Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1248
  • Last Modified:

Mac Homes in Snow Leopard server Permission problem

I think i have broken some permissions on the mac homes folders in snow leopard server:

Whilst trying to fix a save issue with an end user i propogated permissions through the machomes folder, Does anybody know what the default permissions should be for these files
0
lloydforth1
Asked:
lloydforth1
1 Solution
 
GWNet-workingCommented:
CNet has some solutions to this: (http://reviews.cnet.com/8301-13727_7-10329971-263.html)



"Use Disk Utility to Fix System Permissions Disk Utility can access the global permissions database which stores all the default permissions for Apple-provided system files. If users have manually copied files within their System folder (such as kernel extensions), Disk Utility's "Permissions Repair" routine can easily restore the proper permissions on these files. It is recommended to first try the permissions repair when booted into Safe Mode, but alternatively users can boot from their installation DVD and run it from there."
0
 
nxnwCommented:
Disk Utility's Permissions Repair will not fix home folder permissions.

However:
Mac OS X v10.5 or later: While started from the Leopard Install DVD, a user's home directory permissions can be reset using the "Reset Password" utility.
http://support.apple.com/kb/ht1452

If that does not work on network home folders (probably doesn't), the permissions and acls are the same as local home folders:
drwx------+  3 username  staff  102  2 Dec 03:06 Desktop/
 0: group:everyone deny delete
drwx------+  4 username  staff  136  2 Dec 03:06 Documents/
 0: group:everyone deny delete
drwx------+  4 username  staff  136  2 Dec 03:06 Downloads/
 0: group:everyone deny delete
drwx------+ 22 username  staff  748  2 Dec 03:06 Library/
 0: group:everyone deny delete
drwx------+  3 username  staff  102  2 Dec 03:06 Movies/
 0: group:everyone deny delete
drwx------+  3 username  staff  102  2 Dec 03:06 Music/
 0: group:everyone deny delete
drwx------+  4 username  staff  136  2 Dec 03:06 Pictures/
 0: group:everyone deny delete
drwxr-xr-x+  5 username  staff  170  2 Dec 03:06 Public/
 0: group:everyone deny delete
drwxr-xr-x+  5 username  staff  170  2 Dec 03:06 Sites/
 0: group:everyone deny delete

Open in new window

The subfolders in sites and public are a bit different, too.
0
 
ukprotectCommented:
It is almost impossible to reconstruct the permissions again. I have had similar problems with the propergate button. The easiest thing you can do is copy the users home folder to the desktop. Delete that user using WorkGroup Manager, and recreate it again. Copy back the contents of the Documents, Movies, Picture and Music.
0
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
nxnwCommented:
"The easiest thing you can do is copy the users home folder to the desktop. Delete that user using WorkGroup Manager, and recreate it again. Copy back the contents of the Documents, Movies, Picture and Music."

This does not seem like a good idea. It will blow away all of the important things contained in the user's  library, like preferences and email. Indeed, lots of people have nothing of consequence in the Documents, Movies, Picture and Music folders, but have critically important data in the directories that would be lost.

Propagating permissions works fine from the command line.
0
 
ukprotectCommented:
If you follow the procedure I have shown you, it would be easy to copy back the users documents, including their preferences and email. The alternative would be to go to each and every folder and change the permissions, which is hundreds of files. The result still wouldn't be the same as the original.
0
 
nxnwCommented:
As I understand it, your advice is:
1. copy a user's home folder to the desktop of the logged in user ( i.e., a different user);
2. create a new user with a new network home folder;
3. copy back the contents of the various folders into the newly created folder set - for example, the contents of the original library folder, into the newly created library folder;

Re: #1. You can't do this without changing the privileges for most of the contents of the home folder. Otherwise, you are interrupted by "you don't have permission to copy that file", which you ignore at your peril;
Re: #3. Copying a file with incorrect privileges back to the new folder will only change the owner. Any other incorrect privileges (rwx) will remain incorrect.

Without any copying (or potentially imperfect attempts to copy), ownership can be corrected on the full home directory with this command:

sudo chown  -R username home directory path
0
 
ukprotectCommented:
Let me try explain it better.
'User A's' permission are all wrong. i will log in to the server as an administrator.
Locate the location of the home folders. Mine is located on Drive 2 of my Mac mini.
Copy 'User A's' home folder to the desktop.
This home folder will contain the user's Documents, Music, Pictures, Preferences etc.
I then open workgroup manager and delete 'User A'. You may also need to manually delete the 'User A's' home folder from the network location. (Mine is on drive 2, you now still have a copy of 'User A's' home folder on the desktop).
In work group manager create a new user called 'User A'
by default the Administrator cannot view the contents of home folders, so suppose the old home folder (located on the desktop) contains pictures, documents, prefereneces, Click on the new home folder and press command-i and add the current Administrator to have read and write permissions to User A's new home folder. To access the Music, pictures, Library foders repeat the command-i to add the Administrator with read write previleges to these folders.
Copy the contents of Picture folder from the home folder on the desktop to the home folder on the network drive. do the same for the other folders.
0
 
nxnwCommented:
I understood it fine. The problems with it are outlined above.
0
 
lloydforth1Author Commented:
nxnw is right that will only change the owner, nested files will still have the incorrect permissions. The problem is i have propogated incorrect permissions through the whole structure.

I managed to find a compromise that seems to be working it's just i have no idea if the current permissions are the correct "default" ones.

My big problem was that other users could afp to the mac homes and see contents of the other users homes (not exactly ideal) this was fixed immediately by removing everyone read write access from the top level folder.


0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now