Permissions Difficulties - Users can't do certain things

Discussion in 'Mac OS X Server, Xserve, and Networking' started by JimboStormforce, Jan 21, 2013.

  1. JimboStormforce macrumors newbie

    Jul 9, 2012
    I am responsible for a Mac Mini Server environment someone else set up, and every so often something throws me a curveball.

    Some of our network users (and it turns out this has been the case for nearly a year) can't do things like open Mail (they don't have permission to the relevant library folder) and things like delete or move files.

    I've been through all the permissions (both Posix by right clicking and get Info and ACL through Server.App) on each users home folder, and have ensured that the user seems to have the right access, and is the owner.

    One of the quirks I've discovered is that on the ACL for each user who works, there is a user called 'root' with Read Write access. Trying to add this root user for the others doesn't work as it doesn't seem to be on the system.

    I'm running out of options and knowledge here - does anyone know of a good guide to clearing all ACLs and Permissions on a network user's home folder, and then rebuilding them?

  2. JimboStormforce thread starter macrumors newbie

    Jul 9, 2012
    So, I've spent the day clearing all permissions on the folders via the command line (or I think that's what I've done) whether POSIX or ACL, and then trying to apply new permissions that should be correct.

    No dice.
  3. JimboStormforce thread starter macrumors newbie

    Jul 9, 2012
    I've now started to view the permissions using terminal (which I'm no expert with), and find something interesting.

    If I do ls -ld myHomeFolder (which works!) I get:
    As an example on the Mail folder (which is one of the ones causing problems. If I do this for another user, I get:
    So, the POSIX permissions look the same, the ACLs might be different, but the owner is different. adamoneill owns his own folder, but root owns my folder.

    Most odd.


    Listing the ACLs gives me:

    for my home folder, and

    for adamoneill. So, it looks like the owner and user are swapped round.
  4. JimboStormforce thread starter macrumors newbie

    Jul 9, 2012
    Well, after much googling, I fixed it.

    I went in to Terminal on the server, and used chown to change the owner to root, and the group to admin on each user's home folder.

    I then used chmod -RN to strip all the ACLs from each user.

    I then user to add each network user to their home folder with Read, Write access, and propogated those permissions as an ACL.

    Seems (touch wood) to be working.

Share This Page