Solved

Mac Homes in Snow Leopard server Permission problem

Posted on 2010-11-24
9
1,238 Views
Last Modified: 2013-11-24
I think i have broken some permissions on the mac homes folders in snow leopard server:

Whilst trying to fix a save issue with an end user i propogated permissions through the machomes folder, Does anybody know what the default permissions should be for these files
0
Comment
Question by:lloydforth1
9 Comments
 
LVL 4

Expert Comment

by:GWNet-working
ID: 34205059
CNet has some solutions to this: (http://reviews.cnet.com/8301-13727_7-10329971-263.html)



"Use Disk Utility to Fix System Permissions Disk Utility can access the global permissions database which stores all the default permissions for Apple-provided system files. If users have manually copied files within their System folder (such as kernel extensions), Disk Utility's "Permissions Repair" routine can easily restore the proper permissions on these files. It is recommended to first try the permissions repair when booted into Safe Mode, but alternatively users can boot from their installation DVD and run it from there."
0
 
LVL 12

Expert Comment

by:nxnw
ID: 34255360
Disk Utility's Permissions Repair will not fix home folder permissions.

However:
Mac OS X v10.5 or later: While started from the Leopard Install DVD, a user's home directory permissions can be reset using the "Reset Password" utility.
http://support.apple.com/kb/ht1452

If that does not work on network home folders (probably doesn't), the permissions and acls are the same as local home folders:
drwx------+  3 username  staff  102  2 Dec 03:06 Desktop/
 0: group:everyone deny delete
drwx------+  4 username  staff  136  2 Dec 03:06 Documents/
 0: group:everyone deny delete
drwx------+  4 username  staff  136  2 Dec 03:06 Downloads/
 0: group:everyone deny delete
drwx------+ 22 username  staff  748  2 Dec 03:06 Library/
 0: group:everyone deny delete
drwx------+  3 username  staff  102  2 Dec 03:06 Movies/
 0: group:everyone deny delete
drwx------+  3 username  staff  102  2 Dec 03:06 Music/
 0: group:everyone deny delete
drwx------+  4 username  staff  136  2 Dec 03:06 Pictures/
 0: group:everyone deny delete
drwxr-xr-x+  5 username  staff  170  2 Dec 03:06 Public/
 0: group:everyone deny delete
drwxr-xr-x+  5 username  staff  170  2 Dec 03:06 Sites/
 0: group:everyone deny delete

Open in new window

The subfolders in sites and public are a bit different, too.
0
 

Expert Comment

by:ukprotect
ID: 34292232
It is almost impossible to reconstruct the permissions again. I have had similar problems with the propergate button. The easiest thing you can do is copy the users home folder to the desktop. Delete that user using WorkGroup Manager, and recreate it again. Copy back the contents of the Documents, Movies, Picture and Music.
0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 
LVL 12

Expert Comment

by:nxnw
ID: 34294666
"The easiest thing you can do is copy the users home folder to the desktop. Delete that user using WorkGroup Manager, and recreate it again. Copy back the contents of the Documents, Movies, Picture and Music."

This does not seem like a good idea. It will blow away all of the important things contained in the user's  library, like preferences and email. Indeed, lots of people have nothing of consequence in the Documents, Movies, Picture and Music folders, but have critically important data in the directories that would be lost.

Propagating permissions works fine from the command line.
0
 

Expert Comment

by:ukprotect
ID: 34296176
If you follow the procedure I have shown you, it would be easy to copy back the users documents, including their preferences and email. The alternative would be to go to each and every folder and change the permissions, which is hundreds of files. The result still wouldn't be the same as the original.
0
 
LVL 12

Expert Comment

by:nxnw
ID: 34296686
As I understand it, your advice is:
1. copy a user's home folder to the desktop of the logged in user ( i.e., a different user);
2. create a new user with a new network home folder;
3. copy back the contents of the various folders into the newly created folder set - for example, the contents of the original library folder, into the newly created library folder;

Re: #1. You can't do this without changing the privileges for most of the contents of the home folder. Otherwise, you are interrupted by "you don't have permission to copy that file", which you ignore at your peril;
Re: #3. Copying a file with incorrect privileges back to the new folder will only change the owner. Any other incorrect privileges (rwx) will remain incorrect.

Without any copying (or potentially imperfect attempts to copy), ownership can be corrected on the full home directory with this command:

sudo chown  -R username home directory path
0
 

Expert Comment

by:ukprotect
ID: 34298293
Let me try explain it better.
'User A's' permission are all wrong. i will log in to the server as an administrator.
Locate the location of the home folders. Mine is located on Drive 2 of my Mac mini.
Copy 'User A's' home folder to the desktop.
This home folder will contain the user's Documents, Music, Pictures, Preferences etc.
I then open workgroup manager and delete 'User A'. You may also need to manually delete the 'User A's' home folder from the network location. (Mine is on drive 2, you now still have a copy of 'User A's' home folder on the desktop).
In work group manager create a new user called 'User A'
by default the Administrator cannot view the contents of home folders, so suppose the old home folder (located on the desktop) contains pictures, documents, prefereneces, Click on the new home folder and press command-i and add the current Administrator to have read and write permissions to User A's new home folder. To access the Music, pictures, Library foders repeat the command-i to add the Administrator with read write previleges to these folders.
Copy the contents of Picture folder from the home folder on the desktop to the home folder on the network drive. do the same for the other folders.
0
 
LVL 12

Accepted Solution

by:
nxnw earned 500 total points
ID: 34298434
I understood it fine. The problems with it are outlined above.
0
 
LVL 3

Author Comment

by:lloydforth1
ID: 34299113
nxnw is right that will only change the owner, nested files will still have the incorrect permissions. The problem is i have propogated incorrect permissions through the whole structure.

I managed to find a compromise that seems to be working it's just i have no idea if the current permissions are the correct "default" ones.

My big problem was that other users could afp to the mac homes and see contents of the other users homes (not exactly ideal) this was fixed immediately by removing everyone read write access from the top level folder.


0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
antivirus on mac 8 77
What are the best antivirus scans to run on mac book Pro 7 55
facebook change 4 36
flash professional 3 9
Deploystudio is a system which can be used to deploy OSX clients and servers within the small/medium or large business environments. The system is built onto of the OSX Server NetBoot system and uses images & workflows as its core assets. While work…
In this article we discuss how to recover the missing Outlook 2011 for Mac data like Emails and Contacts manually.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question