TM volume permissions for privacy on LAN?

Similar Messages

• Defining NTFS Permissions for High Volume Security

  The default NTFS file permissions for the boot volume in Windows 8.1 appear to give Modify access to "Authenticated Users".   That is really permissive.   I have a lot of folders I do not want anyone not authenticated as Administrator
  to touch.   Of course I could change every folder manually and test for side effects, but I am hoping someone has already tested this and has published a document.   I am looking for a detailed description of how to secure the volume so that ordinary
  users cannot modify attributes, filenames, or data for most files on the volume.
  Will

  Ronald, thanks for your reply.  Now we are talking the right topic.    
  1) How did you modify the root permissions?  One way to do that might be to remove Modify and Create authority for the "Authenticated Users" entity and replace that with just Read & Execute.
  2) I understand that Microsoft tightened things to prevent normal users from having modify access inside subfolders.   This works fine for well behaved applications that use things like the "Program Files" subfolder.   Unfortunately, many
  applications are badly behaved and put themselves directly under the root of the boot volume.  AMD for example puts its video drivers in c:\amd by default.     Since that folder inherits from the root, and the root gives permissive access to
  users to create and modify files, now many sensitive DLLs in this install folder could be easily modified by any user.
  One of the worst viruses I ever had was a denial of service virus that acted simply by hiding every single file on your file system.   We had locked down NTFS permissions but had forgotten to lock down file attributes.   It took forever to recover
  from that.   
  So, bottom line, I like to run as tight a file security as possible, and I like to stay logged in as a normal user and greatly restrict what normal users can change.    
  Microsoft definitely tightened things up in Windows 8 and that's great.
  Will

• How to set permissions for files created by Windows on OS 10.8 volume

  I am in process of upgrading from an iMac with OS 10.6 to an iMac with OS 10.8.  In my office network, I store all files on my iMac and let the Windows PCs act as workstations to read/write onto the Mac.  (It's simpler to have all files centralized in one location, and only have to be concerned about backing up one volume.)
  When I had OS 10.4 and OS 10.6 any newly created file saved by the Windows PCs onto the Mac could be opened by the Mac.
  But with OS 10.8, I can not open newly created files from Windows.  The file permissions for the newly created files from the Windows PCs are: 
       PCUser = read/write;  Everyone = no access.
  What do I need to do so that newly created files from the Windows PC (currently Windows 7) can be opened by the Mac, without having to use Get Info to reset the permissions each time?

  You could try adding this Access Control Entry (ACE) to the folders you let them save to:
  sudo chmod -R +a "accountinggroup allow delete,chown,list,search,add_file,add_subdirectory,delete_child,file_inherit,directory_inherit" /Path/to/topmost/folder
  You first need to create a group for all the sharing people you want to have access to that folder, if you don't already have one. In the example, "accountinggroup" is the group, so change that to whatever you want to use.
  The ACE allows them full access to the files in the folders. If you want to limit that, remove the option (such as delete).
  You create Groups in Users & Groups System Preference just like creating a new user. Just change the account type to Group.
  If you want a GUI to do the settings, try Sandbox.  It's got a few glitches in the Interface, but it seems to write the ACL correctly. One glitch is selecting the Group or User. I had just a list of Continuing in the popup menu. I typed in the Group name I wanted and it worked. Some errors pop up as you traverse the file hierarchy, but you can dismiss them.
  Here is an old hint, which gives a little background, and some other options: http://hints.macworld.com/article.php?story=20090219133314985
  The Server tools would allow you to set this up more easily, but if this is all you need as the server, I don't know if it is worth it.

• I am running Lion 10.7.2 and I have an external drive hooked to my time machine. I can't rename folders and when trying, I get an error code 8076. The checkbox "ignore permissions for this device" does not show on volume info. Help please???

  I am running Lion 10.7.2 and I have an external drive hooked to my time machine. I can't rename folders and when trying, I get an error code 8076. The checkbox "ignore permissions for this device" does not show on volume info. Help please???

  The TIme Machine volume does not have that checkbox.
  I think the issue is with your Finder...
  Go to Finder "Go" menu hold the option key and choose Library. Then go to Preferences trash these files:
  com.apple.finder.plist
  com.apple.sidebarlists.plist
  Then, restart, or log out and in again.
  (You will have to reset a few finder prefs the way you like them.)

• Required permissions for SCVMM 2012 R2 Library Share - SOFS on Clustered Storage Volume

  Setup / Notes:
  SCVMM 2012 R2
  SCVMM Library Server - SOFS Role on 2 Nodes of Clustered Storage Server 2012 R2
  Library Server and Nodes show up under Fabric->Infrastructure->Library Servers
  Server and Nodes show no errors or problems
  Shares have been added in SCVMM and able to refresh properly
  Problem:
  I cannot do any job which involves writing to these shares. Import Resource, Create VM Template, etc. Everything fails with Error (2910) VMM does not have appropriate permissions... Access Denied.
  Solutions Tried:
  I have setup FULL CONTROL Share and Security permissions for Administrators Domain and Local, SCVMM Service Account, SCVMM Run as Account, Everyone Account, SYSTEM, Hyper-V Computer Accounts basically everything in my domain. I still get access denied to
  the Library Server Shares.
  Other Notes:
  I do have shares configured for VM / shared storage for hosts. These are working great and appear to be configured completely by SCVMM.
  What are the required permissions? Are they manually setup or controlled by SCVMM? Why does it appear that nobody has had this problem before me on the interwebs? Am I an idiot?

  More Information:
  It would appear that Failover Cluster Manager doesn't immediately change the permissions related to a share. I have manually gone in and set the FULL CONTROL Share and Security permissions for the Everyone Account on the Cluster Volume and the share is now
  working. I do need to lock this down for security purposes so what account/accounts does it need?
  Scratch That:
  I was able to Import a Physical resource but the saving of a VM to the library does not work... 2904 or 2910.
  Anybody?

• How do you change volume permissions with Solaris Volume Manager?

  (Previously posted in "Talk to the Sysop" - no replies)
  I'm trying to set up Solaris 9 to run Oracle on raw partitions. I have my design nailed down and I have built all the raw partitions I need as soft partitions on top of RAID 1 volumes. All this is built using Solaris Volume Manager (SVM).
  However, all the partitions are still owned by root. Before I can create my Oracle database, I need to change the owner of the Oracle partitions to oracle:oinstall. The only reference I found telling me how to do this was in a Sun Blueprint and it essentially said "You can't change volume permissions directly or permanently using SVM and chown will only remain effective until the next reboot. To make the changes permanent, you must modify /etc/minor_perm". Unfortunately, I can't find an example of how to do this anywhere and the online man pages are not particularly helpful (at least not to me).
  I'd appreciate a quick pointer, either to a good online resource or, even better, a simple example. For background, the volumes Oracle needs to own are:
  /dev/md/rdsk/d101-109
  /dev/md/rdsk/d201-203
  /dev/md/rdsk/d301-303
  /dev/md/rdsk/d401-403
  /dev/md/rdsk/d501-505
  I provide this information because I'd like to assign some, but not all, of the devices under /dev/md/rdsk to the oracle user and I was hoping some smart person out there could illustrate an approach using simle regular expressions, at which I'm horribly poor.
  Thanks in advance,
  Adrian

  Ron, I feel your pain.  I just came from an HTC also and a lot of stuff with this iPhone is bugging the crap out of me.  Who makes a phone where you can't adjust the ringer and alert volumes independently?  Instead, I have to adjust the alert volume when it is active.  C'mon guys.  Get with the program.  You won a bunch of Android users over with the 4S, but you're going to chase us all back when we're done with our contract.  Frustrating.  

• When I repair disk permissions I get the following:Repairing permissions for "MacIntosh HD" Determining correct file permissions. Permissions differ on ./Library/Widgets, should be drwxr-xr-x , they are drwxrwxr-x  Owner and group corrected on ./Library/W

  Repairing permissions for “MacIntosh HD”
  Determining correct file permissions.
  Permissions differ on ./Library/Widgets, should be drwxr-xr-x , they are drwxrwxr-x
  Owner and group corrected on ./Library/Widgets
  Permissions corrected on ./Library/Widgets
  Permissions differ on ./System/Library/User Template, should be drwx------ , they are drwxr-xr-x
  Owner and group corrected on ./System/Library/User Template
  Permissions corrected on ./System/Library/User Template
  Group differs on ./usr/bin/fetchmail, should be 0, group is 6
  Permissions differ on ./usr/bin/fetchmail, should be -rwxr-xr-x , they are -rwxr-sr-x
  Owner and group corrected on ./usr/bin/fetchmail
  Permissions corrected on ./usr/bin/fetchmail
  Permissions differ on ./usr/lib/php/build/Makefile.global, should be -r--r--r-- , they are -r-xr-xr-x
  Owner and group corrected on ./usr/lib/php/build/Makefile.global
  Permissions corrected on ./usr/lib/php/build/Makefile.global
  Permissions differ on ./usr/lib/php/build/acinclude.m4, should be -r--r--r-- , they are -r-xr-xr-x
  Owner and group corrected on ./usr/lib/php/build/acinclude.m4
  Permissions corrected on ./usr/lib/php/build/acinclude.m4
  Permissions differ on ./usr/lib/php/build/mkdep.awk, should be -r--r--r-- , they are -r-xr-xr-x
  Owner and group corrected on ./usr/lib/php/build/mkdep.awk
  Permissions corrected on ./usr/lib/php/build/mkdep.awk
  Permissions differ on ./usr/lib/php/build/phpize.m4, should be -r--r--r-- , they are -r-xr-xr-x
  Owner and group corrected on ./usr/lib/php/build/phpize.m4
  Permissions corrected on ./usr/lib/php/build/phpize.m4
  Permissions differ on ./usr/lib/php/build/scan_makefile_in.awk, should be -r--r--r-- , they are -r-xr-xr-x
  Owner and group corrected on ./usr/lib/php/build/scan_makefile_in.awk
  Permissions corrected on ./usr/lib/php/build/scan_makefile_in.awk
  Permissions differ on ./usr/lib/system/libmathCommon.A.dylib, should be -r-xr-xr-x , they are -rwxr-xr-x
  Owner and group corrected on ./usr/lib/system/libmathCommon.A.dylib
  Permissions corrected on ./usr/lib/system/libmathCommon.A.dylib
  Permissions differ on ./usr/libexec/dumpemacs, should be -r-sr-xr-x , they are -r-xr-xr-x
  Owner and group corrected on ./usr/libexec/dumpemacs
  Permissions corrected on ./usr/libexec/dumpemacs
  Permissions repair complete
  The privileges have been verified or repaired on the selected volume
  Then I sometimes get the brown screen that states,You must re-start your computer.
  I have already zeroed out the hard drive and re-installed Panther and the upgrade Tiger disc.
  I repair permissions using the Tiger disc upgrade.
  Can anyone help me with this??

  > I repair permissions using the Tiger disc upgrade.
  One thing to note...  When running Repair Disk Permissions, it is best to run it while started up normally, from your normal startup disk, not from a Mac OS X installation disc.  The only time you should run it while started up from an installation disc is if some problem is preventing you from starting up normally. OTOH, Repair Disk can only be used when starting up from a different disk (such as an installation disc).
  So, I would start up normally, run Disk Utility, and use Repair Disk Permissions on your normal startup disk.
  NOTE:  Repair Disk Permissions often gives alerts messages that can be ignored.  They are more "informational," not serious errors.
  http://support.apple.com/kb/TS1448
  You should still run it periodically.  When you run it, what needs to be repaired has been repaired; consider the rest of it an FYI.  I've never experience a problem, where a Repair Disk Permissions message actually caused a problem.  But, if you ever get an error while running Repair Disk (or Verify Disk), that is usually a serious problem.

• Need insight for setting up permissions for sharing an external hd via OS X 10.6?

  Hello intelligent lifeforms,
  My supervisor and friend passed away a little over a year ago, and I am now trying to fill his shoes as the networking guru and could use some assistance.  I'm trying to share an external hard drive that is connected to my Mac Pro OS X 10.6 workstation with a Mac Pro OS X 10.4 workstation user.  I've tried setting up a Sharing Only account in my System Preferences-Accounts for the 10.4 user, and under System Preference-Sharing I turned File Sharing: On, added the Shared Folder, added the User and set priveleges as "Read Only."  My intentions are for the 10.4 user to only be able to copy files from the external hard drive so as to protect the archived files being stored there from being tampered with.  However, there is a User group listed as "Everyone" that I can't remove and believe it is taking precedence over the 10.4 account that I setup.  I do not know where this Everyone group originated from but believe it to be some kind of default group and a major obstacle.
  When the 10.4 user copies a folder from the external hd to his workstation and later copies it to a volume on our Xserve OS X 10.2 the folder shows that I do not have privileges to do anything to the folder (there is a red circle with a minus sign in it on the folder icon).  Eventually, I am to backup these files to the external hd where lies my dilemma.
  The volume on the Xserve being copied to is setup under Workgroup Manger-Sharing-Share Points-General:  "Share this item and its contents" IS checked, Owner: admin-Read & Write, Group: staff-Read & Write (where said user has been added to the staff group), Everyone: none (I do not think the Everyone group listed on the server has anything to do with the Everyone group on my machine?), Enable disk quotas on this volume is NOT checked.
  My tests show that the permissions are being carried over from the external hd Everyone group (Read Only) because even when the 10.4 user's permissions are set to Read & Write in System Preferences-Sharing-File Sharing-Users the folder still shows to be Read Only when it's copied.  I've even tried setting his Desktop privileges to Read & Write hoping that when he copies the folder the permissions would be overwritten.  Unfortunately, the only way to give me priveleges is for the 10.4 user to change them manually through Get Info from his workstation.  This is counterproductive to the workflow I'm trying to establish.  I've tried wrapping my brain around the flowchart of coordinating permissions/privileges between the different machines but to no success.
  Also, a note to add is I've observed a User: Firebird Database that is listed under System Preferences-Sharing on both of our workstations.  It cannot be removed either and I do not know where it is originating from.
  Is there anyone out there that has any insight to this situation?
  Perplexed,
  carl_prepress

  "Everyone" is not a Group.
  Every file has underlying Access settings for System, Owner, Group, and World.
  Access settings for Everyone mean everyone-else that is not explicitly mentioned in the other settings. It is the same as the Unix "World".
  If you set the Priviledges for a file to Everyone=Read, then any user with any credentials can read it.
  The User Categories Owner, Group, and Everyone
  You can assign standard POSIX access permissions separately to three categories of users:
  Owner—A user who creates a new item (file or folder) on the file server is its owner and automatically has Read & Write permissions for that folder. By default, the owner of an item and the server administrator are the only users who can change its access privileges (allow a group or everyone to use the item). The administrator can also transfer ownership of the shared item to another user.
  Note: When you copy an item to a drop box on an Apple file server, ownership of the item doesn’t change, but only the owner of the drop box or root has access to its contents.
  Group—You can put users who need the same access to files and folders into group accounts. Only one group can be assigned access permissions to a shared item. For more information on creating groups, see the user management guide.
  Everyone—Everyone is any user who can log in to the file server: registered users and guests. Hierarchy of Permissions
  If a user is included in more than one category of users, each of which has different permissions, these rules apply:
  • GrouppermissionsoverrideEveryonepermissions.
  • OwnerpermissionsoverrideGrouppermissions.
  For example, when a user is both the owner of a shared item and a member of the group assigned to it, the user has the permissions assigned to the owner.

• [New_Feature_Requirement] [iOS 8] Detecting permissions for camera access

  Here is the feature request: Feature#3837401 - [New_Feature_Requirement] [iOS 8] Detecting permissions for camera access
  Problem: The camera privacy control is now required by iOS 8 for all regions. With iOS 8 any application that use camera encountered with a dialog asking for permission.
  http://useyourloaf.com/blog/2014/07/16/ios-8-camera-privacy-settings.html
  But we cannot detect permission for camera access by AIR.
  StatusEvent event not firing by AIR: "Note: This event is not dispatched on the AIR platform. It is used only in Flash Player."
  Camera - Adobe ActionScript® 3 (AS3 ) API Reference
  So, if user don't allow use camera our application even cannot detect that. It could make application useless. Also it could cause problems with our applications in AppStore.
  Please consider to provide some way to handle camera access. It could be StatusEvent like with Flash Player.

  "Do Not Put iOS8 on an iPhone 4S"
  http://gizmodo.com/dont-put-ios-8-on-your-iphone-4s-1635763610?utm_medium=referr al&utm_source=pulsenews

• Permissions for Linux user accessing Leopard share

  We have a very simple networking setup at our video post production facility. Basically, files are shared everywhere and to everyone. No open directory or DNS serving. Just AFP and SMB.
  Our Linux based Smoke/Flame/Lustre system needs access to the files severed/shared by an Xserve with a big attached RAID. It has no problem connecting or seeing the files. However, it typically is denied write permissions. When the Smoke operator creates a folder on the share he can't access the folder until I grant the Others/Everyone group read and write perms. The Linux user logs in with the same user account that everyone else uses.
  Some time ago, the always smashing Gerrit DeWitt gave me some terminal commands to set ACLs for users/groups of this shared RAID. They work beautifully and I have had no permissions issues since applying them. Except for this Linux system.
  Would it be good practice to use this command to set the Everyone group permissions for this share?
  sudo chmod -R +ai "group:everyone allow readattr,readextattr,readsecurity,\
  list,search,read,execute,writeattr,writeextattr,delete,\
  append,write,deletechild,add_file,addsubdirectory,\
  fileinherit,directoryinherit" "/Volumes/RAIDH/Smoke_InfernoStorage"
  Also, is there some configuration change I could make to the Linux system to make it a little more Mac compatible in this area?
  Thanks

  It's worth checking into - let us know what you find. What you describe certainly sounds like a problem with permission propagation settings for SMB / Samba since the AFP side works fine.
  I've seen other posts about problems that crop up because of differences in the versions of Samba employed between systems, so that's a possibility as well. And I'd have no suggestions for you in that regard other than some searching of the web for clues as to how to work with that issue.
  -Doug

• Permissions for /etc/ ?

  I accidentally forced permissions for /etc/ after adding a line for sieve scripts in webmail/squirrelmail.
  I am sure I have not touched anything else....
  Now mail services says they are running in Server admin, but not when I telnet to them.
  web:~ admin$ telnet localhost 110
  Trying ::1...
  telnet: connect to address ::1: Connection refused
  Trying ::1...
  telnet: connect to address ::1: Connection refused
  Trying 127.0.0.1...
  telnet: connect to address 127.0.0.1: Connection refused
  telnet: Unable to connect to remote host
  Is there a way to save this situation?
  All other services like web and afp works fine,
  just not pop, imap and SMTP.
  How do I fix permissions back=
  Thanx for listening, grateful for any help!
  Janne A.

  Thanx ever so much you are very kind...
  I changed permissions by way of Get Info on the folder etc and then propagate prmissions from there....
  Your suggestions:
  I tried it and the output out of the first command is:
  lrwxr-xr-x@ 1 root admin 11 Dec 25 18:15 etc -> private/etc
  And for the second one:
  Last login: Wed Jan 2 21:46:49 on ttys000
  web:~ admin$ cd /
  web:/ admin$ sudo chmod 755 /etc
  web:/ admin$ ls -al /
  total 41125
  drwxrwxr-t 32 root admin 1156 Dec 28 14:17 .
  drwxrwxr-t 32 root admin 1156 Dec 28 14:17 ..
  -rw-rw-r--@ 1 admin admin 12292 Jan 2 19:10 .DS_Store
  drwx------ 3 root admin 102 Dec 25 19:01 .Spotlight-V100
  d-wx-wx-wt 2 root staff 68 Dec 25 18:13 .Trashes
  drwx------ 63 root admin 2142 Jan 2 19:19 .fseventsd
  -rw------- 1 root wheel 65536 Dec 25 18:53 .hotfiles.btree
  drwxr-xr-x@ 2 root wheel 68 Sep 24 09:08 .vol
  -rw-r--r-- 1 root admin 199 Dec 25 19:59 2.66
  drwxrwxr-x+ 35 root admin 1190 Dec 30 14:09 Applications
  drwxrwx---+ 7 admin admin 238 Dec 29 12:25 Groups
  drwxrwxr-t+ 57 root admin 1938 Dec 28 14:22 Library
  drwxr-xr-x@ 3 root wheel 102 Jan 2 19:19 Network
  drwxrwxr-x 3 admin admin 102 Dec 25 18:32 Shared Items
  drwxr-xr-x 4 root wheel 136 Dec 28 14:21 System
  drwxr-xr-x 5 root admin 170 Dec 25 19:00 Users
  drwxrwxrwt@ 3 root admin 102 Jan 2 19:19 Volumes
  drwxr-xr-x@ 40 root wheel 1360 Dec 25 18:15 bin
  drwxrwxr-t@ 2 root admin 68 Sep 23 23:37 cores
  dr-xr-xr-x 2 root wheel 512 Jan 2 19:19 dev
  lrwxr-xr-x@ 1 root admin 11 Dec 25 18:15 etc -> private/etc
  dr-xr-xr-x 2 root wheel 1 Jan 2 19:19 home
  -rw-r--r--@ 1 root wheel 10256044 Nov 1 01:48 mach_kernel
  -rw-r--r--@ 1 root wheel 10696809 Oct 10 06:38 mach_kernel.ctfsys
  dr-xr-xr-x 2 root wheel 1 Jan 2 19:19 net
  drwxr-xr-x@ 6 root wheel 204 Dec 25 18:23 private
  drwxr-xr-x@ 67 root wheel 2278 Dec 28 14:17 sbin
  lrwxr-xr-x@ 1 root admin 11 Dec 25 18:15 tmp -> private/tmp
  drwxr-xr-x@ 11 root wheel 374 Dec 25 21:01 usr
  lrwxr-xr-x@ 1 root admin 11 Dec 25 18:15 var -> private/var
  web:/ admin$ ls -al /etc/
  total 2592
  drwxr-xr-x 124 root wheel 4216 Jan 2 21:51 .
  drwxr-xr-x@ 6 root wheel 204 Dec 25 18:23 ..
  -rw-r--r-- 1 root wheel 753 Sep 24 07:55 6to4.conf
  -rwxrwxrwx 1 root wheel 24 Dec 28 22:52 AFP.conf
  -rw-r--r-- 1 root wheel 1404 Sep 24 04:38 IPAliases.conf.default
  -rwxrwxrwx 1 root wheel 1532 Jan 2 21:51 MailServicesOther.plist
  -rw-r--r-- 1 root wheel 739 Sep 29 08:25 af.plist
  -rw-r--r-- 1 root wheel 515 Sep 23 23:37 afpovertcp.cfg
  lrwxr-xr-x 1 root wheel 15 Dec 25 18:23 aliases -> postfix/aliases
  -rw-r--r-- 1 root wheel 16384 Jan 2 21:52 aliases.db
  -rw-r--r-- 1 root wheel 31865 Jan 2 15:20 amavisd.conf
  -rwxrwxrwx 1 root wheel 31858 Sep 27 06:43 amavisd.conf.personal
  drwxr-xr-x 24 root wheel 816 Jan 2 10:12 apache2
  -rw-r--r-- 1 root wheel 88 Sep 23 23:37 asl.conf
  -rw-r--r-- 1 root wheel 21691 Jan 2 19:19 authorization
  -rw-r--r-- 1 root wheel 67 Oct 10 06:53 auto_home
  -rw-r--r-- 1 root wheel 164 Oct 10 06:53 auto_master
  -rw-r--r-- 1 root wheel 1759 Oct 10 06:53 autofs.conf
  -r--r--r-- 1 root wheel 196 Sep 24 03:45 bashrc
  -rwxrwxrwx 1 root wheel 1379 Dec 25 18:53 bootpd.plist
  drwxr-xr-x 5 root wheel 170 Jan 2 19:19 caldavd
  drwxrwxrwx 12 root wheel 408 Dec 28 20:06 certificates
  -rw-r--r-- 1 root wheel 9185 Oct 5 04:41 clamd.conf
  -rw-r--r-- 1 root wheel 9185 Oct 5 04:41 clamd.conf.default
  -rw-r--r-- 1 root wheel 189 Sep 24 04:10 csh.cshrc
  -rw-r--r-- 1 root wheel 121 Sep 24 04:10 csh.login
  -rw-r--r-- 1 root wheel 39 Sep 24 04:10 csh.logout
  drwxr-xr-x 12 root _lp 408 Dec 25 18:45 cups
  -rwxrwxrwx 1 root wheel 1142 Jan 2 17:18 cyrus.conf
  -rw-r----- 1 root wheel 1146 Sep 24 07:22 cyrus.conf.default
  drwxr-xr-x 3 root wheel 102 Sep 29 05:39 defaults
  drwxr-xr-x 11 root wheel 374 Dec 26 03:15 diskspacemonitor
  drwxrwxrwx 5 root wheel 170 Dec 25 19:00 dns
  -rw-r--r-- 1 root wheel 2378 Oct 11 09:22 dnsextd.conf
  -rwxrwxrwx 1 root wheel 0 Dec 26 03:15 dumpdates
  -rw-r--r-- 1 root wheel 587 Sep 24 04:30 efax.rc
  drwxr-xr-x 5 root wheel 170 Dec 25 19:02 emond.d
  -rw-r--r-- 1 root wheel 0 Sep 23 23:37 find.codes
  -rw-r--r-- 1 root wheel 3616 Oct 5 04:41 freshclam.conf
  -rw-r--r-- 1 root wheel 3616 Oct 5 04:41 freshclam.conf.default
  -rw-r--r-- 1 root wheel 150 Sep 23 23:37 fstab.hd
  -rw-r--r-- 1 root wheel 119 Sep 23 23:37 ftpusers
  -rw-r--r-- 1 root wheel 5678 Sep 23 23:37 gettytab
  -rw-r--r-- 1 root wheel 1444 Sep 23 23:37 group
  -rw-r--r--@ 1 root wheel 223 Dec 29 00:47 hostconfig
  -rwxrwxrwx 1 root wheel 185 Oct 2 05:54 hostconfig.personal
  -rw-r--r-- 1 root wheel 236 Sep 23 23:37 hosts
  -rw-r--r-- 1 root wheel 0 Sep 23 23:37 hosts.equiv
  drwxr-xr-x 24 root wheel 816 Dec 25 19:03 httpd
  -rw-r--r-- 1 root wheel 22854 Sep 24 07:51 hwmond.SMART
  -rwxrwxrwx 1 root wheel 847 Jan 2 17:18 imapd.conf
  -rw-r----- 1 root wheel 618 Sep 24 07:22 imapd.conf.default
  drwxr-xr-x 8 root wheel 272 Dec 25 18:55 ipfilter
  -r--r--r-- 1 root wheel 1097 Sep 29 06:52 irbrc
  drwxr-xr-x 19 root wheel 646 Dec 25 19:01 jabberd
  -rwxrwxrwx 1 root wheel 12 Dec 25 19:05 kcpassword
  -rw-r--r-- 1 root wheel 0 Sep 23 23:37 kern_loader.conf
  -rwxrwxrwx 1 root wheel 4713 Dec 25 20:15 krb5.keytab
  lrwxr-xr-x 1 root wheel 36 Dec 25 19:01 localtime -> /usr/share/zoneinfo/Europe/Stockholm
  -r--r--r-- 1 root wheel 616 Sep 24 04:34 locate.rc
  drwxr-xr-x 3 root wheel 102 Dec 25 18:23 mach_init.d
  drwxr-xr-x 2 root wheel 68 Oct 2 05:54 machinit_per_loginsession.d
  drwxr-xr-x 2 root wheel 68 Oct 2 05:54 machinit_peruser.d
  drwxr-xr-x 6 root wheel 204 Jan 2 17:18 mail
  -rw-r--r-- 1 root wheel 106 Sep 24 04:10 mail.rc
  -rw-r--r-- 1 root wheel 4589 Sep 24 03:54 man.conf
  -rw-r--r-- 1 root wheel 36 Sep 23 23:37 manpaths
  drwxr-xr-x 3 root wheel 102 Sep 24 05:53 manpaths.d
  -rw------- 1 root wheel 3088 Sep 23 23:37 master.passwd
  -rwxrwxrwx 1 root wheel 124 Dec 25 18:53 memberd.conf
  -rw-r--r-- 1 root wheel 132839 Sep 24 07:11 moduli
  -rw-r--r--@ 1 root wheel 1084 Dec 25 18:59 named.conf
  -rwxrwxrwx 1 root wheel 1238 Sep 25 03:34 named.conf-2007-12-25.migrated
  -r--r--r-- 1 root wheel 11 Sep 24 04:12 nanorc
  drwxr-xr-x 4 root wheel 136 Dec 25 19:01 nat
  -rw-r--r-- 1 root wheel 53 Sep 23 23:37 networks
  -r--r--r-- 1 root wheel 1581 Sep 29 05:39 newsyslog.conf
  -rw-r--r-- 1 root wheel 132 Sep 24 03:51 notify.conf
  -rwxrwxrwx 1 root wheel 26 Dec 25 19:01 ntp.conf
  drwxr-xr-x 12 root wheel 408 Dec 25 19:00 openldap
  drwxr-xr-x 13 root wheel 442 Dec 25 18:21 pam.d
  -rw-r--r-- 1 root wheel 2888 Sep 23 23:37 passwd
  -rw-r--r-- 1 root wheel 45 Sep 23 23:37 paths
  drwxr-xr-x 3 root wheel 102 Sep 24 05:53 paths.d
  drwxr-xr-x 5 root wheel 170 Sep 24 03:56 periodic
  -r--r--r-- 1 root wheel 45029 Sep 24 07:35 php.ini.default
  drwxr-xr-x 6 root wheel 204 Oct 6 08:56 podcastproducer
  drwxr-xr-x 23 root wheel 782 Jan 2 21:52 postfix
  drwxr-xr-x 2 root wheel 68 Oct 10 06:53 ppp
  -r--r--r-- 1 root wheel 189 Sep 24 03:45 profile
  -rw-r--r-- 1 root wheel 5766 Sep 23 23:37 protocols
  drwxr-xr-x 5 root wheel 170 Dec 25 18:23 racoon
  drwxr-xr-x 25 root wheel 850 Sep 24 07:52 raddb
  -rw-r--r-- 1 root wheel 1660 Oct 2 05:54 rc.common
  -rw-r--r-- 1 root wheel 4641 Oct 2 05:54 rc.netboot
  -rwxr-xr-x 1 root wheel 2853 Sep 24 04:38 rc.server
  lrwxr-xr-x 1 root wheel 20 Dec 25 18:21 resolv.conf -> /var/run/resolv.conf
  -rw-r--r-- 1 root wheel 0 Sep 23 23:37 rmtab
  -rwxrwxrwx 1 root wheel 77 Dec 25 19:00 rndc.key
  -rw-r--r-- 1 root wheel 971 Sep 23 23:37 rpc
  -rw-r--r-- 1 root wheel 983 Sep 24 07:55 rtadvd.conf
  drwxr-xr-x 11 root wheel 374 Dec 25 18:32 sbs_backup
  drwxr-xr-x 3 root wheel 102 Oct 3 07:02 servermgrd
  -rw-r--r-- 1 root wheel 677959 Sep 23 23:37 services
  -rw-r--r-- 1 root wheel 178 Dec 25 18:33 shells
  -rwxrwxrwx 1 root wheel 179 Sep 23 23:37 shells.personal
  -rw-r--r-- 1 root wheel 2904 Sep 26 05:08 smb.conf
  -rw-r--r-- 1 root wheel 2904 Sep 26 05:08 smb.conf.template
  drwxr-xr-x 4 root wheel 136 Sep 24 05:56 snmp
  drwxr-xr-x 4 root wheel 136 Dec 25 18:32 squirrelmail
  -rw-r--r-- 1 root wheel 1466 Dec 25 19:02 ssh_config
  -rw-r--r-- 1 root wheel 3356 Dec 25 19:02 sshd_config
  -rwxrwxrwx 1 root wheel 3362 Sep 24 07:11 sshd_config.personal
  -r--r----- 1 root wheel 1135 Sep 24 04:29 sudoers
  drwxr-xr-x 5 root wheel 170 Dec 25 18:53 swupd
  -rw-r--r-- 1 root wheel 2274 Sep 24 04:38 sysctl.conf.default
  -rw-r--r-- 1 root wheel 985 Jan 2 17:18 syslog.conf
  drwxrwxrwx 3 root wheel 102 Dec 25 18:59 systemserialnumbers
  -rw-r--r-- 1 root wheel 1441 Sep 23 23:37 ttys
  drwxr-xr-x 4 root wheel 136 Sep 24 07:23 webperfcache
  drwxr-xr-x 4 root wheel 136 Jan 2 10:12 wikid
  drwxr-xr-x 4 root wheel 136 Sep 24 07:09 xgrid
  -rw-r--r-- 1 root wheel 0 Sep 23 23:37 xtab
  -r--r--r-- 1 root wheel 113 Sep 24 03:40 zprofile
  Can you decuce anything from this?
  Still can't telnet into pop imap and smtp...
  thanx a bunch if you can do anything with this?
  I am stuck...
  all the best for 08
  Janne A.
  Message was edited by: Jan Anderson
  twice pasted

• Permissions for website directories/files & Share Points for managing files

  Hello.
  I'm wondering if anyone could lend some advice in how to best set up permissions, both POSIX and ACLs, for the following setup?
  #1 - Permissions for directories and files for hosting a website (via OS X 10.5 "Web" GUI). Basically, I'm curious as to what people suggest for the basic files for the directory (and sub-directories and files) that go into the backend (html, images, etc.) of a website? I'm going to be being files over from another machine, so I may need to propagate these permissions once they've been moved over?
  #2 - Permissions (ACL) for allowing users to access these directories and files for editing, etc. via client Macs on our LAN (this server is going to be a development web server for initial building/testing).
  Any advice would be much appreciated!
  Thanks,
  Kristin.

  Hi Kristin,
  The "other" or "everyone" group should not have "write" permissions to any files under your website document root folder. The Apache web server runs as user "www" ... "www" is usually in the "everyone" group, thus allowing read-only access to the website.
  You can set up the owner of your files to an admin account. Perhaps set up a group with write permissions to the file shares where your website files are.
  You must first analyze who should have access to what, base your groups on that ...
  Ted

• Folders marked for privacy in spotlight viewable in guest account

  Say I select the Spotlight preference pane and add a couple of folders that I want to be excluded from searches. Now I log out and then log in again as a guest account user. I launch System Preferences and select Spotlight, and there I see all the folders that I had marked for privacy in my own account.
  I attempt to remove them from the list, and I'm able to do so! Fortunately though, when I now attempt to search for these folders and their contents, I'm unsuccessful. But the thing is, when I log out and log back into my own account, the folders I previously marked private have indeed been removed from the list, evidently via the guest account.
  This certainly has to be a bug, isn't it?

  Well, I've set the permissions of these folders and their enclosed contents to Drop Box for Staff and No Access for Everyone. And as I've said, I added them to the privacy list in Spotlight, to exclude them from search results. Yes, they are persistent. When I log out and back in, they're still on the list and unsearchable.
  My point is that I don't expect to see these folders listed in the Spotlight privacy list in any other user account, least of all the temporary guest account that Leopard has introduced, nor that I can actually remove them from the list while I'm in the guest account.

• How can I view the boot volume permissions?

  How can I view the boot volume permissions in the Terminal and/or Single User Mode?
  I have tried: 'ls -l /Volumes' but this appears to only work for the non-boot volumes. I can test this by 'sudo chmod 777 /' followed by 'ls -l /Volumes' but the change is not reflected by the new list.

  I prefer to have my bootable volumes as follows:
  drwxrwxr-x
  I see no point in allowing others to write to / and sticky here often gets in my way. Can you see anything wrong with this?
  I couldn't say, as I let Mac OS X do what it wants with the / root directory. I don't know how sticky can hurt, as you need to have elavated privs to do anything in root anyway.
  But if it is working for you, have fun. Just make a note to yourself somewhere that you have made this change, so that if something stops working, you can take this change into consideration. And if this change does not cause problems, but does something useful for you, you can use the note to remind yourself that you need to re-make the change when installing a new system. So take notes on your changes. It will make your life easier in the future.

• Unbootable after Permissions for "Everyone" = "No access"

  I may have done something bad. I happened to look at permissions for my main (internal) drive for my iMac, "Macintosh HD." It said that access for "Everyone" was "Read only." I thought to myself, "I don't want everyone able to read everything on my disk." I also vaguely remembered (possibly incorrectly) that I might have changed that myself in the past. So I thought I would try it set at "No access." The first bad symptom was that my laser printer stayed in a state of being paused, regardless of hitting the "Resume printer" button repeatedly. So I thought something was hung up only with printing, and I tried to reboot the computer. Unfortunately, it would not boot back up, getting hung up at the gray screen with Apple logo and “spinning Stonehenge”! It did boot up with the Mac OS X Install DVD, which saw “Macintosh HD,” so I used Disk Utility to repair the drive, which Disk Utility said was OK, and it repaired some corrections (nothing conspicuously about “Macintosh HD” as a drive). Rebooting to “Macintosh HD” still did not work! (For some reason, it would not boot into the recent version of Drive Genius DVD.) It booted into TechTool Pro 6.0.3’s DVD, which made some favorable changes to the volume structure, and it corrected some permissions. Afterward, the iMac still would not boot into “Macintosh HD.” My latest Time Machine backup is a little bit old (a week or two), and I do have newer backups of certain files on an external drive, so I could restore it via Time Machine if necessary. But I suppose I would rather undo what caused this inaccessibility, tentatively my change of the permissions because all of this happened immediately after that change, and have everything as it was yesterday. Any advice and lessons would be appreciated.

  Thanks for your quick reply. I'm not with my iMac now but will try it tonight. Regarding your solution A1: does Command-S work as Terminal, or is Terminal needed at all? Does it matter if the screen at which it is stalled is not blue (which might be the background before Users' accounts appear?)? It is a gray screen with Apple logo. I have also found the following post which gives a different solution:  https://discussions.apple.com/message/15469394#15469394 That user described the stall as similar to mine: "the gray screen of death with the perpetual wheel." That solution apparently requires use of Terminal. Can I access that via the Mac OS X Install DVD?