9. Batch PermissionsWarning Mistakes to permissions made as root can be very harmful if you stray out of the "Users" folder. This utility is a power-user utility that can easily be misused and careful attention and understanding is needed before proceeding to set permissions. MacinMind Software cannot assume any liability for misuse of this module. Purpose and Uses Batch Permissions is a module in Passenger to set file level permissions in Mac OS X on a group of user folders. It is able to set the owner of a folder to the name of that user's home folder. It can set different privileges for different subfolders and set them recursively or not. You can also export these Permissions Set instructions as a shell script for automatic daily maintenance. How to In order to set most permissions, it is necessary to be logged in as root. Passenger will use ssh to login to the local or remote computer as the user you specify. In order for this to work, Remote Login must be turned on in the System Preferences Sharing panel. The root login on Mac OS X Server takes the same password it was given for the first administrator account created when the server was setup. When you open the Batch Permissions window using the menu item in the Utilities menu, the setup for permissions is Mac OS X Servers's default permissions for home directories.  If you are running Passenger right on the server and the users home folders are in their default location--"Users" on the root of the volume--then Batch Permissions is ready to apply default permissions to all folders and files in the Users folder. Other Volumes To set permissions on a different volume, you may use "/Volumes/[name of drive]" as the beginning of your path. To ensure the path name is correct, check this name in the shell. This name can actually be different than the name of the drive that shows on the desktop. To do this, open the terminal and type: cd /Volumes then ls -l The drive names will be in the right column. Use these drive names when entering the path in Batch Permissions. Tag Replacements There is one tag replacement used in Batch Permissions, "<username>". This tag has no direct relationship to any imported or formulated data in Passenger. This tag has two purposes: In the path, the <username> tag simply means all folders in the the preceding path. The second purpose is to remember that folder name to be used in setting owners. Permission Sets You may add and remove different permission tasks using the lower "Add" and "Remove" buttons. The permissions are changed in the order of top to bottom. For instance, the home folder and all its contents are set to read only for the staff group. A later permission set gives read/write access to the "Public" folder and then write-only access to the "Drop Box" folder. The first two permission sets are cannot be edited and represent the default permissions given to shipping OS X Server the the Macintosh Manager folder. Create other sets for yourself and they will be kept between launches. If there are errors, they will be reported in the details. Save As Shell Script You can also save a Permission Set you've designed in Batch Permissions as a Shell Script which you can add to your System crontab so that it can run automatically on a schedule you choose on your server to correct permissions. Use a utility like Cronix to do this. |