Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Repair Server Permissions

During my debugging and troubleshooting excersizes over the past few weeks to restore a defunct migrated server to working condition, it became apparent that it all boils down to file ownership and bad ACLs.


This procedure may help solve problems related to:

  • Error Reading Settings in Server App
  • Restoring server from Time Machine
  • Migrating server to new hard drive (i.e. bigger hard drive or moving to SSD)
  • Moving service data to a secondary hard drive.


Warning: perform this procedure at your own risk. It worked for me, but may not work if you have special circumstances. It may break functionality if the the owners and groups aren't what your server is expecting. Always back up your entire system first!


That being said, these are the default owners and groups of the service files for Mountain Lion.

The first step in moving to a resolution is to clear any ACLs from the system files, then setting the proper permissions on each of the services directories.


Copy/paste the following commands (I don't recommend typing because there are spaces that might not be evident):

sudo chmod -RN {,/Volumes/*}/Library

sudo chown -R _assetcache:_assetcache {,/Volumes/*}/Library/Server/Caching
sudo chown -R _calendar:_calendar {,/Volumes/*}/Library/Server/Calendar\ and\ Contacts/Data
sudo chown -R _dovecot:mail {,/Volumes/*}/Library/Server/Mail
sudo chown -R _postfix:mail {,/Volumes/*}/Library/Server/Mail/Data/mta
sudo chown -R _jabber:_jabber {,/Volumes/*}/Library/Server/Messages
sudo chown -R _postgres:_postgres {,/Volumes/*}/Library/Server/PostgreSQL\ For\ Server\ Services
sudo chown -R _devicemgr:_devicemgr {,/Volumes/*}/Library/Server/ProfileManager
sudo chown -R _softwareupdate:_softwareupdate {,/Volumes/*}/Library/Server/Software\ Update
sudo chown -R _teamsserver:_teamsserver {,/Volumes/*}/Library/Server/Wiki

sudo cp /usr/libexec/postfix/postfix-files /
sudo /usr/libexec/postfix/post-install upgrade-permissions
sudo rm /postfix-files

sudo postfix set-permissions
sudo postfix check

TODO: determine ownership for Web folder


The last command will verify the mail files and make sure everything is in order. It will list any errors so that you can make any necessary corrections. (if there are no errors, it will simply give you the command prompt back.) Then be sure to Repair Permissions in Disk Utility for sanity.


Please report back with your findings if this has helped you, as well as any pitfalls that should be taken into account that may not have been addressed here. If you have additional commands that should be added as part of a clean-up routine, please let me know -- eventually I would like to have a generic script that cleans the server, maybe something I can run every few months or when I see errors in the logs, just to get the basic stuff out of the way.


I would like to give a special thanks to Linc Davis, who has guided me through this process.

OS X Server, 4GB RAM, Mountain Lion

Posted on Dec 23, 2012 9:45 AM

Reply
2 replies

Dec 23, 2012 6:17 PM in response to Miggl

Thanks for the credit, and I applaud your effort to help others, but your instructions go beyond what I wrote and aren't entirely correct. The permissions and ACL's on the Wiki directory are much more complicated than you indicate, and must be set using the wikiadmin(8) shell command. I'm not sure about all the others.


Also, the form of the commands that I gave you was predicated on the fact that you had moved your server data to a secondary volume. Most users won't (and shouldn't) do that, so the prefix "{,/Volumes/*}" isn't appropriate for them.

Dec 25, 2012 1:53 PM in response to Linc Davis

Linc I noticed in another post you mentioned about not putting (user) server data to a secondary volume (HDD). Can I ask why you advise that — is there some specific technical and/or Apple server related reason?


I'm curious as I am going to be installing an external Thunderbolt drive to a (new) Mac mini server and moving server data mount point to that drive.

Repair Server Permissions

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.