Mac Homes in Snow Leopard server Permission problem

I think i have broken some permissions on the mac homes folders in snow leopard server:

Whilst trying to fix a save issue with an end user i propogated permissions through the machomes folder, Does anybody know what the default permissions should be for these files
LVL 3
lloydforth1Asked:
Who is Participating?
 
nxnwCommented:
I understood it fine. The problems with it are outlined above.
0
 
GWNet-workingCommented:
CNet has some solutions to this: (http://reviews.cnet.com/8301-13727_7-10329971-263.html)



"Use Disk Utility to Fix System Permissions Disk Utility can access the global permissions database which stores all the default permissions for Apple-provided system files. If users have manually copied files within their System folder (such as kernel extensions), Disk Utility's "Permissions Repair" routine can easily restore the proper permissions on these files. It is recommended to first try the permissions repair when booted into Safe Mode, but alternatively users can boot from their installation DVD and run it from there."
0
 
nxnwCommented:
Disk Utility's Permissions Repair will not fix home folder permissions.

However:
Mac OS X v10.5 or later: While started from the Leopard Install DVD, a user's home directory permissions can be reset using the "Reset Password" utility.
http://support.apple.com/kb/ht1452

If that does not work on network home folders (probably doesn't), the permissions and acls are the same as local home folders:
drwx------+  3 username  staff  102  2 Dec 03:06 Desktop/
 0: group:everyone deny delete
drwx------+  4 username  staff  136  2 Dec 03:06 Documents/
 0: group:everyone deny delete
drwx------+  4 username  staff  136  2 Dec 03:06 Downloads/
 0: group:everyone deny delete
drwx------+ 22 username  staff  748  2 Dec 03:06 Library/
 0: group:everyone deny delete
drwx------+  3 username  staff  102  2 Dec 03:06 Movies/
 0: group:everyone deny delete
drwx------+  3 username  staff  102  2 Dec 03:06 Music/
 0: group:everyone deny delete
drwx------+  4 username  staff  136  2 Dec 03:06 Pictures/
 0: group:everyone deny delete
drwxr-xr-x+  5 username  staff  170  2 Dec 03:06 Public/
 0: group:everyone deny delete
drwxr-xr-x+  5 username  staff  170  2 Dec 03:06 Sites/
 0: group:everyone deny delete

Open in new window

The subfolders in sites and public are a bit different, too.
0
Cloud Class® Course: Microsoft Office 2010

This course will introduce you to the interfaces and features of Microsoft Office 2010 Word, Excel, PowerPoint, Outlook, and Access. You will learn about the features that are shared between all products in the Office suite, as well as the new features that are product specific.

 
ukprotectCommented:
It is almost impossible to reconstruct the permissions again. I have had similar problems with the propergate button. The easiest thing you can do is copy the users home folder to the desktop. Delete that user using WorkGroup Manager, and recreate it again. Copy back the contents of the Documents, Movies, Picture and Music.
0
 
nxnwCommented:
"The easiest thing you can do is copy the users home folder to the desktop. Delete that user using WorkGroup Manager, and recreate it again. Copy back the contents of the Documents, Movies, Picture and Music."

This does not seem like a good idea. It will blow away all of the important things contained in the user's  library, like preferences and email. Indeed, lots of people have nothing of consequence in the Documents, Movies, Picture and Music folders, but have critically important data in the directories that would be lost.

Propagating permissions works fine from the command line.
0
 
ukprotectCommented:
If you follow the procedure I have shown you, it would be easy to copy back the users documents, including their preferences and email. The alternative would be to go to each and every folder and change the permissions, which is hundreds of files. The result still wouldn't be the same as the original.
0
 
nxnwCommented:
As I understand it, your advice is:
1. copy a user's home folder to the desktop of the logged in user ( i.e., a different user);
2. create a new user with a new network home folder;
3. copy back the contents of the various folders into the newly created folder set - for example, the contents of the original library folder, into the newly created library folder;

Re: #1. You can't do this without changing the privileges for most of the contents of the home folder. Otherwise, you are interrupted by "you don't have permission to copy that file", which you ignore at your peril;
Re: #3. Copying a file with incorrect privileges back to the new folder will only change the owner. Any other incorrect privileges (rwx) will remain incorrect.

Without any copying (or potentially imperfect attempts to copy), ownership can be corrected on the full home directory with this command:

sudo chown  -R username home directory path
0
 
ukprotectCommented:
Let me try explain it better.
'User A's' permission are all wrong. i will log in to the server as an administrator.
Locate the location of the home folders. Mine is located on Drive 2 of my Mac mini.
Copy 'User A's' home folder to the desktop.
This home folder will contain the user's Documents, Music, Pictures, Preferences etc.
I then open workgroup manager and delete 'User A'. You may also need to manually delete the 'User A's' home folder from the network location. (Mine is on drive 2, you now still have a copy of 'User A's' home folder on the desktop).
In work group manager create a new user called 'User A'
by default the Administrator cannot view the contents of home folders, so suppose the old home folder (located on the desktop) contains pictures, documents, prefereneces, Click on the new home folder and press command-i and add the current Administrator to have read and write permissions to User A's new home folder. To access the Music, pictures, Library foders repeat the command-i to add the Administrator with read write previleges to these folders.
Copy the contents of Picture folder from the home folder on the desktop to the home folder on the network drive. do the same for the other folders.
0
 
lloydforth1Author Commented:
nxnw is right that will only change the owner, nested files will still have the incorrect permissions. The problem is i have propogated incorrect permissions through the whole structure.

I managed to find a compromise that seems to be working it's just i have no idea if the current permissions are the correct "default" ones.

My big problem was that other users could afp to the mac homes and see contents of the other users homes (not exactly ideal) this was fixed immediately by removing everyone read write access from the top level folder.


0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.