User profile for user: Keith Thirgood
Keith Thirgood Author
User level: Level 1
106 points

denied permission when copying files and folders

I have just set up a new NAS RAID drive and was about to copy files from my old server's RAID onto the new drive. I'm suddenly getting denied permission to access some of the files, which halts the copying process.

I have over 90 GB worth of files to copy, I don't want to have to open each folder, sub-folder and sub-sub-folder to inspect the file permission settings to find the "bad" ones. (Even when I do, sometimes instead of allowing everyone read-write privileges, it turns it into denying everyone.)

I am not familiar with Terminal, so I hope any solution can be done without using Terminal.

I've tried using a program called PrivilegeFix, however it ends up being denied permission to change privileges.

G5, Mac OS X (10.5.4)

Posted on Aug 26, 2008 9:28 PM

Reply
33 replies
User profile for user: Keith Thirgood
Keith Thirgood Author
User level: Level 1
106 points

Sep 1, 2008 8:36 PM in response to Scott Radloff

When you think you're ready to tackle vetting and changing UIDs/usernames (where necessary) for your users, let me know. We can just take it one step at a time. Based on what information you find as we go, there might not be too much to do.


Simple works for me. All the users on our network have the same level of access. In other words, full access.

I'm just waiting to hear back from the supplier regarding why files that have been copied over take so long to preview and open vs. the identical files on the old server. Once they straighten that out, I will be ready to work on the remaining UID issues.
Reply
User profile for user: Scott Radloff
Scott Radloff
User level: Level 6
14,496 points

Sep 3, 2008 8:15 PM in response to Keith Thirgood

Keith,

While I have some spare time, I thought I would go ahead and provide some of the informational groundwork regarding the issue of UIDs. This way, you'll understand why it is my recommendation that you take direct control of them, how they affect (or may affect) your particular environment, and what benefits you can expect from having the control I recommend. Here we go...

UNIX "thinks" of users according to their UID. While it is true that it also "maps" these UIDs to human-language short names that we can see and readily understand, under that layer of apparent friendliness the operating system still refers to us (users, that is) as "501," "502," etc. As far as the OS is concerned, we are our UIDs, and most of the applications we run as users are, too.

When we create a file, and this includes the act of copying one, that file is assigned our UID, thereby designating the fact that we "own" it. This UID, along with the permissions set for the file, are contained in "bits" that are reserved specifically for the purpose of controlling the file access. And in UNIX, historically, bits are a precious commodity. It is for this reason that ownership and permissions have always been stored in a spartan and extremely efficient way.

So how and why would you care about all this, when the GUI layer of OS X typically hides all this "stuff" from you? Well, let's take a look at two of your users, "fred" and "sally." Fred uses an iMac, while sally has a Macbook. Both computers are connected to your network, and both users regularly save files to your NAS. Further, we're going to assume that both fred and sally use accounts that were the first ones created within the installations on their respective computers (in other words, they both used the "Setup Assistant" to create their accounts).

In this case, they will both have a UID of "501." The files they save to the NAS will be "owned" by a user with the UID "501." Every OS X machine on your network will recognize those files as being owned by "501." Put simply, not only will they both own the files either one saves, but every user with a UID of "501" (presumably one per machine on your network) will own those files.

At first glance, this scenario might seem ideal for an establishment such as yours, where everyone has their own computer, and it is assumed everyone will be collaborating, each contributing something to the data being generated, and consequently, each needing that "ownership" granted.

But only at first glance. Once anything changes, the entire house of cards will come tumbling down, and without the conscious control I recommend you pursue, you won't have any idea why or what is going on. If, for example, you wish to give "fred" your old Macbook Pro, in order to allow him the freedom of a portable machine, you'll probably do so by first creating an account on it for him, then deleting your own. Fred will end up with a new UID on this Macbook Pro. Assuming his is the second account created on it, his new UID will be "502." When he then mounts the NAS volume in an effort to continue his work with his files, he will find that he no longer is recognized as the owner of those files. What is he to do? He is just a user, and has no knowledge of this stuff. He'll be out of commission, and will be at your desk consuming your valuable time. In turn, you will be coming to us for a "fix," and all the while, no work is getting done.

Worse, he will no longer be recognized as the owner of the files he saved on other external drives (if they exist).

The answer, then, is to gain that conscious control over who gets what UID. Instead of throwing users onto machines willy-nilly, you'll use the same usernames and UID for each of your "humans." This would be a dirt-simple step to take, if you were just now starting from the ground up with all of your machines and staff. As it is, "mid-stream" as you are, it is still a relatively simple thing to pull off. Certainly nothing that you couldn't do in perhaps a couple hours (or less), with access to all the machines in your organization.

The benefits only start with the complete removal of the "oops, I no longer own my files" syndrome. One very powerful option it opens to you is the ability to carry that over into the presence of an account for every member of your organization on every machine in your organization. All without the need for OS X server. With this in place, any one of your users can log into any machine, at any time, and have exactly the same access and ownership that they always have, across your entire network.

So far, we have only discussed file access. Even if you don't right now, you may at some time have a comparable need for file security. Well, everything stated above applies to this, too. Without a firm grasp on UIDs and ownership, your file security is also at risk. You haven't mentioned security in any of your posts, so I will assume it is not important at this time. Just realize that wrapping your mind around ownership and UIDs, then applying that knowledge, opens the door to having a firm grasp on security, as it suits you.

Scott
Reply
User profile for user: Keith Thirgood
Keith Thirgood Author
User level: Level 1
106 points

Nov 30, 2008 8:47 AM in response to Scott Radloff

When you think you're ready to tackle vetting and changing UIDs/usernames (where necessary) for your users, let me know. We can just take it one step at a time. Based on what information you find as we go, there might not be too much to do.


Hi Scott,

I've finally given up on the supplier of the NAS and have scrapped it entirely. I want to proceed with making all the IUDs and Usernames the same across the network, as you proposed.

Can you give me the steps to follow?
Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

denied permission when copying files and folders

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up