Solved

FTP - User is not able to write to folder of which they are a member of the group - Permissions at 775

Posted on 2006-07-19
6
305 Views
Last Modified: 2010-04-14
We are using Xserve 10.3.9 for our ftp server.  I have set up all of our customers with their own home folder and in addition I have made groups for all these customers so that one of our departments (lets call it internal user) can read/write/delete/execute into all these folders as well.  I cannot give any of these administrative access. This department (internal user) is now a member of roughly 50 groups.  The trouble I am having is that several of the folders will not allow the internal user which is part of the group to write to the folder.  The customer which is only part of one group can still write and I (administrative user and owner of the folder) can still write but not the other member of the group.  Is there a limit on how many groups to which a user can belong?  They can still read however.  This is only on some of the folders.  The permissions are set to 775 and I have already tried to repair permissions.   If there is a limit, how do I give the internal users access to all the folders below and none of the folders above while retaining the permissions for the end user?
0
Comment
Question by:tammyf
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 3

Expert Comment

by:VMSZealot
ID: 17138592
I think you're going to have to get your hands dirty at the command line here.  Would it be possible for you to do an ls -la of the folder concerned (changing names to protect the innocent, of course) and attach it to this query - just so that I can see the permissions for myself?

I don't think that there's a limit to the number of groups a user can belong to.  But it's a good thought - does the user having problems belong to a particularly large number of groups?
0
 

Author Comment

by:tammyf
ID: 17138788
I have no problems getting my hands dirty with the command line in fact I am trying to learn more since workgroup manager has  its own series of problems.  I have done the ls -la on both a folder they can write to and one of the ones they can't.  There seem to be several they cannot write too and there is no rhyme or reason that I can see.  I just recently set up the groups this way since that seem to be the only way to give our internal users full access to all the customer folders without letting them get behind it since we keep financial data at the top.  Here is the list with the names changed as you suggested.  I can't look at this and tell where there is a problem with our internal user since their name does not show up anywhere.  

Here is the one that allows writing by our internal user:

[www:~/FTP/customers/customer1] adminuser% ls -la
total 26896
drwxrwxr-x   5 adminuser  group1       170 18 Jul 17:22 .
drwxrwx-wx  50 adminuser  staff      1700  5 Jul 10:27 ..
-rw-rw-r--   1 adminuser  group1      6148 15 Dec  2005 .DS_Store
-rw-rw-r--   1 adminuser  group1   2045553  7 Jun 12:06 06-0463 raymer manual.pdf
-rw-rw-r--   1 adminuser  group1  11711180  9 Mar 14:33 IISL Photos.sitx
[www:~/FTP/customers/customer1] adminuser%

Here is the one that is denying permissions to write:

Last login: Wed Jul 19 10:26:44 on ttyp1
Welcome to Darwin!
[www:~/FTP/customers/customer2] adminuser% ls -la
total 52832
drwxrwxr-x  15 adminuser  group2       510 18 Jul 17:52 .
drwxrwx-wx  50 adminuser  staff         1700  5 Jul 10:27 ..
-rw-rw-r--   1 adminuser  group2      6148 18 Jul 17:40 .DS_Store
drwxrwxr-x  12 adminuser  group2       408 18 Jul 16:28 Academica
-rw-rw-r--   1 adminuser  group2   4530824 30 Jun 13:59 Rapp case spine.tif
drwxrwxr-x   3 adminuser  group2       102  3 Apr 13:56 Red Moon
-rw-rw-r--   1 adminuser  group2    307948 27 Apr 11:02 goertzel.pdf
[www:~/FTP/customers/customer2] adminuser%


0
 
LVL 3

Accepted Solution

by:
VMSZealot earned 500 total points
ID: 17144655
Okay, could you check group2 to verify that it actually contains the user with problems (I know it should do, but lets check the database directly).

niutil -read . /groups/group2

Your result should be something like this:

name: group2
gid: 80
passwd: *
users: pascalharris sarahbinnie nancyparker tomcragg
generateduid: ABCDEFAB-CDEF-ABCD-EFAB-CDEF00000050
smb_sid: S-1-5-32-544
realname: GroupTwo

In this example, the group contains four members.  If your user is missing from the group, add the user as follows:

niutil -appendprop / /groups/group2 users jameshubbard
0
PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

 

Author Comment

by:tammyf
ID: 17145816
This very interesting.  I did two things.  First I ran the command to view all the groups to which our internal user belongs using this command:

groups username

Here is what I got:

Last login: Wed Jul 19 10:42:53 on ttyp1
Welcome to Darwin!
[www:~] adminuser% groups group2
staff aaa ccc bbb1 ddd1 eee1 fff1 ggg1 hhh1 iii1 kkk1 lll1 mmm1 nnn1 ooo1 ppp1
[www:~/FTP] adminuser%

It only listed 15 of the 50 groups.  I then ran the command you suggested (see result below) and the user DID show up as belonging to the group even though this group did not show up when running the above command. It does seem to be limiting for some reason.  I don't know how else to set this up to give the internal user the correct access.  I would expect the Xserve to be able to handle having a user in more than 15 groups.  Suggestions?

[www:~/FTP] adminuser% niutil -read . /groups/groupname
name: groupname
realname: groupname
generateduid: 561FA010-16A7-11DB-B3E3-000393B5DF8C
gid: 1103
users: group1 group2
[www:~/FTP] adminuser%
0
 

Author Comment

by:tammyf
ID: 17145916
Found this on the apple site.

Mac OS X Server 10.3: Tested and theoretical maximums (limits)

Directory Services      Number of Groups per User      16      16

0
 
LVL 3

Expert Comment

by:VMSZealot
ID: 17146257
Blimey.  You learn something new every day.  I do anyway!  Glad your question has been answered!
0

Featured Post

PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There is a security feature on iOS devices that is nearly impenetrable when it has been activated.  This article will provide some possible solutions as well as necessary steps to take to ensure you do not end up with a locked device.
In this article we discuss how to recover the missing Outlook 2011 for Mac data like Emails and Contacts manually.
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…

631 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question