01-27-2010
Permissions appear different for local and OD users
If I look at the permissions of a folder on a network share while using a local admin account on my computer, then authenticating as a open directory user to connect to the share, they appear completely different than if I had logged in as an OD user and looked at it, it also appears different from Terminal to finder.
when logged in locally:in the finder mike is owner with r-r-r but in terminal I am the owner
When logged into OD finder shows mike as owner with rw-r-r and temrinal shows the same.
Any ideas why this happens?
---------- Post updated at 12:16 PM ---------- Previous update was at 12:01 PM ----------
I am guessing this is ACLs vs POSIX, we are using ACLs on the server side to set permissions, but I think POSIX are still floating around, at least on the client machines.
---------- Post updated at 12:33 PM ---------- Previous update was at 12:16 PM ----------
Ok, now to be clear. I am using 10.5.8 clients and some version of 10.5 server so ACLs are the default. I don't know if POSIX permissions had gotten copied over from these shares getting migrated over from past servers. If I log in as a local user and connect to a share and then authenticate with my OD creds, I see the wrong permissions in the get info window, and if I view it in the terminal with ls -lae I dont see the ACLS, infact, it shows me as the owner, I'm guessing that is the POSIX permissions. Why would I see POSIX permissions if they are deprecated in 10.5? Are they actually attached to the directory on the network share from when they had been migrated from a past server using POSIX?
If I login as an OD user, the get info shows the correct info and so does the Teminal, including the ACLs.
Do local accounts not show ACLs properly even if they authenticate to shares with OD creds?
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
I am in charge of a project to teach 20 or so inmates basic computer skills. These people cannot have outside access to the web, but I need to show them how to do a basic Google search and search for articles on Wikipedia. (also needs to be Arabic and English)
I was thinking of using a squid... (0 Replies)
Discussion started by: brazen1445
0 Replies
2. UNIX for Dummies Questions & Answers
I want to check if in a host a set of persons have sudo access or not and I dont have root access to the host. (1 Reply)
Discussion started by: pristine
1 Replies
3. UNIX for Dummies Questions & Answers
Hi,
how can I assign different permissions to different users in unix ?
I want to allow userA to read a specific folder and deny read permission to userB
thanks (2 Replies)
Discussion started by: aneuryzma
2 Replies
4. UNIX for Dummies Questions & Answers
I know how to change permissions for the owner, group or others.
if I want a file readable for a group A of users
and writable for a group B how can I do it ?
thanks (2 Replies)
Discussion started by: aneuryzma
2 Replies
5. Red Hat
Hi,
I had installed vsftp in rhel5 and i want to restrict all the local users from accessing the ftp.
i want to allow specific users to access the ftp server.
Request you to please help.
Thanks & regards
Arun (1 Reply)
Discussion started by: Arun.Kakarla
1 Replies
6. UNIX for Dummies Questions & Answers
Hi,
If User1, User2 and User3 are in the same group. User1 should not be able to view the files of User2 and User3. But User2 and User3 should be able to view all files.
How to set permission for this.
Please help.
Thanks,
Priya. (1 Reply)
Discussion started by: banupriyat
1 Replies
7. UNIX for Dummies Questions & Answers
Hello all:
I will include a "requirement" for an issue I am attempting to solve for my boss. Basically, he would like to know if there is a way to prevent users and owner from editing 'write' script in Vi.
- While working in Unix Vi, users would be able to keep all the previous versions... (15 Replies)
Discussion started by: bruski4
15 Replies
8. Windows & DOS: Issues & Discussions
I need a script to add the following two users ids to the permissions for various files: IIS_WPG and IUSR_CowGirl. I am fairly familiar with scripting but haven't been able to figure out how to do this via a script. Manually doing it is slow. I don't want to create users but only add them to a... (2 Replies)
Discussion started by: Stu Loventhal
2 Replies
9. Shell Programming and Scripting
I need a script to add the following two users ids to the permissions for various files: IIS_WPG and IUSR_CowGirl. I am fairly familiar with scripting but haven't been able to figure out how to do this via a script. Manually doing it is slow. I don't want to create users but only add them to a... (2 Replies)
Discussion started by: Stu Loventhal
2 Replies
10. UNIX for Advanced & Expert Users
Hi,
I have created a shared directory on /home, where all users on a certain group have read, write and execute permissions.
I did this using
chmod -R g+rwx /home/shared/
The problem is, when a particular user creates a directory within /home/shared, other users are not able to write to... (8 Replies)
Discussion started by: lost.identity
8 Replies
LEARN ABOUT SUSE
qmail-getpw
qmail-getpw(8) System Manager's Manual qmail-getpw(8)
NAME
qmail-getpw - give addresses to users
SYNOPSIS
qmail-getpw local
DESCRIPTION
In qmail, each user controls a vast array of local addresses. qmail-getpw finds the user that controls a particular address, local. It
prints six pieces of information, each terminated by NUL: user; uid; gid; homedir; dash; and ext. The user's account name is user; the
user's uid and gid in decimal are uid and gid; the user's home directory is homedir; and messages to local will be handled by home-
dir/.qmaildashext.
In case of trouble, qmail-getpw exits nonzero without printing anything.
WARNING: The operating system's getpwnam function, which is at the heart of qmail-getpw, is inherently unreliable: it fails to distinguish
between temporary errors and nonexistent users. Future versions of getpwnam should return ETXTBSY to indicate temporary errors and ESRCH
to indicate nonexistent users.
RULES
qmail-getpw considers an account in /etc/passwd to be a user if (1) the account has a nonzero uid, (2) the account's home directory exists
(and is visible to qmail-getpw), and (3) the account owns its home directory. qmail-getpw ignores account names containing uppercase let-
ters. qmail-getpw also assumes that all account names are shorter than 32 characters.
qmail-getpw gives each user control over the basic user address and all addresses of the form user-anything. When local is user, dash and
ext are both empty. When local is user-anything, dash is a hyphen and ext is anything. user may appear in any combination of uppercase
and lowercase letters at the front of local.
A catch-all user, alias, controls all other addresses. In this case ext is local and dash is a hyphen.
You can override all of qmail-getpw's decisions with the qmail-users mechanism, which is reliable, highly configurable, and much faster
than qmail-getpw.
SEE ALSO
qmail-users(5), qmail-lspawn(8)
qmail-getpw(8)