PDA

View Full Version : permissions totally completely suck


jvaska
Jan 3, 2004, 06:05 AM
having multiple users with panther is such a royal pain in the ass...

one user creates a file, later puts in the shared folder for another user, other user copies it to their folder, can open and view it but does not have the permissions to save changes?!

and what's worse? the two users are both admins on the system...why would admins have these problems?

this is completely driving me crazy...i'm having sharing problems of this sort all the time...

is all of this either

- going to be like this forever and therefore feeling more like a microsoft thing...

- explained somewhere in a comprehensive tutoral/article...and where?

v

7on
Jan 3, 2004, 10:09 AM
Well if there were no permissions it'd be exactly like Windows ;P

... Where any user can change stuff

razorme
Jan 3, 2004, 10:28 AM
Originally posted by jvaska
having multiple users with panther is such a royal pain in the ass...

one user creates a file, later puts in the shared folder for another user, other user copies it to their folder, can open and view it but does not have the permissions to save changes?!

and what's worse? the two users are both admins on the system...why would admins have these problems?

this is completely driving me crazy...i'm having sharing problems of this sort all the time...

is all of this either

- going to be like this forever and therefore feeling more like a microsoft thing...

- explained somewhere in a comprehensive tutoral/article...and where?

v


There is probably a better way, but when you run into this problem, just get info on the file, change the ownership to the current user, change the read/write setting for the group staff, and then change the ownership back to what it was.

jvaska
Jan 3, 2004, 10:41 AM
Originally posted by razorme
There is probably a better way, but when you run into this problem, just get info on the file, change the ownership to the current user, change the read/write setting for the group staff, and then change the ownership back to what it was.

that's it? that's the solution? of course, this is what i have been doing, but it's ridiculous...

not liking this aspect of osx one bit...v

mactastic
Jan 3, 2004, 12:04 PM
Here, you may want to have a look at this article. (http://www.osxfaq.com/Tutorials/LearningCenter/UnixTutorials/ManagingPermissions/index.ws)

It gives an overview of the permissions structure and how to change them.

jvaska
Jan 3, 2004, 01:39 PM
thanks, this website looks like a good resource...

however, it seems the problem i'm having could possibly be resolved with creating groups but i can't see a way to do this...nor can i find a way to do this via terminal or preferences...

any ideas?

thanks...v

bankshot
Jan 3, 2004, 02:19 PM
The Unix file permission model has provisions for this sort of situation, but unfortunately it's far from perfect and not very flexible. As has been suggested, the solution involves making the files group writable. The unfortunate part is that I know of no consistent, automatic way of doing this in OS X.

In the Terminal, you can use the umask command to set default permissions for any new files you create. The default value is 022, which means that the user gets all permissions, but group and others don't get write permission. You want to give group write permission on all new files, so setting the umask to 002 removes the write restriction for the group.

Problem is, this only seems to work in the Terminal in OS X. Indeed, if you type umask 002 in the Terminal and then create a new file, it is group writable. You can even put this command in your shell init scripts (.tcshrc or .bashrc depending on the shell) and it will apply to every Terminal session you use.

But most of us work in the gui, and I haven't found any way to set the umask and get it to stick for normal gui processes (Finder or any normal application). Plus, by itself, the umask above means that files are writable by your main group, which is probably staff. Depending on who else has access to the machine, this may or may not be desirable. Unix has a way of telling any folder that all new files created there will have a certain group other than the default, but amazingly it cannot be more flexible and also specify things like the default file permissions on a folder-by-folder basis. Clearly the permission model needs an update, and hopefully Apple is working on something for 10.4? If not, let's go spam them with feedback about this. :D

Anyway, sorry for the longwinded post. The only real "solution" I can think of is a bit of a kludge but it should work fairly well. The Unix "cron" program allows you to schedule certain commands to run at certain times of the day. You could schedule a job to run every minute and change the permissions of the files in your directory to what you want. That way, any new files created there will have the correct permissions within one minute or less, without your intervention.

To do this, create a new text file with contents like the following:
* * * * * /usr/bin/chgrp admin /Users/Shared/somefolder/* ; /bin/chmod g+w /Users/Shared/somefolder/*

It should all be on one line. Change the path to wherever your shared folder is. Save the file and then open Terminal. From the prompt, type crontab filename where filename is the name of the file you saved.

Now, this is a total hack. It does a lot of needless work but if you don't have too many files you shouldn't notice any slowdown (I tested with 10000 and it took about 3 seconds on my 733 G4, 100 or so shouldn't be even a little blip). If you have files in subfolders too, then the above commands get a little trickier...

jvaska
Jan 3, 2004, 02:25 PM
interesting...i need to think this through i believe...

this is a bummer that osx can not handle this better, but it's still pretty damn good...

i'm pretty sure i'll use your hack once i've had some time to think about how to get all of this organized...thanks very much for that tip...

v