TestLogout.jsp: sessionid = " + sess.getId() + ", new = " + sess.isNew());
  %>
  <HTML>
  <HEAD>
  <TITLE>TestLogout</TITLE>
  </HEAD>
  <BODY BGCOLOR="#FFFFFF" topmargin=0 leftmargin=0 marginwidth=0 marginheight=0>
  <p>
  TestLogout.jsp: sessionid = <%=sess.getId()%>, new = <%=sess.isNew()%><br>
  <br>
  <%
  sess.invalidate();
  %>
  You are now logged out.<br>
  <br>
  Click here to login.
  </BODY>
  </HTML>

  Hi,
  I think it's best to wait for sometime and check the behaviour of sticky load balancing for sometime, the reason being one or more of the following...
  - Although sticky feature ensures that the component is run at a single server, when combined with load balancing and under heavy user loads, the load balancing takes place.
  - If we rule out the previous case, then, the load balancing mechanism, especially, per component based or per server based, sends request by round robin technique initally(around 128 times or so) and then calculates the effeciency of the response time and then follows the per server based or per component based.
  - Meanwhile please ensure that, you have enabled the Sticky LB option under Application using iASAT and please wait for sometime sending requests(probably 130 times) after which it's good to check the mechanism of the sticky bit technique. If it doesn't behaves as it has to then, please let me know and I can help you further on this.
  Regards
  RG

• Need help to debug the ACL

  Hi Folks,
  I am trying to implement an Access Control List. While I can successfully access the network service as sys user, but not as the test1 user.
  I was wondering, if somebody might be able to take a look at my code and point out my mistake.
  DB Version: *11.2.0.1.0*
  Platform: Windows 7 (64 bit)
  ACL Creation Code:
  # Create a user
  CREATE USER test1 IDENTIFIED BY xxxxxx;
  GRANT CONNECT TO test1;
  # Create the ACL
  BEGIN
    dbms_network_acl_admin.create_acl (
      acl                  => 'test_acl_file.xml',
      description          => 'A test of the ACL functionality',
      principal            => 'TEST1',
      is_grant             => TRUE,
      PRIVILEGE      => 'connect',
      start_date           => SYSTIMESTAMP,
      end_date        => NULL);
    COMMIT;
  END;
  BEGIN
    dbms_network_acl_admin.assign_acl (
      acl       => 'test_acl_file.xml',
      host      => 'dbaexpert.com',
      lower_port  => NULL,
      upper_port  => NULL); 
  END;
  Test Results:
  User: sys
  SELECT utl_http.request('http://www.dbaexpert.com')
  from DUAL;
  Output:
  UTL_HTTP.REQUEST('HTTP://WWW.DBAEXPERT.COM')                                                                                                                                                                                                   --------------------------------------------------------------------------------------
  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  <html xmlns="http://www.w3.org/1999/xhtml"><head>                                                                                                                                                                                                                                                                       ......
  </head>
  User: test1
  Executing the above statement as "test1" user
  Output:
  Error starting at line 1 in command:
  SELECT utl_http.request('http://www.dbaexpert.com')
  from DUAL
  Error report:
  SQL Error: ORA-29273: HTTP request failed
  ORA-06512: at "SYS.UTL_HTTP", line 1722
  ORA-24247: network access denied by access control list (ACL)
  ORA-06512: at line 1
  29273. 00000 -  "HTTP request failed"
  *Cause:    The UTL_HTTP package failed to execute the HTTP request.
  *Action:   Use get_detailed_sqlerrm to check the detailed error message.
             Fix the error and retry the HTTP request.                                                      
  Sanity Check:
  select ACL,
         PRINCIPAL,
         privilege,
         IS_GRANT
  from DBA_NETWORK_ACL_PRIVILEGES;
  Output:
  ACL||','||PRINCIPAL||','||PRIVILEGE||','||IS_GRANT 
  /sys/acls/test_acl_file.xml,TEST1,connect,true                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Thanks in advance
  rogers42

  Do you use a proxy to connect to the external http server ? If so, you will also need to add the proxy to the ACL
  UTL_HTTP.REQUEST Fails with ORA-24247 Even if the Called HTTP Server is Associated to the ACL [ID 972052.1]
  Understanding DBMS_NETWORK_ACL_ADMIN With Example [ID 1080105.1]
  HTH
  Srini

• Propagate ACLs

  Hi all,
  I have a client who is running OS X Server 10.4.9 and has an odd problem with ACLs not fully propagating. We enabled ACLs on the server, rebooted and went about setting ACL permissions on the root of a share point. When propagating, it stopped at about halfway though it seems; meaning that the ACLs show up fine in the "Access" tab and are working on half the folders, but not the other half. There doesn't seem to be anything particularly different about the folder it stops at either.
  Hope someone can shed some light on this, thanks!

  Depending on what permissions were set before, we used to have problems with propagating NON-ACL (POSIX) permissions (Panther, Tiger) from WGM.
  This was probably because the user/admin that was logged in in WGM didn't have the permissions to alter all files/folders from their current settings.
  I can't say I have encountered the same problem with ACLs.
  If the volume is set to use ACLs (inherited permissions dimmed) I guess you should perhaps first check the volume with a disk tool. You then might have to use CLI tools: chown, chgrp, chmod to set ACLs. I haven't used those myself for setting ACLs since it seems a pain compared to using the WGM. For setting POSIX permission the CLI tools are relatively easy.
  Did yoy try changing only ACLs or ACLs and POSIX at the same time?
  Changing only ACLs should suffice (I don't bother with POSIX if not neccessary) for user rights as they are used before POSIX.

• The Phenom K9A2 Platinum Cold Boot Loop with Vista 64-Bit

  I've posted about this before and I think others have as well.  I will describe it again.
  You power up the machine, it POSTS successfully and starts loading Vista 64-Bit.  You get the green progress bar and see a bunch of disk activity.  The screen flickers for a second as the kernel kicks in.  Instead of a pointer you are greeted with "NO SIGNAL" and the machine POSTS again!
  I've seen this on 2 different K9A2 Platinum boards with 3 different CPUs: 9500, 9600, and now 9850BE.
  I did some debugging last night to isolate it but I don't have a complete answer, I do have some extremely interesting news to report.  I have Vista 64-bit on my Promise SAS drives in RAID-0.  I have XP 64-bit on an IDE drive on the PATA port.  When I experience the "cold boot loop"
  as described, I go into the BIOS and switch the primary boot to XP 64-bit.  I let the system boot, which is always does successfully.  Then I restart the computer and use the BIOS to boot off the Promise RAID.  Vista 64-bit always (in 7 out of 7 tries) boots the first time no problems
  if I first boot XP 64-bit then try booting Vista.  Furthermore if I use a tool like AMD Overdrive to push the CPU, voltage, or memory to a high enough speed to freeze the computer, I can cause the cold boot loop in 7 out of 7 attempts as well.  Once the cold boot loop begins, the computer rarely boots (if I leave it for ***HOURS*** sometimes it will boot into Vista, after 100 attempts or something).
  I'm not entirely sure what this means.  It sounds like there's a sticky bit somewhere, and who knows where, that is causing the issue.  I would think not in the CPU itself, although I guess that is possible, when I switched from the 9600 to the 9850BE and powered up, I was stuck in the cold boot loop so I think I can discount the CPU.  That really just leaves the BIOS in my opinion.  Anybody have any interesting comments
  about this?

  I experienced similar problems this weekend with my rig.
  I have two WD Raptor drives, 150GB on the promise controller and SATA DVD on SB600. If I started Vista, it would boot, show POST screen, then I would see the initial Windows green bar, but after a minute with lots of disk activity then the system would reboot.
  Next, I would then be promoted to start windows normally, or start with the last known good configuration, sometimes this worked, sometime it did not. This happended for a while, until I managed to install all of the optional and recommended Vista 64bit OS patches and an updated promise raid driver. 
  Once these were installed, my system had no boot problems at all, so I would make sure your promise driver is up to date and that all the Vista 64bit OS patches, updates etc are installed.

• How to set permissions like "For all users" with Sandbox

  Hello!
  Hello!
  I am using Sandbox for Mac OS X Leopard and I've got a question to you:
  How can I set up a folder to behave like the For all users folder in the users directory?
  Greetings

  Well, sandbox sets ACL's not posix permissions. The sticky bit is a posix permission. Sand box will allow you to do something similar to the sticky bit using ACL's, but the exact duplication of the sticky bit is not possible, but something just as useful or more useful can be easily implemented.
  To set the sticky bit you will need an app called FileXaminer or the Terminal.app command line.
  to set the sticky bit simply put "1" in front of the the permissions number when you run chmod on the command line, here is an example:
  chmod 1775 /users/data/shared #assigns permissions 775 and the sticky bit#
  chmod 775 /users/data/shared #assigns permissions 775 without the sticky bit#
  note: note actual use of the chmod and chown commands will, in most cases require the sudo (super user do) command to be used with them. example:
  sudo chmod 1775 /users/data/shared #assigns temporary super user priviledge#
  The way I set my shared user's directories with ACL's is this:
  first I created folder /users/data -permissions=777 (everyone).
  I had three users so I created folders for each in /users/data:
  /users/data/user1 #this is just example-substitute real user name#
  /users/data/user2
  /users/data/user3 #etc,etc,#
  set the posix permission on each user folder 700 (owner:read,write,execute)
  set the owner and group on each one accordingly:
  chown user1:staff /users/data/user1 #substitute real user name#
  chown user2:staff /users/data/user2
  chown user3:staff /users/data/user3 #(etc,etc)#
  Now each user has their own data folder they can read and write to at will (when they are logged in to their user account).
  They can safely create and maintain their data and no one can delete it.
  Since these are shared data accounts. other users will need to read the data, this is where the ACL's come in.
  You will need to use Sandbox to place ACL's for each allowed user, on each of the user directories:
  0: user:joe inherited allow list,addfile,search,add_subdirectory,readattr,writeattr,readextattr,writeextattr,readsec urity,file_inherit,directoryinherit
  1: user:mary inherited allow list,addfile,search,add_subdirectory,readattr,writeattr,readextattr,writeextattr,readsec urity,file_inherit,directoryinherit
  2: user:sue inherited allow list,addfile,search,add_subdirectory,readattr,writeattr,readextattr,writeextattr,readsec urity,file_inherit,directoryinherit
  Basically with the above ACL's the only thing the allowed user can't do is delete files. They can copy files, they can add files, etc. This behavior is somewhat similar to what can be accomplished with the sticky bit, but much more controlled and structured. That is the beauty of using ACL's.
  Using SandBox you can taylor the permissions as you see fit for each every user. You can set permissions for an administrator to delete files as well. You can take away or add permissions for each user as you see fit. let your imagination be your guide.
  ACL's weren't meant to replace posix permissions, but rather to allow administrators to fine tune user permissions.
  Kj