+ Post New Thread
Results 1 to 9 of 9
Mac Thread, Repair Permissions in Technical; All my Mac users have lost their write access to their home folders on our Mac network! This means that ...
  1. #1
    theeldergeek
    Guest

    Repair Permissions

    All my Mac users have lost their write access to their home folders on our Mac network!

    This means that whilst they can log in, they can't save any work to their home drive.

    I have no idea how this happened, but I think I can see where the problem is. Under "Get Info" for each home folder, the permissions don't include the user.

    If I create a new user, the permissions DO include that user.

    So, somewhere, the permissions for all the folders have had the user removed, thus they only get read access to their own folders.

    Is their a 'repair permissions' utility that I can use? Or am I going to have to reset each and every folder's permissions manually?

    I understand the permissions should be set to :

    System - [username] - (read/write)
    Group - staff - read
    Everyone - read

    ...and then I should be able to set this to all folders/files within, but it won't propagate to files/folders contained therein.


    Thanks in advance.

  2. #2
    pooley's Avatar
    Join Date
    Sep 2005
    Location
    S Wales
    Posts
    1,179
    Thank Post
    84
    Thanked 135 Times in 111 Posts
    Rep Power
    70
    Disk utility has the "repair disk permissions" option, try that ?

  3. #3
    theeldergeek
    Guest
    Quote Originally Posted by pooley View Post
    Disk utility has the "repair disk permissions" option, try that ?
    All our Home folders are on a Data partition, and Disk Utility won't give me access to the 'repair' facility when Dat is highlighted - permission tasks are greyed out.

    I can only access Boot volume for these.

    Notwithstanding, I ran the repair permissions on boot, and repaired those that it found required repairing, but this has had no effect on the overall problem.

  4. #4
    rolfea's Avatar
    Join Date
    Nov 2008
    Location
    Hereford
    Posts
    682
    Thank Post
    66
    Thanked 50 Times in 25 Posts
    Rep Power
    22
    Are you not able to restore from a back up from when it was last working? or have changes been made since then?

  5. #5
    theeldergeek
    Guest
    Quote Originally Posted by rolfea View Post
    Are you not able to restore from a back up from when it was last working? or have changes been made since then?
    Possibly, but we are at the bottom of a very steep learning curve here, and our 'solutions' provider has really left us in the lurch - a mess I can't really go into more detail over.

    For the purposes of this exercise, we are going to have to assume restoring is not an option at this stage.

  6. #6
    AntonioRocco's Avatar
    Join Date
    Oct 2008
    Location
    South Yorkshire
    Posts
    270
    Thank Post
    11
    Thanked 114 Times in 95 Posts
    Rep Power
    41
    Assuming this is a 'classic' Open Directory deployment then whatever folder/directory is being shared for User Home Folder creation the default POSIX permissions should be:

    Owner: admin or root R/W
    Group: admin R/W
    Everyone: R

    Depending on how you created the folder/directory (using the finder or the application) you'll either see root or admin. Either will do.

    For individual User's Parent Homes:

    Owner: User's name R/W
    Group: staff R
    Everyone: R

    When you look at the individual folders themselves they should all belong to the User who should have full Read/Write privileges. The Group should be staff with No Access as should Everyone. All of the folders should have these permissions apart from Public and Sites. These two folders will have the same permissions as the the User's Parent directory.

    You can't repair permissions on a volume/drive that does not have a valid OS installed.

    What I've sometimes seen is an overzealous teacher or IT admin get confused about the permissions models available? They assign ownership at the Parent folder level to a different user and propagate downwards from there using the POSIX model. End result students don't get access to their homes or have read access only. Not good.

    It might be best to explain the Permissions Models available so as a greater understanding can be achieved? Essentially there are two - there is a third. Access Control Lists (ACLs) and standard POSIX. ACLs are similar to what is available on the Windows platform and have been available since 10.4. In 10.4 you have to enable ACLs for a given volume followed by a restart. This is for the Server. The Client OS still used POSIX. ACLs supercede or worked in conjunction with standard POSIX. You had to be careful as a deny in both models could lock you out with dire consequences.

    Standard POSIX are limited (no support for multiple groups for example) in their scope whereas ACLs are far wider and more 'granular'. You have to be careful with ACLs as things can soon get complicated. However once you begin to understand how they work there is not much you can't achieve. For example ACLs can traverse directories.

    With 10.5 ACLs are used by default in both the Server and Client OS. Standard POSIX is deprecated in favour of ACLs. Apart from special users reserved for the system and home folder creation only ACLs are honoured.

    However this is not perfect - what a surprise!

    On OSX Server you should never 'fiddle' with permissions using the Finder. Its okay to do it with the Client OS although it can go wrong sometimes. Better to use the relevant application on the Server OS or the command line on both. Consult the manual pages for chown and chmod for examples and usage. The above is especially true for 10.5.

    For your problem and unless someone comes up with something else - a script with relevant variables included possibly? I think you are really looking at 'resetting' each individual users home parent folder and propagating from there. As mentioned you should only be using standard POSIX to achieve this. It's easier to troubleshoot that way.

    If you want to provide access for a teacher or group of teachers or members of the IT staff do so using an overriding ACL. The third permissions model available are SACLs (Service Access Control Lists). These can be set and defined using Server Admin. In practice you generally leave them at their defaults.

    Antonio Rocco (ACSA)
    Last edited by AntonioRocco; 24th February 2009 at 08:12 PM.

  7. Thanks to AntonioRocco from:


  8. #7
    manxdan's Avatar
    Join Date
    May 2007
    Location
    Isle of Man
    Posts
    43
    Thank Post
    5
    Thanked 3 Times in 3 Posts
    Rep Power
    16
    provided the users network home folders are named with the user's shortname, passenger is the tool you require.
    the splendid batch permissions facility does not even require registration


    Passenger: The Mac Server Account Creation Utility

  9. Thanks to manxdan from:


  10. #8

    Join Date
    Jan 2009
    Posts
    12
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Thanks for the tip, This worked brillently.

    We had an issue where it was saying that the users where already logged in when nobody was and if we turned on simontanious log on our students could log in but as soon as we turned it off nothing.

    used passenger to reset the permissons on the home folders and then the users could log straight in.

    That has saved me a huge head ache and a reinstall of OS X server.

    Thanks

    Chris Draper

  11. #9
    theeldergeek
    Guest
    Quote Originally Posted by manxdan View Post
    provided the users network home folders are named with the user's shortname, passenger is the tool you require.
    the splendid batch permissions facility does not even require registration


    Passenger: The Mac Server Account Creation Utility
    They are set as their shortname, but I have looked at this program and can't really fathom it.

    Is their ANY chance someone could 'walk' me through this?

    I am now at point desperation, I really am



SHARE:
+ Post New Thread

Similar Threads

  1. Repair Permissions
    By theeldergeek in forum Mac
    Replies: 0
    Last Post: 24th February 2009, 09:54 AM
  2. XP Repair
    By Grommit in forum Windows
    Replies: 7
    Last Post: 28th January 2008, 12:51 AM
  3. Projector Repair
    By witch in forum Hardware
    Replies: 7
    Last Post: 12th February 2007, 12:12 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •