Privileges Help!

M

mindbend

Registered
I am confused about some issues with privileges and would appreciate any help.

I have set up three OS X Macs at work. Two G4s connected to an iMac acting as a "server" (not a true server, but just a centralized file storing place). Anyway, as me and coworker have found out, when one of us makes a new project folder from our local G4 to the iMac, the permissions on the folder are set so that it is Read Only for "Everyone". This causes a major problem when we try to synch files at the ened of the day because the synch program won't move the Read Only files/folders. Our solution has been to manually redefine the privs to be Read/Write for Everyone, but we shouldn't have to do this EVERY SINGLE TIME WE MAKE A FOLDER (or I guess once for the root folder at the end, but still.

The iMac is showing its own HD as owner:system and group:admin. How can we define a Group? I can't find it in Apple's help files. Is that a feature for X Server only? If so, that is lame. Also, I would rather not get into solutions thru the terminal, though my coworker knows some basic Unix, so maybe it would be OK.

In summary: I want to be able to have all three of my Macs creating files, folders on each other with all privileges turned on.

Thanks for any help!
 
I guess this could help...
Just download BatChmod at this address :

http://homepage.mac.com/arbysoft/

That's a cool Cocoa utility written by Renaud Boisjoly for manipulating files and folders privileges. And it's free...

Just create a folder on your iMac, you want to share with the other users. Drag it to the BatChmod Icon and change the owner and the group to whatever you want. For example, if all the users you describe are "admin" for the iMac, just choose admin for the group and select "R(ead), W(rite) and X(-ecute)".

If I'm right, that will work...

Didj
 
I actually have a similar permissions question:

I have been using my permissions as set by me for so long now that I forgot how they used to be.

Can someone please tell me the DEFAULT settings for all applications which reside in the Applications folder (including those apps and FOLDERS in the Utilities folder, Microsoft Office X, etc....)

I presently have mine set to Owner: w/r/x Group: -/r/- and Everyone: none. Should I change this?

My goal was to (a) keep other users from accidentally deleting files or folders (so all members of group "staff" get read only privilges for my Apps) and (b) keep intruders out. I did all of this before I really started learning more about UNIX. I'm beginning to think that it might be better to go back to default (for example, some installers like Adobe GoLive [which I FINALLY got recently; thanks Adobe] won't install unless the permissions are set to certain settings).

Can somone explain (a) what settings I should use (what are default OS X) and (b) why the default is still sufficient protection.
 
In other words, I have two users on one of my OS X boot partitions which belong to the same Group (staff). One of these users is an administrator (me), and the other isn't. My goal is to give the NON-admin user the right to READ and access all of my apps but not be able to delete/modify them. Some folders (like MS Office) seem to apply their own custom permissions. What do you all have your Applications (and subfolders) set to? And what about the applications within these folders? Rather than Owner:System Group:Admin or something, I had changed mine to Owner:me Group:staff (with O: rwx and G:-r- and E: ---).
 
mindbend: may I suggest running your sync program as root? This can be done by logging in as root (not recommended, but not really the end of the world if you're careful). If root login is not enabled on your machine, search this site for "enabling root login."

I seem to recall reading about a way to start a Carbon/Cocoa app as root from the terminal using 'sudo open -a <app>' but some simple experiments show it doesn't work. Maybe someone else knows a way to launch a GUI app with root privileges...? I searched the site, but.... maybe it's just too late.

Of course, if you're syncing on the command line (with rsync perhaps?) you could always sudo <insert-sync-app-here>

Backups really should be run as root anyway, there's no other way to guaranty that _all_ files will be backed up regardless of owner.

Hope this helps...

-alex.
 
GadgetLover: /Applications would usually be: -rwxr-xr-x accross the board. If you think about it, it means that the owner can do whatver they want, and everyone else can read and execute (that is to say: run) applications to their hearts' delight, but can't write (aka change,delete) anything.

If you really only want the staff group to be able to run apps (though I don't see why you would; maybe certain apps, but anyway...) you can make the permissions rwxr-x---

It's worth noting here that the e'x'ecute in UNIX permissions has two meanings: For files it means the ability to launch the file as though it were an application. You can give a normal text file execute permissions, open the terminal and try to launch it, the system will actually try....it'll fail, but it tries. The execute bit is actually UNIX's only way of differentiaing a normal file from an app (or "executable" in UNIX parlance).
However, for folders, the execute bit refers to the ability to change directories into that directory, basically the ability to open that folder. It's a bit hard to understand from a GUI point of view why this isn't covered by the read bit, but on the command line the act of reading the contents of a directory and actually moving into it are two different things. Either way, if there's an app you want in a folder whose execute bit is turned off for the user in question, that user won't be able to use the app.

Hope this helps,
-alex
 
Thanks for the info....

So are you saying that it should be:

Owner: R W X
Group: R - X
Everyone: R - X

What is the OWNER of Applications Folder?
What is the GROUP of Applications Folder?

Should I change ALL subfolders to the same?

Is it by chance, Owner: System (root); Group: Admin?

Also, what should the Utilities folder and MS Office X be set to (what is the owner and group name and permissions)?
 
GL - try this from apple to fix your applications folder permissions. I saw this before and didn't even realize it was from apple until i just went looking for it for you.:)
 
TestUser: Thank you soo much. Your comments were perfect in helping me along the way to troubleshooting.
I have subsequently fixed my Library permissions problems that were blocking some third-party apps from being able to be installed properly (basically, Adobe goofed on its "/Library/Application Support/Adobe" permissions. One of their tech support guys and I figured it out and now the problem is solved.

but it got me thinking ...

since I have changed a lot of my permissions in my user Library and home directories to give access to certain files to non-admin users on my system, I no longer recall the defaults for any of these.

What are the default owners/groups and permissions for the USER'S Library and Home subfolders? Are they Owner: User; Group: Admin (or staff?) RWX R-X R-X ?

====

And a special thanks to Ed for introducing me to a cool little permissions fix utility from Apple which resets Applications subfolders to defaults.

And a shout out to the makers of SuperGetInfo and BatChmod for saving the day. You guys rock! Incidentally I am a PROUD shareware licensee -- and you all should be too. These apps, as well as LaunchBar, Classic?, SimX's Memory Usage Guide, Watson, Graphic Converter, Note Pad Deluxe, ASM, FruitMenu (and Xounds and WindowShade X) ... are all examples of great and useful utilities!
 
Originally posted by testuser
When I want to share with other users on my computer, I will put files in the Shared folder. They cannot be deleted by others. However, you can give them write permission, if you want them to be able to edit these files.

It would save a lot of confusion if Apple gave explicit instructions on file sharing with the Shared and Public folders. I think they don't do this, because this is not traditional Mac-like behavior.
Click to expand...

I agree. Apple is hypocritical. They want to project the illusion of simplicity and ease of use regarding Apple Macintosh OS X (as their longivity depends on it!). And in many ways it IS easy, simple, elegant, and fast. (I DO love it). ... but ... Apple also creates many instances that ultimately require manipulation (and knowledge!!) of the Unix environment. If this were not true then (a) the root Library would be invisible too, (b) there would be no Terminal App, NetInfo Manager, Console, etc, (c) these apps would not be included on basic consumer installs of OS X (as opposed to Developer releases), and (d) Apple would not talk about Unix as a feature set.

At the end of the day, the truth is that if you get to know the engine under the hood, so to speak, OS X is a powerful tool that is fully customizable and yet still elegant. BUT Apple should provide a UNIX tutorial in its help menu that explains a lot (yes UNIX has its own help but if you didn't know that how would you get to it???)
 
You must log in or register to reply here.
Back
Top