7 Replies Latest reply: Jan 21, 2013 5:20 AM by Newham Bridge Administrator
Newham Bridge Administrator Level 1 Level 1 (0 points)

I'm having a nightmare. All network account home folders have lost their users permissions. I can manually go in and reinstate their read & write access but I've got hundreds of accounts that I need to do this for.

 

Is there any way that I can batch process this? I have a sneaky feeling that there wont be.


Mac mini Server (Mid 2011), OS X Server
  • 1. Re: Change individual permissions for all network accounts
    FromOZ Level 2 Level 2 (405 points)

    Almost anything & everything can be automated via bash scripting on Unix.

     

    If you know bash scripting...

     

    I am not a bash script guru but if you look at the problem and if the actions are consistent and repeatable then it can/could be scripted.

     

    Very roughly (and don't ask me to write bash script for you, I am not that fluent) assuming all user account home directories come off a common root it would be something like:

     

    • enumerate all directory names into a file.
    • Clean up that text file so you just have the names of the directories in a list.
    • Write a shell script that uses the file as input; steps through the lines one by one; assign directory names to a variable; (assuming directory names same as account names) run command to properly set user/group permissions (recursively if necessary) on directories/files.

     

    if it is worth the time for you to get knowledge in the area there are very good bash shell scripting books available.

  • 2. Re: Change individual permissions for all network accounts
    UptimeJeff Level 4 Level 4 (3,390 points)

    If you just need to change the owner, something like this should do the trick

     

    sudo for i in `ls /Users`;do echo chown -R $i "/Users/$i"; done

     

    Adjust the path to the user directories.

    Leave the echo in place to see what it would do.

    Remove the echo to have it actually make the change.

     

    You could always run it with the echo, copy all the output to a text editor, review it..

    if you are happy you could paste the entire list of chown commands and they will execute one after the other.

    You might feel more comfy this way vs having it all run in the background.

     

     

    If you run it, this variation will give you feedback during the processing

     

    for i in `ls /Users`;do echo "working on $i";echo chown -R $i "/Users/$i"; done

    (remove the second chown to make it function)

     

     

    HTH

     

    Jeff

  • 3. Re: Change individual permissions for all network accounts
    Newham Bridge Administrator Level 1 Level 1 (0 points)

    Thank you both for you responses. Unfortunately they're both a lot higher level than I am able to perform.

     

    I tried pasting UptimeJeff's command into terminal but I get "syntax error near unexpected token `do'" and I'm completely stuck after that, but you are right, changing owner would be exactly what I'm after.

  • 4. Re: Change individual permissions for all network accounts
    FromOZ Level 2 Level 2 (405 points)

    Unfortunately sudo wants a program (+arguments) as a parameter, not a piece of shell script, which makes it difficut (not impossible) to do on one line

     

    You could:

     

    a) issue a 'su' command to change to superuser first, don't know if that will be successful on OS X Server as, by default, Administrators are on allowed to go to superuser.

    b) change this into a simple shell script and then run that with sudo

     

     

    Just breaking things down so you understand what is happening, if we take a simple version of the command (which also is not going to change anything!):

     

    for i in `ls /Users`; do echo "$i"; done

     

    which returns (on my server which only has one user)

     

    Administrator

    Shared

     

    each ";" acts as a command separator. Also you can use the output of any UNIX / Linux command as list of values to the for loop by enclosing the command in back-ticks ` `.

     

    Going further with building the command (again without changing anything):

     

    for i in `ls /Users`; do ls -la "/Users/$i"; done

     

    the $i is substituted by the output of the first command which, as you see, is the name of the folders after /Users/

     

    Here is the same (harmless) command converted to a shell script

     

    #!/bin/bash

    for i in `ls /Users`

    do

       ls -la "/Users/$i"

    done

     

    Here is the command to change user directory & file ownership in a shell script - note this will execute the changes.

     

    #!/bin/bash

    for i in `ls /Users`

    do

       chown -R $i "/Users/$i"

    done

     

     

    This is what I suggest you do:

     

    1. Look at the interactive output of terminal command: sudo ls /Users do you only see the users you want to be affected being listed? If yes then you can proceed with the automated update.
    2. Are the Unix user names the same as the folder names? This is critical. If the Unix user name is "fred.bloggs" and the users' directory name is "fbloggs" then obviously the command will not work because the 'chown -R' command is going to recursively change ownership of directories & files to user "fred.bloggs". Do you understand this point?
    3. Make an executable script file - I suggest first a test one with my (harmless) script then the action one.

     

    Assuming the harmless one, in terminal do

    1. touch test (this will create file)
    2. nano test (to edit it)
    3. copy / paste 5 lines (including #!/bin/bash) into file
    4. save it
    5. chmod 774 test (to make it executable)
    6. sudo ./test (to run it, the './' means current directory)

     

    Look at the output, if you are happy step two is to make automated script and TO BE SAFE only change one test user. In step 1 above change to 'touch UpdateUser' to create a file called UpdateUser (for rest of commands change 'test' to 'UpdateUser') and copy paste this below where 'SomeTestUserName' is the name of one users' directory:

     

    #!/bin/bash

    for i in SomeTestUserName

    do

      chown -R $i "/Users/$i"

    done

     

    If you are happy with results of script change second line to

     

    for i in `ls /Users`

     

    save script, execute it.

     

    Of course, as usual, this is at your risk.

  • 5. Re: Change individual permissions for all network accounts
    Newham Bridge Administrator Level 1 Level 1 (0 points)

    Sorry, I've clicked my post by mistake saying "this helped me". If you'd like to respond to this I'll click yours instead.

  • 6. Re: Change individual permissions for all network accounts
    FromOZ Level 2 Level 2 (405 points)

    The steps I outlined making a shell script file worked? You were able to change folder ownership on multiple folders (directories)?

  • 7. Re: Change individual permissions for all network accounts
    Newham Bridge Administrator Level 1 Level 1 (0 points)

    I have not had the opportunity to try your steps yet but you have taken the time to compuse a very thorough response to me and so I wanted to mark it as helpful.