Solved

Mac Homes in Snow Leopard server Permission problem

Posted on 2010-11-24
9
1,241 Views
Last Modified: 2013-11-24
I think i have broken some permissions on the mac homes folders in snow leopard server:

Whilst trying to fix a save issue with an end user i propogated permissions through the machomes folder, Does anybody know what the default permissions should be for these files
0
Comment
Question by:lloydforth1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 4

Expert Comment

by:GWNet-working
ID: 34205059
CNet has some solutions to this: (http://reviews.cnet.com/8301-13727_7-10329971-263.html)



"Use Disk Utility to Fix System Permissions Disk Utility can access the global permissions database which stores all the default permissions for Apple-provided system files. If users have manually copied files within their System folder (such as kernel extensions), Disk Utility's "Permissions Repair" routine can easily restore the proper permissions on these files. It is recommended to first try the permissions repair when booted into Safe Mode, but alternatively users can boot from their installation DVD and run it from there."
0
 
LVL 12

Expert Comment

by:nxnw
ID: 34255360
Disk Utility's Permissions Repair will not fix home folder permissions.

However:
Mac OS X v10.5 or later: While started from the Leopard Install DVD, a user's home directory permissions can be reset using the "Reset Password" utility.
http://support.apple.com/kb/ht1452

If that does not work on network home folders (probably doesn't), the permissions and acls are the same as local home folders:
drwx------+  3 username  staff  102  2 Dec 03:06 Desktop/
 0: group:everyone deny delete
drwx------+  4 username  staff  136  2 Dec 03:06 Documents/
 0: group:everyone deny delete
drwx------+  4 username  staff  136  2 Dec 03:06 Downloads/
 0: group:everyone deny delete
drwx------+ 22 username  staff  748  2 Dec 03:06 Library/
 0: group:everyone deny delete
drwx------+  3 username  staff  102  2 Dec 03:06 Movies/
 0: group:everyone deny delete
drwx------+  3 username  staff  102  2 Dec 03:06 Music/
 0: group:everyone deny delete
drwx------+  4 username  staff  136  2 Dec 03:06 Pictures/
 0: group:everyone deny delete
drwxr-xr-x+  5 username  staff  170  2 Dec 03:06 Public/
 0: group:everyone deny delete
drwxr-xr-x+  5 username  staff  170  2 Dec 03:06 Sites/
 0: group:everyone deny delete

Open in new window

The subfolders in sites and public are a bit different, too.
0
 

Expert Comment

by:ukprotect
ID: 34292232
It is almost impossible to reconstruct the permissions again. I have had similar problems with the propergate button. The easiest thing you can do is copy the users home folder to the desktop. Delete that user using WorkGroup Manager, and recreate it again. Copy back the contents of the Documents, Movies, Picture and Music.
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 12

Expert Comment

by:nxnw
ID: 34294666
"The easiest thing you can do is copy the users home folder to the desktop. Delete that user using WorkGroup Manager, and recreate it again. Copy back the contents of the Documents, Movies, Picture and Music."

This does not seem like a good idea. It will blow away all of the important things contained in the user's  library, like preferences and email. Indeed, lots of people have nothing of consequence in the Documents, Movies, Picture and Music folders, but have critically important data in the directories that would be lost.

Propagating permissions works fine from the command line.
0
 

Expert Comment

by:ukprotect
ID: 34296176
If you follow the procedure I have shown you, it would be easy to copy back the users documents, including their preferences and email. The alternative would be to go to each and every folder and change the permissions, which is hundreds of files. The result still wouldn't be the same as the original.
0
 
LVL 12

Expert Comment

by:nxnw
ID: 34296686
As I understand it, your advice is:
1. copy a user's home folder to the desktop of the logged in user ( i.e., a different user);
2. create a new user with a new network home folder;
3. copy back the contents of the various folders into the newly created folder set - for example, the contents of the original library folder, into the newly created library folder;

Re: #1. You can't do this without changing the privileges for most of the contents of the home folder. Otherwise, you are interrupted by "you don't have permission to copy that file", which you ignore at your peril;
Re: #3. Copying a file with incorrect privileges back to the new folder will only change the owner. Any other incorrect privileges (rwx) will remain incorrect.

Without any copying (or potentially imperfect attempts to copy), ownership can be corrected on the full home directory with this command:

sudo chown  -R username home directory path
0
 

Expert Comment

by:ukprotect
ID: 34298293
Let me try explain it better.
'User A's' permission are all wrong. i will log in to the server as an administrator.
Locate the location of the home folders. Mine is located on Drive 2 of my Mac mini.
Copy 'User A's' home folder to the desktop.
This home folder will contain the user's Documents, Music, Pictures, Preferences etc.
I then open workgroup manager and delete 'User A'. You may also need to manually delete the 'User A's' home folder from the network location. (Mine is on drive 2, you now still have a copy of 'User A's' home folder on the desktop).
In work group manager create a new user called 'User A'
by default the Administrator cannot view the contents of home folders, so suppose the old home folder (located on the desktop) contains pictures, documents, prefereneces, Click on the new home folder and press command-i and add the current Administrator to have read and write permissions to User A's new home folder. To access the Music, pictures, Library foders repeat the command-i to add the Administrator with read write previleges to these folders.
Copy the contents of Picture folder from the home folder on the desktop to the home folder on the network drive. do the same for the other folders.
0
 
LVL 12

Accepted Solution

by:
nxnw earned 500 total points
ID: 34298434
I understood it fine. The problems with it are outlined above.
0
 
LVL 3

Author Comment

by:lloydforth1
ID: 34299113
nxnw is right that will only change the owner, nested files will still have the incorrect permissions. The problem is i have propogated incorrect permissions through the whole structure.

I managed to find a compromise that seems to be working it's just i have no idea if the current permissions are the correct "default" ones.

My big problem was that other users could afp to the mac homes and see contents of the other users homes (not exactly ideal) this was fixed immediately by removing everyone read write access from the top level folder.


0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The error "There was an error performing the update" occurred on a Mac OS X client workstation running  Symantec AntiVirus for Mac (http://www.symantec.com/business/products/purchasing.jsp?pcid=pcat_security&pvid=825_1) - the Enterprise product vers…
A lot of new and distinct gadgets are making their appearance every other day. The latest gadget that has wooed the attention of all gadget lovers and non gadget lovers alike is the Smartwatch. This tiny gadget is capable of offering live access to …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question