Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Resetting permissions on multiple user folders OS X Server
The permissions on OS X Server home directories can get screwed up during reinstalls, hard drive swapping, or by users who know enough to be dangerous. This shell script goes through and corrects the permissions and owners on all user folders so you don't have to do it manually. Just put this in a text file (without any extension), name it something like "resetusers," and drop it in a command folder like /sbin. Then type sudo resetusers to run it.
#! /bin/csh

cd /Users
set full=`nireport -t my_server/network /users name | egrep -v '(root|user1|user2)'`
chmod -R 700 $full
foreach current ($full)               
chmod 755 $current
chmod -R 755 $current/Public
chmod -R 755 $current/Sites
chown -R $current $current
end
The way this works is:
  1. Switch to the Users folder.
  2. Use nireport -t my_server/network /users name to get a list of the users on the server. If you are not running a NetInfo domain, use nireport . /users name instead.
  3. Use egrep to subtract any users who either have home directories in a different location (like root) or don't have home directories at all.
  4. Make every folder of every user private.
  5. For each user, allow public access to the Public and Sites folders and the top-level user folder.
  6. Make sure the user is the owner of all files in their folder.
If you run into "Operation not permitted" errors on certain files, those files are probably locked. If you want to unlock them, run sudo chflags nouchg filename or sudo chflags -R nouchg foldername.
    •    
  • Currently 1.50 / 5
  You rated: 2 / 5 (8 votes cast)
 
[13,790 views]  

Resetting permissions on multiple user folders | 13 comments | Create New Account
Click here to return to the 'Resetting permissions on multiple user folders' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Resetting permissions on multiple user folders
Authored by: kal on Apr 14, '03 12:57:59PM
Just a small refinement... How about changing:
chmod -R 700 $full
with something like
find $full -type d -exec chmod 700 {} \;
find $full -type f -exec chmod 600 {} \;
This way, all the regular files (-type f) of a user will only have read/write permission, but the catalogues (-type d) are still accessible. All of the user's executables will have the wrong permissions, but usually there are fewer executables than regular files... Just a sub-tip...

[ Reply to This | # ]
Resetting permissions on multiple user folders
Authored by: Mizou on Apr 14, '03 06:07:04PM

Another suggestion is to change 'cd /Users' to 'cd ~/..' to make the
script independant of the location of the Users catalog.

I for instance have the system and the Users catalogs on separate
volumes. That way I don't have to backup everything in case I have to
reformat the system volume, and reinstall the system.

If I were to write 'cd /Users' then i'd refer to my unused /Users catalog
on the system volume, while cd ~/.. refers to the catalog one level up
from the currently logged in user, which in my case is the admin
account.



[ Reply to This | # ]
Resetting permissions on multiple user folders
Authored by: alexiskai on Apr 14, '03 08:58:29PM

The way I actually have it set up (I wrote and submitted this hint) is cd /Volumes/Storage/Users because, as you said, my Users folder is in a different location.

The only problem with changing it to cd ~/.. is that the user I usually execute these things from actually has its home folder in /Users, ironically. And if one were to execute it from root for whatever reason it wouldn't work at all. So perhaps better to simply hard-code the location of the Users folder you intend to manage.

I wrote the script mostly because I've had to reinstall the server OS a couple of times while leaving the Users folder alone since it's on a separate partition, and it's handy for making sure OS X understands that user john_doe on the new system should own the folder created by john_doe on the old system.



[ Reply to This | # ]
Resetting permissions on multiple user folders
Authored by: nicola on Apr 15, '03 05:09:43AM
You have already used nireport, so why not use niutil for getting a user's home directory? You may do something like

HomeDirLocation=`niutil -read . /users/$UserName | grep "home: " | sed 's/home\:\ //g'`

note: the above line is for the local domain; I don't have a server at hand, so I can't tell if "home: " (and the following "home\:\ ") will work for network domains too... (maybe not)

[ Reply to This | # ]
Resetting permissions on multiple user folders
Authored by: mithras on Apr 15, '03 08:23:37AM
What you want is:
HomeDir=`niutil -readprop / /users/$UserName home`

---
--
my free OS X applications and scripts

[ Reply to This | # ]

Resetting permissions on multiple user folders
Authored by: nicola on Apr 15, '03 10:20:57AM

Hey thanks!
Guess I should always read ALL the man page...

And: does anyone know if the "home" property is ok for OSX server too?



[ Reply to This | # ]
Resetting permissions on multiple user folders
Authored by: geordie on Apr 15, '03 12:41:29PM

Since you are using csh have the shell do the work for you. To
specify a home directory, ~"$current" is a heck of a lot easier.
It will work with both network home folders that have home_loc
in netinfo and those that have home. As a bonus it will work
with both short and long names; including longnames that have
spaces because of the quotes.



[ Reply to This | # ]
Resetting permissions on multiple user folders
Authored by: mdentinho on Mar 04, '10 07:19:23PM
I know that this is an old post, but I was looking for a solution to my problem and after a couple of hours looking for it I found a simple way that worked for me (Not sure if it will work for every body) and I would like to leave it here if someone needs it in the future as I did:

1 - Open Terminal (/Applications/Utilities/Terminal.app)
2 - Paste this line of code:
sudo chown -R User_name /Users/user_short_name
3 - Type your Admin password
4 - Voilá

Now all Files and Folders of the user you specified may be owned by the user you're logged in as.

Good Luck

[ Reply to This | # ]
Resetting permissions on multiple user folders
Authored by: elephantmanmusic on May 16, '10 05:57:34PM

You don't have to know how to write code. It's actually pretty simple.

The easiest way to do it is to open the folder that all of the locked folders are in. Single click the folder and type command I (as in the letter "I"). At the bottom right of the info screen click the lock. Type in your administrator password which will unlock the permissions. Change the permissions from "Read only" to "Read & Write". Now for the cool part. At the very bottom just to the right of the zoom icon, click once and a drop down menu opens. Select "apply to enclosed items" and every folder and program within that folder and ALL subfolders will be unlocked. You can do the same thing for batch locking programs, or for that matter, changing permission on any amount of files. You are welcome! :)



[ Reply to This | # ]
Resetting permissions on multiple user folders
Authored by: agentx on May 17, '10 09:11:40AM

That is all well and good but the Finder does not handle large permissions changes well/gracefully.
It also can and does make a mess of things sometimes !
Terminal commands are faster to implement and also scriptable.

I



[ Reply to This | # ]
Resetting permissions on multiple user folders
Authored by: Relliott930 on Sep 29, '10 01:48:55AM

Hi, i am relitively new to OS X server , I have set up a medium size network with 400 users (OS X 10.5) ,each with a network home directory. I used the finder to change some permissions on the Homedir folder and propagated them down. It made a mess of the home folder permissions and no one could log in. As we are on a live system I had to find a quick solution rather than going through each of the 400 users. So I used CHMOD to give access to all the home folders to everyone. Luckily the students have not found out they have access to each others folders yet.... . As i changed it in the finder, I am now also the owner of all the folders that i changed. Will this script work to change the (network) home folders permissions back to default? as my users are part of OD there are no users located in /Users on the server (apart from the administrator) I have no Idea where they are located, I would think in some catalog file somewhere.

HELP!!!!!

Thanks, Rob



[ Reply to This | # ]
Resetting permissions on multiple user folders
Authored by: agentx on Sep 29, '10 05:05:06AM

I would advise buying a copy of Passenger as a System Admin with this many users.
It does a lot of really cool stuff including resetting permissions on HomeDir to defaults.
You will need to do an export of your users, import into passenger batch permissions, change the Base Path to location of HomeDirs on your server ( you can find this out in Workgroup manager) and run.....It should sort your issues out....



[ Reply to This | # ]
Resetting permissions on multiple user folders
Authored by: Relliott930 on Sep 29, '10 06:21:00AM

Thanks for this, I actually have a trial copy of passenger already, I used it for importing the users but i didn't know it had this function. I'll try this ,

Thanks!



[ Reply to This | # ]