When setting up permissions for application files--URGENT

Similar Messages

• Set default permissions for new files?

  We have a small LAN where different users often need to open and resave each others' files. No server, just a bunch of client computers on ethernet sharing an internet router.
  Each time a user creates a file, that file's permissions default to read only for anyone but that user. How can I set up the default permissions so that any newly-created files default to Read & Write for "groups" and "others".
  I anticipate I will have to make this change for each user on each workstation.
  Any help would be greatly appreciated.
  Thanks

  If you want users to share files then have them place the file in the /Users/Shared/ folder. Files placed in that folder can be accessed by any user.
  Why reward points?(Quoted from Discussions Terms of Use.)
  The reward system helps to increase community participation. When a community member gives you (or another member) a reward for providing helpful advice or a solution to their question, your accumulated points will increase your status level within the community.
  Members may reward you with 5 points if they deem that your reply is helpful and 10 points if you post a solution to their issue. Likewise, when you mark a reply as Helpful or Solved in your own created topic, you will be awarding the respondent with the same point values.

• Need insight for setting up permissions for sharing an external hd via OS X 10.6?

  Hello intelligent lifeforms,
  My supervisor and friend passed away a little over a year ago, and I am now trying to fill his shoes as the networking guru and could use some assistance.  I'm trying to share an external hard drive that is connected to my Mac Pro OS X 10.6 workstation with a Mac Pro OS X 10.4 workstation user.  I've tried setting up a Sharing Only account in my System Preferences-Accounts for the 10.4 user, and under System Preference-Sharing I turned File Sharing: On, added the Shared Folder, added the User and set priveleges as "Read Only."  My intentions are for the 10.4 user to only be able to copy files from the external hard drive so as to protect the archived files being stored there from being tampered with.  However, there is a User group listed as "Everyone" that I can't remove and believe it is taking precedence over the 10.4 account that I setup.  I do not know where this Everyone group originated from but believe it to be some kind of default group and a major obstacle.
  When the 10.4 user copies a folder from the external hd to his workstation and later copies it to a volume on our Xserve OS X 10.2 the folder shows that I do not have privileges to do anything to the folder (there is a red circle with a minus sign in it on the folder icon).  Eventually, I am to backup these files to the external hd where lies my dilemma.
  The volume on the Xserve being copied to is setup under Workgroup Manger-Sharing-Share Points-General:  "Share this item and its contents" IS checked, Owner: admin-Read & Write, Group: staff-Read & Write (where said user has been added to the staff group), Everyone: none (I do not think the Everyone group listed on the server has anything to do with the Everyone group on my machine?), Enable disk quotas on this volume is NOT checked.
  My tests show that the permissions are being carried over from the external hd Everyone group (Read Only) because even when the 10.4 user's permissions are set to Read & Write in System Preferences-Sharing-File Sharing-Users the folder still shows to be Read Only when it's copied.  I've even tried setting his Desktop privileges to Read & Write hoping that when he copies the folder the permissions would be overwritten.  Unfortunately, the only way to give me priveleges is for the 10.4 user to change them manually through Get Info from his workstation.  This is counterproductive to the workflow I'm trying to establish.  I've tried wrapping my brain around the flowchart of coordinating permissions/privileges between the different machines but to no success.
  Also, a note to add is I've observed a User: Firebird Database that is listed under System Preferences-Sharing on both of our workstations.  It cannot be removed either and I do not know where it is originating from.
  Is there anyone out there that has any insight to this situation?
  Perplexed,
  carl_prepress

  "Everyone" is not a Group.
  Every file has underlying Access settings for System, Owner, Group, and World.
  Access settings for Everyone mean everyone-else that is not explicitly mentioned in the other settings. It is the same as the Unix "World".
  If you set the Priviledges for a file to Everyone=Read, then any user with any credentials can read it.
  The User Categories Owner, Group, and Everyone
  You can assign standard POSIX access permissions separately to three categories of users:
  Owner—A user who creates a new item (file or folder) on the file server is its owner and automatically has Read & Write permissions for that folder. By default, the owner of an item and the server administrator are the only users who can change its access privileges (allow a group or everyone to use the item). The administrator can also transfer ownership of the shared item to another user.
  Note: When you copy an item to a drop box on an Apple file server, ownership of the item doesn’t change, but only the owner of the drop box or root has access to its contents.
  Group—You can put users who need the same access to files and folders into group accounts. Only one group can be assigned access permissions to a shared item. For more information on creating groups, see the user management guide.
  Everyone—Everyone is any user who can log in to the file server: registered users and guests. Hierarchy of Permissions
  If a user is included in more than one category of users, each of which has different permissions, these rules apply:
  • GrouppermissionsoverrideEveryonepermissions.
  • OwnerpermissionsoverrideGrouppermissions.
  For example, when a user is both the owner of a shared item and a member of the group assigned to it, the user has the permissions assigned to the owner.

• I can not download any files using Safari ? when I choose to download application file the URL include the file name and stop responding. Any help??

  I can not download any files using Safari ? when I choose to download application file the URL include the file name and stop responding. Any help??

  Please read this whole message before doing anything.
  This procedure is a test, not a solution. Don’t be disappointed when you find that nothing has changed after you complete it.
  Step 1
  The purpose of this step is to determine whether the problem is localized to your user account.
  Enable guest logins* and log in as Guest. For instructions, launch the System Preferences application, select Help from the menu bar, and enter “Set up a guest account” (without the quotes) in the search box.
  While logged in as Guest, you won’t have access to any of your personal files or settings. Applications will behave as if you were running them for the first time. Don’t be alarmed by this; it’s normal. If you need any passwords or other personal data in order to complete the test, memorize, print, or write them down before you begin.
  Test while logged in as Guest. Same problem(s)?
  After testing, log out of the guest account and, in your own account, disable it if you wish. Any files you created in the guest account will be deleted automatically when you log out of it.
  *Note: If you’ve activated “Find My Mac” or FileVault in Mac OS X 10.7 or later, then you can’t enable the Guest account. The Guest login created by “Find My Mac” is not the same. Create a new account in which to test, and delete it, including its home folder, after testing.
  Step 2
  The purpose of this step is to determine whether the problem is caused by third-party system modifications that load automatically at startup or login.
  Disconnect all wired peripherals except those needed for the test, and remove all aftermarket expansion cards. Boot in safe mode* and log in to the account with the problem. The instructions provided by Apple are as follows:
  Be sure your Mac is shut down.
  Press the power button.
  Immediately after you hear the startup tone, hold the Shift key. The Shift key should be held as soon as possible after the startup tone, but not before the tone.
  Release the Shift key when you see the gray Apple icon and the progress indicator (looks like a spinning gear).
  Safe mode is much slower to boot and run than normal, and some things won’t work at all, including wireless networking on certain Macs.
  The login screen appears even if you usually log in automatically. You must know your login password in order to log in. If you’ve forgotten the password, you will need to reset it before you begin.
  *Note: If FileVault is enabled under Mac OS X 10.7 or later, you can’t boot in safe mode.
  Test while in safe mode. Same problem(s)?
  After testing, reboot as usual (i.e., not in safe mode) and verify that you still have the problem. Post the results of steps 1 and 2.

• Setting up permissions on the file server

  I am attempting to set up a file server with the OS X Server that came with my mac mini.
  I need to be able to set up permissions for 4 different users to be able to read and write, however with no permission to delete.
  I went to the MacMini section (on the left hand corner of the server app), then storage, and from there set up custom permissions
  I added the four users as a group.
  When I added the group to have access to the needed file, I clicked on the drop downs.
  I allowed all permissions for inheritance and reading. I selected all permissions for writting except for "delete" and "Delete subfolders and files"
  This give me a "-" sign next to write versus the check symbol (like it was shown for Read and Inheritance)
  After I set this up... I went to one of the users to test it out, it would not allow me to drop a file on the server or delete anything.
  How do I get this to work the way I want it!?!

  You can not do this with a single ACE.  Or at least I've never been able to.  This shoud resolve.
  Please make sure you test this however.  Remember that trying to overwrite is a delete and then a write.  So if you deny delete, then you can not replace a file or folder with one of the same name.  Also, renaming a file is also a delete.  You will not be able to rename.  Make sure you test this before putting into production to ensure you are getting the behavior you want.
  You have a share point named Archive.  You have a group called Archive_Users.  The Archive_Users are allowed to read and write but NOT delete data in the Archive.  Do do this, follow these steps:
  1:  Create a group called Archive_Users and place your users into the group.
  2:  Define your share point in File Sharing.
  3:  Edit to share point to add the group.  Press the + button and start typing the group name.  When it appears, set the permission to Read Write.  You permission window should have 4 entries at this point.  The everyone, the group (likely staff), and the owner (likely the server admin).  Then the one you added.  The bottom three are POSIX, the final one is an ACE.
  4:  Now, you need to get your hands dirty and create a custom ACE.  Server.app does not allow you to use the Deny rules so break out Terminal.
  5:  I will assume the Archive folder is in this path /Shares/Archive.  First get a list of the folder's ACL using:
  ls -le /Shares/Archive
  It should like like the following:
  drwxr-xr-x+ 2 carbon  wheel   68 Feb 18 22:27 Archive
  0: user:_spotlight inherited allow list,search,file_inherit,directory_inherit
  1: group:archive_users allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextat tr,writeextattr,readsecurity,file_inherit,directory_inherit
  6:  Now you must add your deny rule.  Use the following command:
  chmod +a# 2 "group:archive_users deny delete,file_inherit,directory_inherit" /Shares/Archive
  The syntax here is to add (+a) an ACE at index 2 (# 2), an ACE for the group archive_users that states the group can no delete any file or folder and this is inherited all the way down.
  7:  If you have content in the folder already, be sure to propagate the permissions.
  8:  Test, test, test.
  Remember, the deny rules can have some odd effects.  As mentioned, I can think of the renaming and the overwrite as possible deterrents.
  A possible alternative is to not give everyone read write access to the Archive. It might be more sane to define two groups.  The first groups, Archive_admins, is a subset of users who are entrusted with moving data to archived status.  The second group, Archive_users, is the rest of the team and they have read only access, allowing them to pull data but not edit the archive.  This allows you to use two simple ACEs in Server.app:  Archive_admin = read/write and Archive_users = read.
  R-
  Apple Consultants Network
  Apple Professional Services
  Author "Mavericks Server – Foundation Services" :: Exclusively available in Apple's iBooks Store

• Set windows permissions for folder

  My labview app is being installed to the prog files dir for the app by an installer created by the LV Dev System.  i encounter a problem when trying to store a config file for the app to the directory during user customization of settings after app installation because the file I am trying to update is read only due to win 7 defaults.  I try to set the permissions for the folder programmatically, but it does not change the folder to a NOT read only one.  What is the trick here?  Do I need to put my config files in another directory somewhere or is ther a way to change the folder settings so I can create temp files in that folder?

  Creating temporary config files in Program Files is not very good practice. I would do it in the public user folder.
  How are you setting the parameters?
  Did you use the following?
  http://zone.ni.com/reference/en-XX/help/371361J-01/glang/set_permissions/
  http://zone.ni.com/reference/en-XX/help/371361J-01/glang/setting_permissions/
  Excerpt from the link above:
  You can use permissions to change only write permissions for users (bit 7); the operating system ignores all other changes to the bits.
  Beginner? Try LabVIEW Basics
  Sharing bits of code? Try Snippets or LAVA Code Capture Tool
  Have you tried Quick Drop?, Visit QD Community.

• JAAS - How to set up permissions for a specific code?

  I would like to set up permissions for specific code in JAAS policy files.
  In other words, let's say I have the followiong entry:
  permission java.util.PropertyPermission "java.home", "read";
  Then, when I do Subject.doAsPrivileged(..., MyAction), if this permission is absent, I will not be able to access the "java.home" property in my MyAction.
  If I, let's say, set up a file permission, I will not be able to read certain files if the permission is absent.
  I want something simpler. I want to be able to specify that the whole class MyAction cannot be executed if the permission is absent - I do not want the code to even go there. Basically, if the necessary entry in the Policy file is not present, I do not want the calling code to have access to class com.mypackage.MyAction.
  This must be really straight-forward, what am I missing?

  Thank you for your input.
  My case is a little bit more complex.
  There is a request and approval process attached to the provision to this target system.
  The approval process has a first level of approval (including 1 to many approval steps) and the user gets the basic access to this target system. The user can then access the target system but is limited to what he/she can do.
  Then the approval goes to a second level of approval (including many approval steps) and if approved the user gets the elevated access to this target system.
  To accomplish this, the previous implementer created 2 resources for the same target. After the first level of approval, he provisioned resource A to the user. After the second level of approval, he provisioned resource B to the user, revoked resource B, and updated resource A.
  This is very confusing because we are dealing with 2 resources for the same target.
  I am looking for way to take advantage of the GTC to provision and reconcile with a system that takes a flat file and can write a flat file. But I also need to make it work with this approval nightmare.
  Do you have any ideas on how to make this better and simpler?
  Thanks
  Khanh

• [SOLVED] setting up permissions for mounted usb devices

  Hi all,
  I've been having the following problem when mounting my external hd: in order to mount the external hd I created a folder /mnt/usbstick/ giving permissions to a non-root user to read the files/directories in this folder (using chmod); however, after I mount the external hd, the set of permissions for /mnt/usbstick/ change so that a non-root user cannot  read the mounted files in /mnt/usbstick. This is a problem for me because, when I copy a file from the external hd to the non-root home folder, the copied file can only be read by the root user.   
  Do you know how I can solve this problem? Should I write a udev rule and place it at /etc/udev/rules.d/? Or should I simply add the non-root user to a specific group from /etc/group? Any ideas?
  Thanks!
  Last edited by falsum (2010-05-08 09:21:59)

  You could try adding an entry for your usb device in /etc/fstab and specify the option user to let non-superusers mount it.
  Here's an example of an entry for my external HD. I'm sure there are probably other (and better) ways to do this but it works for me.
  UUID=4376-0BFB /media/FIRELITE vfat rw,user,noauto,async 0 0
  Nice howto found on the wiki: http://wiki.archlinux.org/index.php/Fstab

• Set a description for a File object

  Hello, I have to do a File saving task. I have a directory when I place my files. When i press "Save", a dialog appears and a table lists all my files from that directory. Each file must have a description. My question is how to set a description for a file, and also, how to get back that description. 10ks

  public class ExtractionSetFile extends File {
       private String description;
       public ExtractionSetFile( String pathname ) {
            super( pathname );
       public void setDescpription( String descpription ) {
            this.description = descpription;
       public String getDescription() {
            return description;
  }

• When setting up iCloud for my Contacts, it wiped out my contact list from Outlook on my PC.  The contact list is on iCloud and on my iPad.  How do I get my contact list back on my PC?

  When setting up iCloud for my Contacts, it wiped out my contact list from my PC.  How do I get the contact list back in Outlook on my PC?

  It's in Outlook, in the iCloud account Contacts.

• Set the password for zip file in unix

  Hi All,
  I have used the below command to zip the file and it is working fine.
  cd /YYYY;zip -r ZZZZ.zip ZZZZ.TXT
  While using the below command to set the password on zip file , I am getting error like "zip error: Invalid command arguments (encryption not supported)
  zip -P password -r ZZZZ.zip ZZZZ.TXT
  Can you please help me how to set the password for zip file in UNIX.
  Thanks,

  Do you use any characters in the password that might confuse the zip command? (like '-' or ';'?)
  If I use the command in RHEL4:
  cd /tmp
  zip -P password -r tt.zip gconfd-oracle
  adding: gconfd-oracle/ (stored 0%)
  adding: gconfd-oracle/lock/ (stored 0%)
  adding: gconfd-oracle/lock/ior (deflated 67%)

• How do we set the permissions for....

  Using Acrobat 9, Setting permissions is very confusing!
  How do we set the permissions for document so that:
  -- the end user needs no password
  -- Printing: Allowed
  -- Changing the Document: Not Allowed
  -- Doument Assembly: Not Allowed
  -- Content Copying: Not Allowed
  -- Content Copying for Accessability: Not Allowed
  -- Page Extraction: Not Allowed
  -- Commenting: Allowed
  -- Filling of Form Fields: Allowed
  -- Signing: Not Allowed
  -- Dreating of Template Pages: Not Allowed

  Not possible. If you allow filling in forms you must allow signing. BTW, while it is nice to be able to set permissions anything that depends upon passwords that you set is easily overcome by third party utilities. Don't do anything that really depends upon these permissions. If you want to set permissions using the Document Properties Dialog box (control D), then click on the Security button. In the Security Method Dialog box, select password security and fill it out as you need.

• Setting Oracle Permissions for file access from a pl/sql function

  I have a pl/sql function that calls a java method which moves a
  file from a directory to another.
  Since we are using Linux, Oracle wants some permissions.
  Those permissions are set using:
  call dbms_java.grant_permission(USER, 'java.io.FilePermission',
  FILE, permission)
  OK, i want to use this in my pl/sql function, but it doesn't
  work.
  My function looks like something like this:
  -- some pl/sql code
  dbms_java.grant_permission(someUSER, 'java.io.FilePermission',
  sourceFILE, 'write');
  dbms_java.grant_permission(someUSER, 'java.io.FilePermission',
  destFILE, 'write');
  flag := move(sourceFILE, destFILE);
  -- flag is for 1 -> done and 0 -> error
  -- some more code ...
  The problem is the lines of
  dbms_java.grant_permission(someUSER, 'java.io.FilePermission',
  sourceFILE, 'write');
  do not work!
  When i grant permissions manually in sql plus it works great,
  but when i do it from the function it does not work!
  Any ideas anyone?
  Any help would be appreciated.

  The command :
  dbms_java.grant_permission
  (someUSER, 'java.io.FilePermission',sourceFILE, 'write');
  is right.
  Open sqlplus
  Connect as sys or system
  type :
  execute dbms_java.grant_permission
  (someUSER, 'java.io.FilePermission',sourceFILE, 'write');
  commit;
  try to compile again your procedure...does it work now ?
  bye
  Giovanni Regola

• Removing ownership & permissions for all files burned to a DVD?

  Hello,
  I am new to the concept of "ownership & permissions". Do they apply to files burned to DVD or just the files on the computer? I would like to burn some files onto a DVD for backup and I do not want to copy the "ownership & permissions" settings of the files - I just need to backup the files only. I would like to back the files up for a year or two and I am concerned that in the future I may not remember my usernames or passwords to access these files from the burned DVD.
  Do "ownership & permissions" apply to files burned onto a DVD? Or does the DVD burning process erase the "ownership & permissions" settings? I tried to burn a DVD from OSX by creating a burn folder and I didn't see any setting that allowed me to remove the "ownership & permissions" settings.
  Thank you for any insite into this.

  Thanks Mulder,
  Here is what I am trying to do:
  I do not need to backup any system files - I already have OSX on my original DVD if I needed to re-install. I only need to backup the users' document files and maybe some email folders in the users' libraries.
  I set up three accounts:
  1. The first account is for admin purposes only.
  2. The second is for my own use - it is the account used most often on this computer.
  3. The third account is for my family.
  Note: I will set up a fourth account for our student renter later.
  I will have access to the user names and passwords of all these accounts in case I need to go into the accounts to back up their documents. But the user(s) of the family account will not have my password - so the kids don't accidently erase any of my files.
  When working in the second account (which is used most often by myself), I sometimes need to place newly created files into the "document" folder on our family account (the third account). And so I purposely changed the "Ownership & Permissions" on the "document" folder on our family account (the third account) to Group: second account. This allows me (the second account) to place files into the "Document" folder of the third account (the family account). After doing this, I also need to change the "Ownership & Permissions" of any added files to Group: third account so the user(s) of the family account can edit (read and write) the files I add from the second account.
  An alternative setup that I decided not to use: I could have made use of the "users/shared" folder for this, however, I do not want everyone to be able to access these files - especially when I set up a fourth account (or even more accounts) in the future. I only would like to share the contents of the third account's "Document" folder between two users (user of the second account and the user of the third account).
  Now I will continue the explanation of my setup:
  Over time the "Document" folder of the third account (the family account) will become filled with a mixture of files with different Ownerships - some created from the second account and some created from the third account - but all editable from either the second account or the third account by assigning each other access via the "Group" designation in "Ownership & Permission". Because of this mix of files with different ownerships, I could, if I wanted to keep the settings consistent, select the "Document" folder of the third account (the family account) and change the ownership of all enclosed items to the user of the third account by using the "Apply to enclosed items". I would probably also change the "Group" designation to the second account too.
  I will be able to make all these changes because I have the user names and passwords for all the accounts.
  Now here is my main question:
  My concern is that when it comes time to backup the document folders onto DVD, what if in a couple years I forget these passwords? You see, I would rather not copy any "Ownership & Permissions" settings of the files onto the DVD. Lets say that in a couple of years I go back to my DVD backup and need to pull off some old jpeg files and put them onto my computer. When I insert the old backup DVD will it say: "Sorry, you do not have access priviledges to view these files" or something like that? That would be a real problem. These are my own files. Why would I want to risk making an important backup DVD un-useable in the future because of some long-and-forgotten permission settings?
  What I would like to do is copy all my files onto DVD for backup in such a way that "Ownership & Permissions" are not copied. Why put the risk of a limitation on your important backups? Is there a better way to do this? What do other people do?
  Am I making this more complicated than it has to be? As you can tell, I am a beginner with OSX (and permissions) and I am looking for some advice. Thanks
  Mulder, when you wrote:
  "If you're trying to backup just selected files, such as your purchased music or applications, etc., then ownership and permissions shouldn't be a problem."
  did you mean that ownership and permissions are not copied? That would be great. But I am not sure if that is what you meant to write. Thanks!

• Read-only access permissions for new files/folders?

  System:
  Clean Install on new intel Xserve
  10.4.8 Server w/ Open Directory
  Windows clients can read/write completely fine...
  Clients connecting using AFP (whether Standard or Kerberos authentication) can access files, but when new files/folders are created on the server, they register as full permissions for the user who created them, but not for the rest of the group.
  The share(s) in question are set using POSIX from WGM: Full access for owner/group/everyone (changed it to this thinking it would help, but it does not). Of course, no one can make changes to a newly-created/deposited files/folders, which is just plain silly.
  I can chmod the permissions recursively from a script (which fixes the problem, of course) on a regular basis so that its not (as much of) an issue, but there is still a 5-minute lag for the script to kick in, since we don't want to bombard the server with chmod requests every minute....which is unnecessary in the first place!
  I have plenty of other setups which are identical but have no such issue...
  Any reason why POSIX permissions on the share are being ignored from every user account?
  Thanks,
  k

  "That's default posix behaviour no matter what access permissions you set on the sharepoint."
  I'm afraid this is dead wrong. What matters most is how you set permissions on the share, not if you've chosen to inherit vs. using POSIX. POSIX is still used in inherit functions, though you can use ACL's to override them. In this case, ACL's are not being used on those shares (though we tried it).
  After all, why would Apple (let alone anyone else) even offer the ability to change POSIX permissions on a share if it didn't have any effect? That would be somewhat contradictory in nature.
  Like I said before, I have several other installations which are identically setup that have no such issues.
  As for Windows, it is also not set to inherit permissions; we're setting those explicitly. And they work fine.
  Any other ideas?
  Thanks,
  k