Repair Server Permissions
During my debugging and troubleshooting excersizes over the past few weeks to restore a defunct migrated server to working condition, it became apparent that it all boils down to file ownership and bad ACLs.
This procedure may help solve problems related to:
- Error Reading Settings in Server App
- Restoring server from Time Machine
- Migrating server to new hard drive (i.e. bigger hard drive or moving to SSD)
- Moving service data to a secondary hard drive.
Warning: perform this procedure at your own risk. It worked for me, but may not work if you have special circumstances. It may break functionality if the the owners and groups aren't what your server is expecting. Always back up your entire system first!
That being said, these are the default owners and groups of the service files for Mountain Lion.
The first step in moving to a resolution is to clear any ACLs from the system files, then setting the proper permissions on each of the services directories.
Copy/paste the following commands (I don't recommend typing because there are spaces that might not be evident):
sudo chmod -RN {,/Volumes/*}/Library
sudo chown -R _assetcache:_assetcache {,/Volumes/*}/Library/Server/Caching
sudo chown -R _calendar:_calendar {,/Volumes/*}/Library/Server/Calendar\ and\ Contacts/Data
sudo chown -R _dovecot:mail {,/Volumes/*}/Library/Server/Mail
sudo chown -R _postfix:mail {,/Volumes/*}/Library/Server/Mail/Data/mta
sudo chown -R _jabber:_jabber {,/Volumes/*}/Library/Server/Messages
sudo chown -R _postgres:_postgres {,/Volumes/*}/Library/Server/PostgreSQL\ For\ Server\ Services
sudo chown -R _devicemgr:_devicemgr {,/Volumes/*}/Library/Server/ProfileManager
sudo chown -R _softwareupdate:_softwareupdate {,/Volumes/*}/Library/Server/Software\ Update
sudo chown -R _teamsserver:_teamsserver {,/Volumes/*}/Library/Server/Wiki
sudo cp /usr/libexec/postfix/postfix-files /
sudo /usr/libexec/postfix/post-install upgrade-permissions
sudo rm /postfix-files
sudo postfix set-permissions
sudo postfix check
TODO: determine ownership for Web folder
The last command will verify the mail files and make sure everything is in order. It will list any errors so that you can make any necessary corrections. (if there are no errors, it will simply give you the command prompt back.) Then be sure to Repair Permissions in Disk Utility for sanity.
Please report back with your findings if this has helped you, as well as any pitfalls that should be taken into account that may not have been addressed here. If you have additional commands that should be added as part of a clean-up routine, please let me know -- eventually I would like to have a generic script that cleans the server, maybe something I can run every few months or when I see errors in the logs, just to get the basic stuff out of the way.
I would like to give a special thanks to Linc Davis, who has guided me through this process.
OS X Server, 4GB RAM, Mountain Lion