User and Group Permissions for Directories

I'm trying to grant permissions to a group for a given directory, so that multiple users can FTP in and have read/write permissions in the same directory. I tried doing 'chown -R :groupname /path/to/directory' but it only granted the permissions I wanted to the first person in the group. How should I go about doing this?

Are the actual file permissions set correctly on the files for the group? Instead of <code>755</code> you need to chmod to <code>775</code> for example. If they are owned by the correct group, that should get things settled...

Similar Messages

User and Group Ids for Standby Database

The following oracle homes installed under the same unix account on the primary node:
10gR2 CRS home
10gR2 ASM home
10gR2 RDBMS home
Oracle Applications E-Business Suite 11.5.10.2 (concurrent admin)
Based on note 216212.1 - Business Continuity for Oracle Applications Release 11i, Database Releases 9i and 10g
Section 1: Design Considerations and Assumptions
The note, verbatim, says "+The user and group Ids of the Oracle and applications software owner accounts must be the same on the production and standby servers+." Is this statement true? In other words, if the primary server software owner is the "morgan" unix account, then the unix account must also be "morgan" (not "stanley") on the standby server?

Yes you can run a standby with different unix usernames on primary and standby, but it will be easier if the usernames are the same.

How do we fetch the top-level users and groups for a particular resource

Hi Experts,
I need to fetch the top level users and groups (permissions) for a particular resource, Currently i am able to fetch the effective users list.
Thanks.

To elaborate...
Here we need the users and groups who have direct access to the resource. We dont want to resolve groups.
Please help us with the apis to use in our java code to fetch the users and groups.

What third party tools exist to show a user or groups permissions and access rights for an entire SharePoint 2010 site collection?

Our admin crew has just inherited a 4 year old SharePoint site that was developed on SP 2007 and later migrated to SP 2010. We are trying to determine which users and groups have access to the 150+ sub-sites of the site and at what permission levels.
Research tells me SharePoint 2010 has no means to simply list out a user's permission levels over an entire site collection, but that it must be done at each sub-site, list & library that has permission inheritance broken to create a unique permissions
object.
Has anyone found a solution to this issue? Without days of research at each sub-site, list & library, how would one more economically go about such an investigation of a user's permissions on an entire SharePoint 2010 site?

Hello,
There is no direct way to see user and group broken permission within a site collection. However you can write powershell script to get the permission. You can modify the below script based on your need and export result in CSV. You may also need to add
code to iterate all subsites within site collection.
http://social.technet.microsoft.com/wiki/contents/articles/14242.sharepoint-2010-export-all-unique-permissions-from-site-collection-using-powershell.aspx
http://en.community.dell.com/techcenter/windows-management/b/weblog/archive/2012/09/25/sharepoint-security-reporting-using-powershell
Codeplex tool is also available to check permission but it is not always fulfill business need. You may also look at this if it suits you.
https://permissionsmanager.codeplex.com/
Hope it could help
Hemendra:Yesterday is just a memory,Tomorrow we may never see<br/> Please remember to mark the replies as answers if they help and unmark them if they provide no help

What is the SYNTAX for the user and group filters??? Is the HTML Ampersand token Amper A m p semicolon required in the filter

There seems to be quite a bit of confusion over the actual syntax for the user and group filters on the Forms Based Authentication Ldap Role and membership providers.. MSFT isn't really clear and there is a universal confusion in the blogsphere.
I the filters should the prefix be the ACTUAL Ampersand or the HTML token for an AMPERSAND.. I realize the in many cases the blogger might have inadvertently specified the html token when the bare naked ampersand was intended.. The question
therefore is : can a filter be taken directly from and ADSIEdit query and used as a filter or must the filter be made HTML safe by swapping out the AMERSAND with the HTML Token for AMERSAND before putting it into the configuration
for the LDAPRole/membership provider...
All science is either physics or stamp collecting

Hi GUYO,
I am not quite sure how we implement this on sharepoint side, as I did research and sharepoint may not have this feature to do this.
most of the LDAP for sharepoint may need to follow these steps in this article:
http://technet.microsoft.com/en-us/library/ee806890(v=office.15).aspx
http://blogs.msdn.com/b/sridhara/archive/2010/01/07/setting-up-fba-claims-in-sharepoint-2010-with-active-directory-membership-provider.aspxhttp://blogs.msdn.com/b/kaevans/archive/2013/01/31/configuring-ldap-for-fba-in-sharepoint-2010-or-sharepoint-2013-with-powershell.aspx
here is an example :
http://blogs.msdn.com/b/sharepoint__cloud/archive/2011/12/20/achieving-fba-with-adlds-amp-sharepoint-2010.aspx
if should this questions was at the ADSIEdit part, perhaps you can help us by opening a new thread at the AD foum
https://social.technet.microsoft.com/Forums/en-US/home?category=windowsserver
Regards,
Aries
Microsoft Online Community Support
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Could we have same name's for User and Groups in Active directory

When iam trying to create a user name " Logistics " under a OU, I am getting a error
"The pre-windows 2000 logon name you have chosen is already in use in this domain. Choose aother pre-windows logon name, and then try again"
We already have a group by the name " Logistics "
Could we have same name's for User and Groups in Active directory?
Thanks in Advance

sAMaccountName attribute is unique. So, the short answer is you cannot.
This posting is provided AS IS with no warranties or guarantees , and confers no rights.
Ahmed MALEK
My Website Link
My Linkedin Profile
My MVP Profile

Project Server 2010 - Project Permissions - Users and Groups filter is not working

Hi,
While giving permissions from project center ribbon on a project - Users and Groups filter is not working, we are not able to filter any user.
I am not sure why this error is occurring i tried giving permissions by opening the project but still the same filtering is not happening. Below is the screen shot
We have installed Service Pack 2 and June 2014 CU recently will this effect ?
Can any one throw some light on this??
Geeth If you feel that the answer which i gave you is Helpful please select it as Answer/helpful.

Hi Geetha,
Which IE version are you using? First I'd try to add the URL to the compatibility mode sites, then to the trusted sites (if it is not done already). Then I'd try to set the default browser as IE8 or 9 (pressing F12, developer tool).
Hope this helps,
Guillaume Rouyre, MBA, MVP, P-Seller |

Proper user and group rights

Dear readers and admins
My question is about the "correct" setting of the user and group rights, so the following is possible. It relates to Server 10.3 and to 10.4.
Requirements:
Group 1 = "Regular user"
Group 2 = "Administration, Accounting"
User 1 and 2 belong to Group 1, users 3 and 4 belong to Group 2.
User 1 & 2 must have read/write access to files and folders in Group 1, but may not have access to files and folders of Group 2.
User 1 & 2 must be in a position of creation and deletion of file and directory of Group 1, as if they were their own files and directories. I.e. User 2 must be in a position to delete or change files and directories that an other user of Group 1 has created.
User 3 & 4 must have read and write access to files and directories of Group 1 & 2. They must be able to creating and changing such files and directories, as if they were their own files and directories. I.e. User 3 & 4 must be able to create and change files and directories which belong to user 1 & 2.
As I understand it, this can be achieved with ACL's under Server 10.6.
Am I right?
What would such a structure look like with ACL's?
I unfortunately don't have a server 10.6 running, as, down due to technical problems, my server is down.
Thank you in advance for your help.
All a happy new year.
Regards
Thomas Thaler

Yes - and it's pretty easy.
1. You would create whatever share points you would like (very easy to do)
2. You would make sure in Workgroup Manager you have the users assigned to the correct groups that you discussed.
3. On the folders for Group 1 you would add ACL permissions of Full Control for Group 1 and Full Control for Group 2.
4. On the folders for Group 2 you would add an ACL permission of Full Control for Group 2.

Libvirt-1.2.12-1 user and group owners differ

Hello!
During the latest upgrade pacman complains about differing directory permissions for libvirt:
warning: directory ownership differs on /var/cache/libvirt/qemu/
filesystem: 99:78 package: 0:0
warning: directory ownership differs on /var/lib/libvirt/qemu/
filesystem: 99:78 package: 0:0
This are the user and group, not file mode ("rwx")! In this case the directories are currently owned by the user "nobody" and the group "kvm", while the package thinks actually "none" should own that directories. Should I change that manually?
Thanks
Hoschi
PS: I currently doesn't use QEMU and KVM, but that can happen very fast and than it need to work out-of-the-box
Last edited by hoschi (2015-01-28 17:30:06)

Just to clarify, that "none" (0:0) is actually root, that is root:root
I hope someone else can step in in order to tell you if a manual change is advised which I would understand as positive though better safe than sorry.

Error when opening User and Group Preferences

After upgrading to Lion there is an error when opening User and Group Preferences.
I´ve repaired permissions but the problem is still there...
Thanks...

Hi,
Double click on ur webdynpro application.Go to application properties tab.create new application property,select predefined property->browse->it will open a popup->select expiration time->give the value for expiration time.
or
Refer the note : [842635|https://websmp230.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=842635&nlang=EN&smpsrv=https%3a%2f%2fwebsmp206%2esap-ag%2ede]
Hope it helps,
Reward points if helpful.
Regards,
Shailesh Nagar

Photoshop Elements 11 installed on Mac Mini OS X 10.9.5. Application running successfully on bot main user and administrative accounts for considerable time with no warning messages. When established a new user account on same computer and try to call up

Photoshop Elements 11 installed on Mac Mini OS X 10.9.5. Application running successfully on bot main user and administrative accounts for considerable time with no warning messages. When established a new user account on same computer and try to call up elements receive message “Some ot the application components are missing from the Application directory. Please reinstall the application.” How do I correct this problem without disturbing application in main user account?

Brooks lansing if you create a new Administrator account does the same issue occur? If so then it is likely that there is a file permission failure and file permissions have been set for the existing Users instead of the groups they belong to.
Have you removed and reinstalled Photoshop Elements 11? This may reset the file permissions to the correct state to allow it to work under new accounts.

Error encountered initializing users and groups ... Class not found.

Hi,
I am trying to set up the example provided in Frank Nimphius and Duncan Mills great article about 'Declarative J2EE authentication and authorization with JAAS' (http://www.oracle.com/technology/products/jdev/howtos/10g/jaassec/index.htm) on iAS 10g. My current problem is this : when I try to deploy my test application using an ear file, Enterprise Manager returns the following error message : 'Error encountered initializing users and groups using the specified user manager. User manager class oracle.sample.dbloginmodule.DBTableLM.DBTableLoginModule not found.'. This class is distributed in an archive, DBLoginModule.jar, that I have put in my IASHome/j2ee/home/applib and inside my test application /WEB-INF/lib directories. I have tried putting them in one place at a time, then both, with always the same 'class not found' error as result.
Am I missing something ?
Where should I put this archive for it to be seen by the server ?
Could some mistake in web.xml, jazn-data.xml, orion-web.xml or orion-application.xml cause this error ?

Hi Kapil G,
Please let us know if you still need help with this post.
Thank you.

User and role permissions getting reset on managed server

          Hi..
          I am not sure whether this is really a clusteing problem. I have a clusted server
          with one admin server and one managed server. I have deployed the some of my own
          applications alongwith the Weblogic Integration application on the managed server.
          I have some users and roles defined in the BPM studio to access and execute the
          workflows.
          But every time I restart the managed server, the user and role permissions are
          reset and the workflows are not executed. I get the following error.
          ####<May 13, 2003 10:01:22 AM BST> <Error> <BPM> <hwdusa08> <managed1_eai2d2A>
          <ExecuteThread: '44' for queue: 'default'> <kernel identity> <11
          1:21ad542a0d3cc527> <000000> <<wlpirequest>
          <started>2003-05-13 10:01:22.230</started>
          <requestor>wlisystem</requestor>
          <templateid>1</templateid>
          <template-name> WLI Logging Framework V2.0 Installation test</template-name>
          <templatedefinitionid>1</templatedefinitionid>
          <instanceid>2001</instanceid>
          <actions>
          <error time="2003-05-13 10:01:22.427">WorkflowException: The server was unable
          to complete your request.
          The WebLogic Integration role "logging" is not mapped to a WebLogic
          Server security group.</error>
          </actions>
          <completed>2003-05-13 10:01:22.428</completed>
          </wlpirequest>
          >
          And the only remeady I need to do here is to delete the role and recreate it with
          specific permissions every time the managed server is bounced. The same thing
          also happens for the created user also where the user loses all the permissions.
          Can anyone please help me on this issue ?
          Thanks in advance
          Mandar


are you using filerealm?
          This seems like a security related question - can you please post this
          question to the security newsgroup you may get a faster answer there.
          sree
          "Mandar Gandhe" <[email protected]> wrote in message
          news:[email protected]...
          >
          > Hi..
          >
          > I am not sure whether this is really a clusteing problem. I have a clusted
          server
          > with one admin server and one managed server. I have deployed the some of
          my own
          > applications alongwith the Weblogic Integration application on the managed
          server.
          > I have some users and roles defined in the BPM studio to access and
          execute the
          > workflows.
          >
          > But every time I restart the managed server, the user and role permissions
          are
          > reset and the workflows are not executed. I get the following error.
          >
          > ------
          > ####<May 13, 2003 10:01:22 AM BST> <Error> <BPM> <hwdusa08>
          <managed1_eai2d2A>
          > <ExecuteThread: '44' for queue: 'default'> <kernel identity> <11
          > 1:21ad542a0d3cc527> <000000> <<wlpirequest>
          > <started>2003-05-13 10:01:22.230</started>
          > <requestor>wlisystem</requestor>
          > <templateid>1</templateid>
          > <template-name> WLI Logging Framework V2.0 Installation
          test</template-name>
          > <templatedefinitionid>1</templatedefinitionid>
          > <instanceid>2001</instanceid>
          > <actions>
          > <error time="2003-05-13 10:01:22.427">WorkflowException: The server
          was unable
          > to complete your request.
          > The WebLogic Integration role "logging" is not mapped to a
          WebLogic
          > Server security group.</error>
          > </actions>
          > <completed>2003-05-13 10:01:22.428</completed>
          > </wlpirequest>
          > >
          >
          > ------
          >
          > And the only remeady I need to do here is to delete the role and recreate
          it with
          > specific permissions every time the managed server is bounced. The same
          thing
          > also happens for the created user also where the user loses all the
          permissions.
          >
          > Can anyone please help me on this issue ?
          >
          > Thanks in advance
          > Mandar
          >

Solved - How to take ownership and change permissions for blocked files and folders in Powershell

Hello,
I was trying to take ownership & fix permissions on Home Folder/My Documents structures, I ran into the common problem in PowerShell where Set-Acl & Get-Acl return access denied errors. The error occurs because the Administrators have been removed from
file permissions and do not have ownership of the files,folders/directories. (Assuming all other permissions like SeTakeOwnershipPrivilege have been enabled.
I was not able to find any information about someone successfully using native PS to resolve the issue. As I was able to solve the issues surrounding Get-Acl & Set-Acl, I wanted to share the result for those still looking for an answer.
Question: How do you use only Powershell take ownership and reset permissions for files or folders you do not have permissions or ownership of?
Problem:
Using the default function calls to the object fail for a folder that the administrative account does not have permissions or file ownership. You get the following error for Get-Acl:
PS C:\> Get-Acl -path F:\testpath\locked
Get-Acl : Attempted to perform an unauthorized operation.
+ get-acl <<<< -path F:\testpath\locked
+ CategoryInfo : NotSpecified: (:) [Get-Acl], UnauthorizedAccessException
+ FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.GetAclCommand
If you create a new ACL and attempt to apply it using Set-Acl, you get:
PS C:\> Set-Acl -path F:\testpath\locked -AclObject $DirAcl
Set-Acl : Attempted to perform an unauthorized operation.
At line:1 char:8
+ Set-Acl <<<< -path "F:\testpath\locked" -AclObject $DirAcl
+ CategoryInfo : PermissionDenied: (F:\testpath\locked:String) [Set-Acl], UnauthorizedAccessException
+ FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.SetAclCommand
Use of other functions like .GetAccessControl will result in a similar error: "Attempted to perform an unauthorized operation."
How do you replace owner on all subcontainers and objects in Powershell with resorting to external applications like takeown, icacls, Windows Explorer GUI, etc.?
Tony

Hello,
Last, here is the script I used to reset permissions on the "My Documents" tree structure that admins did not have access to:
Example: Powershell script to parse a directory of User-owned "My Document" redirection folders and reset permissions.
#Script to Reset MyDocuments Folder permissions
$domainName = ([ADSI]'').name
Import-Module "PSCX" -ErrorAction Stop
Set-Privilege (new-object Pscx.Interop.TokenPrivilege "SeRestorePrivilege", $true) #Necessary to set Owner Permissions
Set-Privilege (new-object Pscx.Interop.TokenPrivilege "SeBackupPrivilege", $true) #Necessary to bypass Traverse Checking
#Set-Privilege (new-object Pscx.Interop.TokenPrivilege "SeSecurityPrivilege", $true) #Optional if you want to manage auditing (SACL) on the objects
Set-Privilege (new-object Pscx.Interop.TokenPrivilege "SeTakeOwnershipPrivilege", $true) #Necessary to override FilePermissions & take Ownership
$Directorypath = "F:\Userpath" #locked user folders exist under here
$LockedDirs = Get-ChildItem $Directorypath -force #get all of the locked directories.
Foreach ($Locked in $LockedDirs) {
Write-Host "Resetting Permissions for "$Locked.Fullname
#######Take Ownership of the root directory
$blankdirAcl = New-Object System.Security.AccessControl.DirectorySecurity
$blankdirAcl.SetOwner([System.Security.Principal.NTAccount]'BUILTIN\Administrators')
$Locked.SetAccessControl($blankdirAcl)
###################### Setup & apply correct folder permissions to the root user folder
#Using recommendation from Ned Pyle's Ask Directory Services blog:
#Automatic creation of user folders for home, roaming profile and redirected folders.
$inherit = [system.security.accesscontrol.InheritanceFlags]"ContainerInherit, ObjectInherit"
$propagation = [system.security.accesscontrol.PropagationFlags]"None"
$fullrights = [System.Security.AccessControl.FileSystemRights]"FullControl"
$allowrights = [System.Security.AccessControl.AccessControlType]"Allow"
$DirACL = New-Object System.Security.AccessControl.DirectorySecurity
#Administrators: Full Control
$DirACL.AddAccessRule((new-object System.Security.AccessControl.FileSystemAccessRule("BUILTIN\Administrators",$fullrights, $inherit, $propagation, "Allow")))
#System: Full Control
$DirACL.AddAccessRule((new-object System.Security.AccessControl.FileSystemAccessRule("NT AUTHORITY\SYSTEM",$fullrights, $inherit, $propagation, "Allow")))
#Creator Owner: Full Control
$DirACL.AddAccessRule((new-object System.Security.AccessControl.FileSystemAccessRule("CREATOR OWNER",$fullrights, $inherit, $propagation, "Allow")))
#Useraccount: Full Control (ideally I would error check the existance of the user account in AD)
#$DirACL.AddAccessRule((new-object System.Security.AccessControl.FileSystemAccessRule("$domainName\$Locked.name",$fullrights, $inherit, $propagation, "Allow")))
$DirACL.AddAccessRule((new-object System.Security.AccessControl.FileSystemAccessRule("$domainName\$Locked",$fullrights, $inherit, $propagation, "Allow")))
#Remove Inheritance from the root user folder
$DirACL.SetAccessRuleProtection($True, $False) #SetAccessRuleProtection(block inheritance?, copy parent ACLs?)
#Set permissions on User Directory
Set-Acl -aclObject $DirACL -path $Locked.Fullname
Write-Host "commencer" -NoNewLine
##############Restore admin access & then restore file/folder inheritance on all subitems
#create a template ACL with inheritance re-enabled; this will be stamped on each subitem to re-establish the file structure with inherited ACLs only.
#$NewOwner = New-Object System.Security.Principal.NTAccount("$domainName","$Locked.name") #ideally I would error check this.
$NewOwner = New-Object System.Security.Principal.NTAccount("$domainName","$Locked") #ideally I would error check this.
$subFileACL = New-Object System.Security.AccessControl.FileSecurity
$subDirACL = New-Object System.Security.AccessControl.DirectorySecurity
$subFileACL.SetOwner($NewOwner)
$subDirACL.SetOwner($NewOwner)
######## Enable inheritance ($False) and not copy of parent ACLs ($False)
$subFileACL.SetAccessRuleProtection($False, $False) #SetAccessRuleProtection(block inheritance?, copy parent ACLs?)
$subDirACL.SetAccessRuleProtection($False, $False) #SetAccessRuleProtection(block inheritance?, copy parent ACLs?)
#####loop through subitems
$subdirs = Get-ChildItem -path $Locked.Fullname -force -recurse #force is necessary to get hidden files/folders
foreach ($subitem in $subdirs) {
#take ownership to insure ability to change permissions
#Then set desired ACL
if ($subitem.Attributes -match "Directory") {
# New, blank Directory ACL with only Owner set
$blankdirAcl = New-Object System.Security.AccessControl.DirectorySecurity
$blankdirAcl.SetOwner([System.Security.Principal.NTAccount]'BUILTIN\Administrators')
#Use SetAccessControl to reset Owner; Set-Acl will not work.
$subitem.SetAccessControl($blankdirAcl)
#At this point, Administrators have the ability to change the directory permissions
Set-Acl -aclObject $subDirACL -path $subitem.Fullname -ErrorAction Stop
} Else {
# New, blank File ACL with only Owner set
$blankfileAcl = New-Object System.Security.AccessControl.FileSecurity
$blankfileAcl.SetOwner([System.Security.Principal.NTAccount]'BUILTIN\Administrators')
#Use SetAccessControl to reset Owner; Set-Acl will not work.
$subitem.SetAccessControl($blankfileAcl)
#At this point, Administrators have the ability to change the file permissions
Set-Acl -aclObject $subFileACL -path $subitem.Fullname -ErrorAction Stop
Write-Host "." -NoNewline
Write-Host "fin."
Write-Host "Script Complete."
I hope you find this useful.
Thank you,
Tony
Final Thought: There are great non-PS tools like
Set-Acl and takeown which are external to PS & can also do the job wonderfully. It may be much simpler to call those tools than recreate the wheel in pure
code. Feel free to use whatever best suits your time, scope & cost.

MAJOR Open Directory issue: Can't assign Users and Groups that DO exist!

Just noticed the following today:
When doing Get Info -> Permsissions on files/folders located on my File Server share, Owner and Group show as (unknown).
When I go into WGM -> Sharing, and look at files/folders on File Server share this way, the Owner and Group fields are blank.
When I attempt to (re)assign an Owner or Group by dragging them from Users and Groups section of WGM, error tells me User or Group no longer exists. These Users and Groups clearly do exist in WGM -> Accounts.
When I look at files on File Server share via CLI, instead of actual names for Users and Groups, I see their uid and gid's. Chowning via CLI fails as well.
I've noticed all Users and Groups with this issue are OD.
Server is xServe G4 DP 1.0 GNz/1 GB RAM/Mac OS X Server 10.4.7 Unlimited. This servers been running fine as an OD Master for months now. ACL's are enabled on this File Server share point. I've always had weird permissions issues, but NEVER the inability to assign OD Users and Groups to files/folders.
I'm at a loss here, not to mention my wits end.
Did my OD become corrupted?
Any and all help would greatly appreciated.
PowerMac G4 733 MHz Mac OS X (10.4.6) 512 MB RAM

When doing Get Info -> Permsissions on files/folders located on my File Server share, Owner and Group show as (unknown).
This means that the Finder can't find a match in the accounts/groups database for the numeric UID assigned to those files. Either the records associated to those accounts have been deleted, or the database is corrupt. In either case, you should restore a copy of it from backup.
(15686)

User and Group Permissions for Directories

Similar Messages

Maybe you are looking for