User Home Permissions

Similar Messages

• Altered Permissions in users home folder

  Help! I seem to have screwed up my friend's installation of 10.3.9 by messing up file/folder access privileges in her home folder. I was helping her to get some work done and now I have created a monster...
  Briefly
  Access permissions on her whole Home Folder (the Admin account) seem to all be set to another user's permissions (not Admin) and I haven't been able to reset them all recursively using Get Info. I have had partial success but some things refuse to run.
  Before I run BatchMod on her whole home folder, is there anything I should beware of? I have seen similar but not identical problems here. More details below:
  What Happened
  In order to run some Leopard-only Apps on her TiBook G4 I booted from my external drive running 10.4.9 and all went smoothly until I needed to access files on her user account's Desktop (located at MacHD/Users/Her_Username/desktop) but didn't have permission. So I altered permissions for the desktop folder (and applied to underlying folders) with Get Info as the Admin running 10.4 from the Firewire drive...
  So far, so good, but when it came to restoring her access permissions, I coudn't see her Account name on the dropdown menu as it is not a user on the system I was running via the Firewire drive. So I restarted from her hard drive and, so far as I am aware, restored the Ownership and Permissions for her desktop and all files on it back to her Username.
  However...
  After restarting, her whole Home folder (i.e. not just the desktop folder) seems to belong to the other user account on her Laptop even though it still sits in her User folder. Loads of Apps have problems or won't run at all because they cannot access caches, plists and other data in her Library.
  Spookily, the trash is empty and stays that way - anything I trash vanishes for ever after a warning dialogue. Also, many apps think they are running for the first time, even though I have restored permissions within preferences. And Firefox refuses to run because it says there is another copy already running on the machine - which there isn't.
  The good news is that the System folder and other users are unaffected, though it is a mystery how the permissions got changed in her whole home folder (right the way down) to the name of another user. I'm not normally that stupid - and if I can do it one way, why can't I redo it the other way? Could I have provoked the system into throwing a tantrum?
  I have manually restored lots of things but have now decided on Batch Mod to save time (and sanity). I presume there will be invisible files that need changing to allow access to the trash and various registration data etc - can I do this with BatchMod and can I safely apply BatchMod to the whole Home Folder?
  Help please!
  Gaberdine

  Thanks, Niel
  I shall do that as soon as I get the chance (after backing up what I can just to be safe).
  FWIW I no longer think I am the responsible for all the changed access permissions because preferences (eg Dock), favourites and cookies seem to have been copied from the other user account too! For instance, the BBC homepage thinks she lives in a different part of England (as per the other User Account)!
  This is weird; I suspect the software that apparently caused freezes and hangs - and some permissions error messages - under 10.3.9 (hence my booting from the firewire drive in 10.4) is actually responsible for messing things up.
  Makes me feel kinda better but it's still me thats gotta sort it out...

• Users and permissions for a small home server

  Hello community,
  I have been using Linux on the desktop for many years now, but unfortunately my knowledge about servers is very limited, almost non-existent. Therefore my question is most probably equally well fitting here and into the newbie corner.
  I'm trying to set up a little home server which should be in charge of following tasks:
  - CUPS print server in the local network
  - access to shared files through NFS in the local network
  - backup (again over NFS)
  - an Owncloud server
  - maybe a mail server in the long run (NSA, paranoia, etc. )
  For now I have set up the print server, the NFS server and was working on the Owncloud installation, when Owncloud gave me some errors with users and permissions. So I was led to the idea of rethinking the users and permissions on server. So far there is only the root user who may do everything. This seems like a quite unsafe configuration. I'd like to make it safer. First, the printer, the backup and the locally shared files should be accessible from the local network only. SSH access should also be accessible locally only. The Owncloud file folder should be accessible from the internet, but of course only for the Owncloud users registered to the Owncloud server.
  What is the best way to set up users and permissions for such a set up?
  Thanks for any hints,
  PhotonX

  Hi, i think it depends who are you serving for, if you are just serving for a small office or home server or a big organization. The following quick thinking just came to me:
  I think cups set automatically a system  user of its own, and runs as it, so no trouble there. Cups also has the option to set users and it uses the system users as default, i think it depends in in how many printers/users your have in your server.Users that can manage cups are in the lp group. 
  For nfs every user should have their home, samba is also a good option if you have  windows computer in your network and it integrates better with graphical file  managers like nautilus in the clients side, but it is a hassle to configure.
  You should run the web server (owncloud ) as it own user, maybe you can manage to set something up for owncloud in the filesystem, but owncloud uses a database, and the users for owncloud are stored in there, and they are not system users.
  You can configure ssh for local use only enabling the corresponding subnets in your /etc/sshd.conf and optionally but recommended you can set a firewall and permissions. You can use iptables but i prefer ufw for simple setup.
  I think you should read the wiki:
  https://wiki.archlinux.org/index.php/users_and_groups
  and the other respective topics in the wiki.
  Also as an advice i know that arch linux is a great distribution, but you have to do more work to mantain a stable server. I would recommend debian or another more conservative distro, but of course it is your choice.
  Last edited by hydrosIII (2014-11-06 06:26:45)

• Permissions problem after adding 2nd hard drive and putting user home there

  I added a 2nd drive and put my user home on this. The reset password tip from command line at startup never sees this new volume, so I have been having to add my user to most files manually. Almost everything works now except iMovie. When I try to import it says I probably cannot write to the events.localize folder. I have tried symbolic links, manually editing the permissions, etc. no luck. Any ideas?

  ill try the fsck right now
  heres the output you requested
  Filesystem Size Used Avail Use% Mounted on
  /dev/sda3 7.3G 3.9G 3.0G 57% /
  none 505M 120K 505M 1% /dev
  none 505M 0 505M 0% /dev/shm
  /dev/sda1 99M 12M 83M 12% /boot
  /dev/sdb1 38G 93M 38G 1% /home
  total 46G 4.0G 42G 9%
  thats interesting.
  /dev/sda3 is showing its old values almost like something in the partition tables didn't get updated?
  Last edited by =OTS=G-Man (2009-12-09 06:19:55)

• Correct permissions for user home folders?

  I recently installed a new Mac Mini with Server 10.10.2
  I have about 10 clients running off the server (an open directory master), they are setup as local network users and have home folders on the server.
  I had to copy contents of the home folders from a previous (crashed) server and I can't seem to get the permissions right.
  A couple of the users use home directory syncing, so they have a local copy of their home folder on the computer they usually use, but changes aren't getting synced across the network to the server. An example is the dock, I keep removing and replacing icons in the dock, but logging out and logging back in returns the dock to its old configuration (presumably bringing the old config back from the server).
  Is there a tool which resets user directory permissions for network home folders? Or can someone give me any guidance how to sort this out?
  Thanks
  James

  In the sidebar of the Server.app window, select the icon at the top with the name of the server. Then select the Storage tab in the main window pane.
  Navigate to the folder in question and select it. From the popup menu at the bottom with a gear icon, select
            Edit Permissions...
  Verify that the permissions are what they should be, and make changes if necessary. Then, from the same menu, select
            Propagate Permissions...
  Check all applicable boxes, including Access Control List. If in doubt, check all boxes. Click OK.

• Sharing and Permissions for Admin Users Home Folder

  Staff user group deleted from Admin User home folder.  User groups listed are the user as read/write, admin as read and everyone as read.  If you create a new Admin user the group "staff" is listed instead of "admin"????  How do i get it back to how it was?  It also seems to be effecting stored passwords in my keychain and other apps.

  Hi, i think it depends who are you serving for, if you are just serving for a small office or home server or a big organization. The following quick thinking just came to me:
  I think cups set automatically a system  user of its own, and runs as it, so no trouble there. Cups also has the option to set users and it uses the system users as default, i think it depends in in how many printers/users your have in your server.Users that can manage cups are in the lp group. 
  For nfs every user should have their home, samba is also a good option if you have  windows computer in your network and it integrates better with graphical file  managers like nautilus in the clients side, but it is a hassle to configure.
  You should run the web server (owncloud ) as it own user, maybe you can manage to set something up for owncloud in the filesystem, but owncloud uses a database, and the users for owncloud are stored in there, and they are not system users.
  You can configure ssh for local use only enabling the corresponding subnets in your /etc/sshd.conf and optionally but recommended you can set a firewall and permissions. You can use iptables but i prefer ufw for simple setup.
  I think you should read the wiki:
  https://wiki.archlinux.org/index.php/users_and_groups
  and the other respective topics in the wiki.
  Also as an advice i know that arch linux is a great distribution, but you have to do more work to mantain a stable server. I would recommend debian or another more conservative distro, but of course it is your choice.
  Last edited by hydrosIII (2014-11-06 06:26:45)

• How to configure Airport Extreme AFP disk sharing to host multiple users' home-directories (Lion, using autofs)

  I have this working, but only by completely bypassing access control, using guest access with read+write permissions.
  Do I need to buy Lion Server, to do this. All my past unix/linux experience says Lion Server should _not_ be necessary.
  This seems like a simple & obvious setup objective, but it is proving to be harder than I would imagine.
  Setup:
  multiple users, sharing two mac mini's running OSX Lion
  connected to an Airport Extreme (4th gen) with a USB disk shared (either via disk password, AEBS password, or using AEBS user's passwords).
  After much experimentation and web research, I finally have managed to get the mini's to auto mount the Airport Extreme's AFP shared USB disk. Well almost... It only works if, on the Airport, I set the guest access permissions to read+write and select the "Secure Shared Disks" method to "With disk password" or "with Airport Extreme password".  In other words, it only works if I essentially bypass/disable access control by using the guest authentication mechanism to the AFP shared disk.
  On the Lion side of this, I am automounting the users directories via "autofs". The config files for this are
  /etc/auto_master:
  # Automounter master map
  +auto_master            # Use directory service
  /net                    -hosts          -nobrowse,hidefromfinder,nosuid
  /home                   auto_home       -nobrowse,hidefromfinder
  /Network/Servers        -fstab
  /-                      -static
  /-                      auto_afp
  /etc/auto_afp:
  # Automounter AFP master map
  # https://discussions.apple.com/thread/3336384?start=0&tstart=0
  /afp/users -fstype=afp afp://;AUTH=No%20User%[email protected]/Users/
  Then, after rebooting and verifying read+write access to the /afp/users directories, I change each user's home directory: In System Preferences > System > Users & Groups, I right-click over the users to access the Advanced Options, changing the Home directory field to point at the AFP-mounted /afp/users/Users/* home directories.
  I experimented with alternate UAM specifications, as well as both OSX and AESB users & passwords. Using guest access is the only thing that has worked.
  Any pointers would be appreciated...

  Based on lots more experimentation which confirms the information in a parallel discussion (cf. Automount share as non ROOT or SYSTEM user! https://discussions.apple.com/thread/3221944), I have concluded that the Lion 10.7.2 implementation of AutoFS mechanism is broken. I submitted a bug report via apple.com/feedback.
  Work arounds..?
  Earlier I wondered if installing Lion OSX Server was necessary.  The more I contemplate this, the more I am convinced it _should_not_ be necessary. The client-server architecture is clear: my mac's are the file-server client's and the Airport Extreme is supposed to act as the file server. The only thing instaling Lion Server would do (besides enriching Apple.com) is enable me to configure one of the mac's as the file server. This would require it to be "always on" (thus enriching my electric utility as wel).  Okay, an additional benefit would be configuring software RAID disks attached to the Lion server, but Time Machine has worked fine for me in the past, backing up to disks mounted on the Airport Extreme.
  One solution is to create a disk partition for each user and instruct each user to connect / authenticate to the Airport Extreme AFP share at login.  The multiplicity of partitions is necessary since the first user to mount the AFP share, takes ownership of it, blocking other users from accessing that disk partition.  A user can "steal" ownership by reconnecting, but this will leave the other user's applications & open files dangling.
  This disfunctional situation really *****.  Before instaling Lion, I put a 64 GB SSD (solid state disk) in each of our mac's. I did this expecting to easily configure the /Users/* data on external networked storage. I'm having a dejavu "Bill Gates"-ware moment; problems like this were why I abandoned Windoz.
  I will make a few more experiments using the depreciated /etc/fstab mechanism.  Maybe that will bypass the broken-ness of AutoFS...? Alternately, I guess I could also try to run Kerberos authentication to bypass whatever is broken in AutoFS, but that would require a running a Kerberos daemon somewhere.  Possibly I could configure a Kerberos service to run on both my mac's (without installing Apple's Lion Server)...?
  Stay tuned...

• Why can't a new folder be created within my user home directory when using 'Save As' in Mountain Lion?

  Hi,
  So I want to create a new folder within my main user home directory (not the root directory) just for my developer-related files? I can do this from Finder, although it does prompt me for my password to do so. However, when using 'Save As' from any app, the 'New Folder' button is greyed out when I select my user home directory. So I have to create the folder in Finder then Save As.
  Is this normal behavior? Is OSX discouraging me from adding things to my user home directory by making it less convenient? Is there a good reason it would be discouraging me from creating new folders there? If not, is there a setting that I can change to allow the creation of new folders from the Save As prompt?
  Thanks for your help,
  B

  You may need to rebuild permissions on your user account. To do this,boot to your Recovery partition (holding down the Command and R keys while booting) and open Terminal from the Utilities menu. In Terminal, type:  ‘resetpassword’ (without the ’s), hit return, and select the admin user. You are not going to reset your password. Click on the icon for your Macs hard drive at the top. From the drop down below it select the user account which is having issues. At the bottom of the window, you'll see an area labeled Restore Home Directory Permissions and ACLs. Click the reset button there. The process takes a few minutes. When complete, restart.   
  Repair User Permissions

• All Adobe Creative Cloud apps fail to work, creating new user Home folder fixed it.

  We have Adobe Creative Cloud device licenses.    I had a user contact me yesterday with these problems.
  Adobe Photoshop CC 2014 - error opening, "could not complete your request because the file is locked do not have necessary access permissions or another program is using the file photoshop"
  Adobe Illustrator CC 2014 - error opening, "the operation cannot complete because of an unknown error [cant]"
  Adobe InDesign CC 2014 - would crash when opening, no error given
  These same apps worked when logged in as a different user.
  None of these worked:
  I tried removing all kinds of user Adobe preferences, Application Support files, etc.
  Deleted ~/.adobe
  I fixed permissions on the user's home folder.
  Renamed user's Home/Library to LibraryBak.
  Uninstalling and reinstalling CC.
  What finally worked was creating a new user and copying the contents of the broken user home directory over, except for Home/* level hidden files. (eg: .adobe, bash_history)   Basically I just copied over the visible folders and used the Terminal to copy of the hidden ~/Library folder.
  Does anyone have any idea what the exact cause was?  What file/folder could've been deleted to fix this instead of the longer route I took?

  This wasn't answered and I see that it's still not resolved.

• Network users file permissions won't allow documents to be moved or deleted

  Sorry for the confusing title.
  It's late, and if I've missed any details, please feel free to ask for them.
  I've migrated a couple of desktop users to a network user based environment.
  Data files were copied off workstations to an external drive, which were then placed on the file server.
  Local computers seem to connect fine.
  All show the network user list.
  Network users can login (Do not want to sync mobile account)
  Logged in user can create files just fine, save files etc. These files can seem to be moved around the users home just fine.
  however if said user needs to move an existing file in their own home/documents folder or desktop or wants to delete a file, they get a prompt for the local admin of the computer their working on. Even if this account is entered, it doesn't seem to allow the requested change to take place.
  If i attempt to open, then save over an existing file, it makes no difference.
  if i do a save as to a new file (ie. different name), then it behaves properly.
  doing a permissions comparison of a new file vs an old file, they have matching permissions but the existing files have an extra set of "everyone" permissions.
  I can't seem to modify this from the user or even from the server, ie. remove the extra everyone to make them similar.
  It would seem to be a permissions issue, but it just doesn't make any sense.
  Does anyone have any suggestions for permissions or a settings to check?
  I've gone to the point of propagating full read/write access to the home directory for all users, inherit to child files and folders, but it just doesn't seem to make a difference
  I'm looking for a global fix, as clearly adjusting all these individual files is unacceptable.
  Thanks in advance,
  James

  Get Info not available.
  Nothing happens

• Probelm with user.home property

  Hi,
  I am using the following code to get the Users home directory and save the file into the Desktop folder.
  System.getProperty("user.home")
  The above code is working well for all the users except for one user it is bringing wrong user home directory (It is bringing LocalService directory as user home directory eventhough the user logged into the machine with his username). If anybody faced this type problem and solved, please send me a reply with the solution. If you have any links related to this problem, please send me.
  Thank You.

  Hi,
  Now i tried implementing SSO login.
  When i Go to System Administration --> System Configuration --> Keystore Administration.
  then there in the content tab everything greyed out and shows me the following message in screen
  "Could not access the keystore because of missing permissions. Make sure you have been assigned to the J2EE administrator role."
  can i know why is is like that? and wat shud i do for these to work on these.
  Thanks in Advance
  Regards,
  Raju

• AES-256 user home directory sparse image bundle in Lion?

  Snow Leopard and previous had file vault to protect users' home directories as, I believe, AES-128-encrypted sparse image bundles. As I understand it now, under Lion, the options are to enable AES-128 whole disk encryption, or, if upgrading an existing snow leopard machine with a legacy file vault user account, to maintain that legacy file vault user home directory. However, under this second approach, additional users' home directories cannot be individually "file-vaulted" and instead, would require that legacy file vault  be decrytped and then the entire disk be encrypted.
  I am thinking that it would be advantageous from a security standpoint if an individual user home directory could remain encrypted, if that user were not actively logged in. Then, all contents would be inaccessible to other users, including administratively privileged users, and also that user's home directory would remain encrypted when the computer was turned on and booted up because as I understand it, file vault 2's real strength lies in protecting "data at rest" versus "data on a powered up and mounted file vault 2 volume".
  To that end, I am wondering, regardless of whether file vault 2 is enabled or not, whether an existing user home directory and all of its contents be converted to an AES-256-encrypted sparse image bundle, using Disk Utility, and exist at the /Users directory space, mounting and decrypting "on the fly" from the login window at user login just like how a legacy file vault home directory is treated under snow leopard, independently of whether file vault 2 was enabled on the whole disk or not. This would also permit later addition/conversion of another "file vaulted" user account whether fle vault 2 were enabled or not.
  To recap, an AES-256-encrypted sparse image bundle that would mount upon user login just like a legacy file vault user home directory does. Does anyone know if something like that is doable, and has that road already been travelled successfully? If so, I'd love to read a step-by-step, play-by-play, set of instructions on how to do just that.

  I think I got a solution worked out.  I don't mind if things get installed in /opt as long as pacman tracks it, and I found ruby-enterprise-rmagick in the AUR as an orphan.  I adopted it, updated it, installed it, and it's working great with my code.

• User Home Directory Unavailable

  I seem to have unmounted my home directory.
  It is now an ejectable disk image, that only shows up in the finder with my other harddrives...
  It does not show up in disk utility...?
  Everything seems to be working fine still, except for Mail....?
  Any ideas on how to remount?
  I don't dare shut my machine down...
  I was trying to access files on a remote hard drive that was formerly a mirror partition of a software RAID array for a machine running 10.4.11. It has been repeatedly crashing my new 10.5.5 system till today when I had reset the jumper pins to slave...
  I was using Terminal to try and reset permissions/disable RAID, when suddenly I was told "User home directory ... is unavailable".
  What does this mean? Can I remount somehow? I have my whole home user directory encrypted with file vault.
  Please help. Lot's of very valuable data on this disk, in this directory.

  If he is using FileVault, then I believe his home directory IS a mountable object. It is an encrypted sparseimage which mounts when he logs in, and unmounts when he logs out. Somehow or other it sounds like he got logged out and the sparseimage unmounted. I've never used FileVault, too dang many problems with it. If I had sensitive info on a laptop I would make an encrypted disk image to keep the info in. Take a look at GuyEWhite's post here:
  http://discussions.apple.com/thread.jspa?messageID=5881960
  Perhaps that will help. Or someone who is very familiar with the the oddnesses of FileVault may see this thread and be able to offer more specific information for this very peculiar case.
  Francine
  Francine
  Schwieder

• User home dir restriction...

  Dear Sir /Madam,
  I want to restrict a user on unix within his home dir .He can go down to his home dir and work but should have access up to his home dir..or any other file system dir...
  Regds,
  Sharad

  Hi
  Change the permissions on the directory above the users home directory ( from the users directory this would be referred to as "." ) so that "others" field is not readable. It would look something like this:
  /export/home/a_user rwxrwx---
  You may need to check which group the user has been assigned to and change the group permissions as well.

• 10.6 server on w2k AD domain, trouble making new user home folders

  i recently starting working as a public school which has over 800 macs, both intel and ppc, laptops and desktops. there are also 300 windows machines as well. my job is to create the new user accounts for the students and staff as well as perform routine maintenance on the computers/servers. there are 3 xserves (intel) running 10.6.8 and 3 windows boxes running 2000 server. (i know thats old but it was top of the line when the building was build in 2002) the windows machines perform the user authentication via active directory and the xserves house the home folders stored on an xserve raid. the problem i am having it that i cannot create the new home folders for the incoming students on the xserve. the accounts are created in AD with no problems, and everything points to where it should be. however, when i try to manually create them (either by createhomedir in terminal, or by a script one of the previous system admins made) nothing happens. both active directory and open directory are up and running and all the servers seem to be talking to each other. on a side note, if i deleted an existing home folder and than ran the terminal command, it creates it perfectly. in one last attempt i re-bound all the mac servers to the AD and now it wont even let me re-create an existing home folder. anyone have any thoughts or ideas?? i have about a month left to get this fixed and all the computers imaged with the new config. i'd rather not have to re-build the AD domain but if it comes down to it, i may not have any choice.

  sorry i havent posted back sooner. i tried server cleanup and it did seem to fix other minor issues with the server, and it mapped the correct path to the user home folders. but it won't let me fix the permissions. when a student logs in to a client machine their home folder window opens up and all the folders are there but it won't let you open them stating that "you do not have the correct permissions" i ran fix permissions in server cleanup a few times, but it didnt fix the situation. also, i noticed that when i tell SC to look at the active directory domain, i get an error window and it stops loading users after the C's (alphabetical by last name) could this be because the AD domain is windows 2000 server? i just got 2 win2003 server machines freed up that i could migrate the AD domain to. that might fix some issues.