User home directories create but with wrong permissions

Similar Messages

• How to configure Airport Extreme AFP disk sharing to host multiple users' home-directories (Lion, using autofs)

  I have this working, but only by completely bypassing access control, using guest access with read+write permissions.
  Do I need to buy Lion Server, to do this. All my past unix/linux experience says Lion Server should _not_ be necessary.
  This seems like a simple & obvious setup objective, but it is proving to be harder than I would imagine.
  Setup:
  multiple users, sharing two mac mini's running OSX Lion
  connected to an Airport Extreme (4th gen) with a USB disk shared (either via disk password, AEBS password, or using AEBS user's passwords).
  After much experimentation and web research, I finally have managed to get the mini's to auto mount the Airport Extreme's AFP shared USB disk. Well almost... It only works if, on the Airport, I set the guest access permissions to read+write and select the "Secure Shared Disks" method to "With disk password" or "with Airport Extreme password".  In other words, it only works if I essentially bypass/disable access control by using the guest authentication mechanism to the AFP shared disk.
  On the Lion side of this, I am automounting the users directories via "autofs". The config files for this are
  /etc/auto_master:
  # Automounter master map
  +auto_master            # Use directory service
  /net                    -hosts          -nobrowse,hidefromfinder,nosuid
  /home                   auto_home       -nobrowse,hidefromfinder
  /Network/Servers        -fstab
  /-                      -static
  /-                      auto_afp
  /etc/auto_afp:
  # Automounter AFP master map
  # https://discussions.apple.com/thread/3336384?start=0&tstart=0
  /afp/users -fstype=afp afp://;AUTH=No%20User%[email protected]/Users/
  Then, after rebooting and verifying read+write access to the /afp/users directories, I change each user's home directory: In System Preferences > System > Users & Groups, I right-click over the users to access the Advanced Options, changing the Home directory field to point at the AFP-mounted /afp/users/Users/* home directories.
  I experimented with alternate UAM specifications, as well as both OSX and AESB users & passwords. Using guest access is the only thing that has worked.
  Any pointers would be appreciated...

  Based on lots more experimentation which confirms the information in a parallel discussion (cf. Automount share as non ROOT or SYSTEM user! https://discussions.apple.com/thread/3221944), I have concluded that the Lion 10.7.2 implementation of AutoFS mechanism is broken. I submitted a bug report via apple.com/feedback.
  Work arounds..?
  Earlier I wondered if installing Lion OSX Server was necessary.  The more I contemplate this, the more I am convinced it _should_not_ be necessary. The client-server architecture is clear: my mac's are the file-server client's and the Airport Extreme is supposed to act as the file server. The only thing instaling Lion Server would do (besides enriching Apple.com) is enable me to configure one of the mac's as the file server. This would require it to be "always on" (thus enriching my electric utility as wel).  Okay, an additional benefit would be configuring software RAID disks attached to the Lion server, but Time Machine has worked fine for me in the past, backing up to disks mounted on the Airport Extreme.
  One solution is to create a disk partition for each user and instruct each user to connect / authenticate to the Airport Extreme AFP share at login.  The multiplicity of partitions is necessary since the first user to mount the AFP share, takes ownership of it, blocking other users from accessing that disk partition.  A user can "steal" ownership by reconnecting, but this will leave the other user's applications & open files dangling.
  This disfunctional situation really *****.  Before instaling Lion, I put a 64 GB SSD (solid state disk) in each of our mac's. I did this expecting to easily configure the /Users/* data on external networked storage. I'm having a dejavu "Bill Gates"-ware moment; problems like this were why I abandoned Windoz.
  I will make a few more experiments using the depreciated /etc/fstab mechanism.  Maybe that will bypass the broken-ness of AutoFS...? Alternately, I guess I could also try to run Kerberos authentication to bypass whatever is broken in AutoFS, but that would require a running a Kerberos daemon somewhere.  Possibly I could configure a Kerberos service to run on both my mac's (without installing Apple's Lion Server)...?
  Stay tuned...

• LDAP Users & Home Directories

  Hello, any help would be much appreciated on this one!
  I have a Dual 2.3Ghz Xserve G5 running OSX Server 10.4.9 with a 700Gb Xserve RAID. All users home directories are stored on the RAID. I had 1361 users on the LDAP Open Directory system and all was running perfectly. I tried to add another 10 users, all added fine into Workgroup Manager, but I was then getting "User already Logged In" messages, when the users were not logged in. If I turn on "multiple logins" the user can login but the home directory is not created!! Is this a limitation of LDAP OD? A problem with the OS and the Finder not handling more than 1361 directories??? Any help would be excellent!!!!!!
  Dual 2.3Ghz G5 Xserve & Xserve RAID   Mac OS X (10.4.9)   Latest updates installed!

  Hi
  Wow! I wonder what the load on the CPU would be?
  I’ve read somewhere that OSX Server as an Open Directory Master can host up to 10,000 users and by implication – you would assume – the same amount of home folders.
  What you’ve got ask yourself is whether the network can cope with that amount of users? If you have the budget you should really be looking to balance the load with more than one server, probably 3 at the least. One to run DNS and DHCP Services, another to run Open Directory and another to run simple file services such as AFP, Windows, Print etc. It would be a good idea in the environment you describe to think about a fallover (replica) server also.

• Leopard Server question on using partitions for User home directories

  I am setting up a leopard server (Xserve) with an external array (xraid). We set up a /System partition, a /Users partition and a /TimeMachine partition. Each is a partition on a RAID5 device, so we should be pretty well backed up!
  The issue I am having centers on how to get Leopard to use the /Users partition. Apparently, the accounts we set up all had their home directories created under /System/Users, not /Users. This is true for local machine accounts as well as OpenDirectory accounts.
  The question I have is: should I be trying to figure out how to mount the /Users volume inside /System (that would be my old UNIX approach), or should I be trying to set up my users to use the new mount point?
  I am not clear on the 'apple' way for this. Any suggestions would be greatly appreciated.
  Charlie

  I suggest posting to the Mac OS X Server forum where you're more likely to get a cogent response.

• Windows and Mac User Home Directories

  I would like to locate my user home directories in a seperate location than my system drive. Currently the home directories default to the Users sharpoint on my system hard drive. I have yet to find an option that allows me to redirect this. Thank you in advance for your help.

  1. Create the folder that will store your home directories, wherever you want to put it.
  2. Share the folder in Workgroup Manager.
  3. Make sure you create a network mount record for the share (Network Mount tab in Workgroup Manager).
  4. Select a user or users, click the Homes tab, and select the share point you just created.
  David Walton

• Geotagging - how can I edit new places that I have previously created but with typos, errors etc?  How do I delete a place I have set up?

  Geotagging - how can I edit new places that I have previously created but with typos, errors etc?  How do I delete a place I have set up?  Then I could create a new, correct entry.  I'm using iPhoto '09.

  Is it OK to reply to my own question?? Thanks to the related posts that appeared AFTER I'd made the post above, I learnt about the 'Manage my places' item under the Windows menu. I felt a bit dumb not knowing this.
  BUT it doesn't completely resolve the issue.  The info shown in the EXIF (using opt-cmd-I) under Places has the place name I choose, but it is followed by a few other lines that are incorrect and do not seem to be anything to do with any data I can see under 'Manage my places'.
  Can anyone explain where these other entries might come from, and how to edit them?

• Active Directory plugin not correctly creating users home directories

  Is there a trick to getting the Active Directory plugin in 10.4.7 to correctly create home directories for AD users? It is creating them with the root owning everything in it, and this is unacceptable.
  Our setup: We have a Active Directory network (Windows Server 2003 SP1 as DCs), and are trying to integrate some of our Mac clients to user AD single-sign logins. We are not using OS X Server at all.
  We do not user any sort of network home directories, as our users always use the same computers.
  We just want a user to have a local home directory created when they log on for the first time. Unfortunately, the directories are being created with the wrong permissions.
  One thing that may be the problem: the UID that are assigned to the AD users on the Mac clients are very high (> 60000000000). There is an error in the log that a UID that high cannot be added to the lastlog db, so that may be another symptom of the problem.
  Is there a way to fix this wihout changing anything on the domain?

  Is there a trick to getting the Active Directory plugin in 10.4.7 to correctly create home directories for AD users? It is creating them with the root owning everything in it, and this is unacceptable.
  Our setup: We have a Active Directory network (Windows Server 2003 SP1 as DCs), and are trying to integrate some of our Mac clients to user AD single-sign logins. We are not using OS X Server at all.
  We do not user any sort of network home directories, as our users always use the same computers.
  We just want a user to have a local home directory created when they log on for the first time. Unfortunately, the directories are being created with the wrong permissions.
  One thing that may be the problem: the UID that are assigned to the AD users on the Mac clients are very high (> 60000000000). There is an error in the log that a UID that high cannot be added to the lastlog db, so that may be another symptom of the problem.
  Is there a way to fix this wihout changing anything on the domain?

• Letting users access other users home directories

  Hello,
  I am currently setting up an xserve at a school and I am running into some problems. I want to let the group teachers be able to access all of the students home directories. I added to the permissions the group teachers for the users folders, but the permissions do not carry through all subfolders. What would be the best way to set up these permissions in tiger server?
  Thanks
  Robert

  Hi
  When sharing a desired folder for automounting networked home directores the default POSIX values are:
  Owner: root/admin R/W (can be either)
  Group: admin Read Only
  Everyone Read Only
  Going beyond this folder and you can then view the default attributes for individual folders. These should be:
  Owner: the persons name Read & Write
  Group: admin Read Only
  Everyone: None
  This is as it should be and you should leave these alone. In the situation you describe it makes sense to grant Read/Write access for teachers so as students work can be marked and/or assessed. In which cae you want to preserve the POSIX permissions but use an additional permissions model that allows access withour breaking the default permissions.
  10.4 Server allows for this as Access Control Lists (ACLs) are available once you enable them for the volume that has the shared folder for automounting networked home folders on it. WorkGroup Manager > Sharing > General. Select the volume and tick the box that says 'Enable Access Control Lists on this volume'. When you have done this, restart the Server. Enabling/Disabling ACLs on any volume should always be followed by a restart.
  On successful log in launch WorkGroup Manager, select Sharing, select folder you are interested and and select Access. Below the Standard POSIX model there is a window. This window is where you add desired users or groups (or a mix of both) and define what access they have to the selected folder. At the bottom of this window is a small gear wheel. Selecting this will show a small sub-menu where you can propagate permissions as well as viewing effective permissions. I would suggest you create a year group, add desired teachers to that year group and then add this year group to each desired year folder. Define your permissions and propagate them. You should now have at the end of this the default POSIX permissions for individual student folders still in place and honoured as well as overriding permission for teachers.
  Hope this helps, Tony

• Problem changing the location of multiple users home directories...

  I've just set up a new entry level model iMac for my Mum. Without getting into a discussion about the benefits or otherwise of doing so, I partitioned the hard disk into two with the first partition for the system and the second a scratch disk for files etc. I set up two users, one for my Mum and one for my younger brother. I then copied the users folder across to the scratch disk and in advanced options in the users list set each account's home folder to the relevant user on the scratch disk. This is the same set up as I have on my own system and with which I have no problems and which runs well and cleanly. I have only one account on my system. However on the iMac, the second user (my brother) is unable to write to the new home directory. Downloads don't work and preferences including right click for magic mouse, dock etc are forgotten instantly. It seems there's a permissions issue.
  I've set the machine up this way in order to keep all their files separate from the system after their last Mac got very bogged down. I expected it to work in exactly the same way as my own. Does anyone know how to successfuly set up both user accounts in this way?
  Any advice would be much appreciated...
  Message was edited by: Jimmy Hat
  Message was edited by: Jimmy Hat

  Jimmy Hat wrote:
  I've just set up a new entry level model iMac for my Mum. Without getting into a discussion about the benefits or otherwise of doing so,
  still not advisable though IMO.
  I partitioned the hard disk into two with the first partition for the system and the second a scratch disk for files etc. I set up two users, one for my Mum and one for my younger brother. I then copied the users folder across to the scratch disk and in advanced options in the users list set each account's home folder to the relevant user on the scratch disk. This is the same set up as I have on my own system and with which I have no problems and which runs well and cleanly. I have only one account on my system. However on the iMac, the second user (my brother) is unable to write to the new home directory. Downloads don't work and preferences including right click for magic mouse, dock etc are forgotten instantly. It seems there's a permissions issue.
  how exactly did you copy the home directories? did you do it using drag and drop in finder from one account? then the copied home directories both are owned by that account and the permissions need to be changed. please clarify if that's what you did.
  I've set the machine up this way in order to keep all their files separate from the system after their last Mac got very bogged down. I expected it to work in exactly the same way as my own. Does anyone know how to successfuly set up both user accounts in this way?
  Any advice would be much appreciated...
  Message was edited by: Jimmy Hat
  Message was edited by: Jimmy Hat

• Removing default folders in users home directories

  My users have their home directories at /Users/<username>. I also created some directories there for users' websites and other things.
  All users have only access by ftp (mail, webmail, web service, etc.), but it is never intended to use AFP or other things.
  So my question is... can I safely delete the pre-set directories like Desktop, Documents, Library, Public, etc. ?
  I was told that this is possible, but now have doubts as I closer looked at, for example, the Library folder. There are some .plist files and other stuff.
  Before deleting them I want to get the statements of some experts

  You can safely delete all of that stuff, and if they ever log in to the GUI again, Library, Desktop, and the necessary Library items will be recreated. Library and Desktop are the only ones the OS really cares about, and only then when a user is logged in to the GUI.

• Time machine not backing up user home directories

  Hi All,
  I set up my users to have their home directories on a seperate partition: /Volumes/Data/homes/<name>.
  I confogured time machine to back up to an external USB hard drive. The exclude list is empty, exept for the backup disk, of course.
  When i do an initial backup with TM, i notice that /Volumes/Data/homes is skipped, whereas /Volumes/Data/kits is backed up.
  I also see a console message:
  8/15/13 3:21:29 PM
  com.apple.backupd[621]
  Backup content size: 119.8 GB excluded items size: 113.6 GB for volume Data
  Why is this? How can i force TM to backup all files?
  Thanks for your help,
            Heinrich

  HeinrichFromBremen wrote:
  Of course not. But there is a difference between lack of perfection and deliberately building bugs into the software.
  It's not really deliberate.  The number of folks who do what you are is very, very limited. 
  How can i know that homeis the only omitted directory?
  It isn't. As noted in the other thread, dev and net are also omitted.  Many other things, are, too - see the tan box in Time Machine - Frequently Asked Question #11 for details.
  With this behaviour, i simply cannot trust TM backups.
  A bit of an overreaction, I think, but your choice.
  What would be the alternatives? tar? ditto?  dump does not seem to exist.
  See #27 in the FAQ link above.  As far as I know, they all omit some things. 

• Copy Finder Items - how to generic for multiple user home directories?

  I am creating an Automator workflow to allow my networked users to be able to copy certain files from a central location to their local home directory and overwriting their local copy. How to I make the destination of the Copy Finder Item to be generic home directory (something in the like of "~/Document/MegaSeg User Data/MegaSeg Database" instead of a fixed user home directory)?

  Hi
  It may be easier with an appleScript (which you could incorporate into an Automator action if you wanted).
  --start script
  set the_file to -- path to the file you want to copy goes here
  set docs_folder to path to documents folder from user domain
  tell application "Finder"
  set target_folder to folder "MegaSeg Database" of folder "MegaSeg User Data" of docs_folder
  duplicate the_file to target_folder with replacing
  end tell
  -- end script
  This will replace existing files of the same name in the target folder. Hope it helps.

• Mounting Users home directories on a replica

  I have two Xservers. One is the master and the other a replica. The replica gets all it's info from the master. If I'm on it and finger a user it knows the users and correctly says where the users home is...
  /Network/servers/master-servers-name/Users/user-name
  But the users home is not mounted on the replica and I can't logon as the users. Can someone tell me what needs to be done on the master and replica to get the home directories mounted?
  Thanks.
  Pat.

  Hi, Thanks for the info. I did find an old IP in the replica section under inspector. I've cleaned it up and will restart the system tonight and clean up the replica in the morning also.
  While I was in the inspector I looked at some of the other sections. Under "SharePoints" there is nothing? I have set up the /Users sharepoint. So should it be listed here in inspector?
  Also to answer some of your questions about how I log in:
  I try to ssh to the replica and I get in but I get the messages
  "Could not chdir to home directory /Network/Servers/system.company.com/Users/pat: No such file or directory"
  If I'm on the system and "su to pat I also get the
  "No such file or directory" message.
  If I use ARD to login it all works fine?? The sharepoint is mounted and
  I'm in my home directory (st this stage I can ssh in as pat and the directory is there. But if I log off ARD the the ssh session looses the directory mount)
  Thanks for the help

• New account gets created with wrong permissions (777 instead of 755)

  Hey Apple and Forum people, looks like there's a pretty bothersome error in the way that user permissions get set when you set a user's home folder to a drive partition.
  By default, a user's home folder is supposed to get 755, with all of its subdirectories (excluding Public and Sites) as 700. But if you set up a new user and point his/her home folder to a partition or a separate drive, the folder is set to 777 - meaning that anyone can read, write, and execute any file they'd like to from that drive.
  Given the sensible defaults of 755 during normal user creation, I can't believe this was intentional. And if it was intentional, then it's wrong and ought to be changed.

  Set the permissions on the other volume's root directory the same as the boot volume.
  owner:root
  group:admin
  chmod 1775
  Make a /Users directory on the other volume and
  set permissions same as on the boot volume,
  owner:root
  group:admin
  chmod 755
  create your new user directory in the /Users directory on the other volume.

• All users' home directories are missing

  My Girlfriend, nntnroses (laura) logged into her computer today with an error message, "user's home direcotry cannot be found if it is located on a network drive, please recconnect". Her roomates home directory were also gone. Netinfo manager was still referencing the proper places and the only folders in each user's directory had "Library" and "Desktop" folders and their library folders only had data in relation to applications they had used, like "syndication" for safari RSS but all of the preferences, mail, caches and application support was gone.
  No other files were damaged or missing. I know the UNIX command that deletes a user's home directory but the only thing performed on this computer is running the ONYX application http://macupdate.com/onyx .
  That was a few days ago and was ran with the latest version. Aside from that, we did a software update to 10.4.7 last week and an update to J2SE 5.0 release 4 just a few days ago.

  HI there, just want you to know I am in the same boat I think, I can get as far as a long in screen after running "/sbin/fsck -fy "
  then "/sbin/mount -uw / "
  then " sh /etc/rc"
  that doesn't get me in, I have to do a halt, and then reboot holding down tne apple key and V for verbose mode. Then I do get through to a log in screen. However even though I know my home folder is there, it won't accept my username and password. I had two accounts, and its the same for both. And get this, the one password was BLANK ! SO something is corrupted somewhere.
  If anyone else has ideas. I do note that I get some strange errors flying by the screeen just before boot. One of them says 'Bonjour Workaround Failed" I wonder if this has to do with the 10.4.7 update I updated to yesterday, and if APPLE is the root cause behind our woes ?!
  Other error message netinfod local unable to bind to parent RPC timed out .... and another /etc/xinetd.d error ???
  So what gives ??? Wish I still had my old commodore64 I had when I was 11 !! It out performed the new Intel macs as far as stability goes. I hope we both get an answer sometime this week ???