[Donp213]

[FONT=Arial]I have recently added a new G5 to my user base. Of course it came preloaded with Tiger. I administer a multi-user environment with multiple admins and just about everyone else as standard users. As you may know, some applications do not like to run under the standard user account, so I usually tweak the application folder to allow greater access to specific groups. Now, if one of my other admins installed the product, by default I cannot adjust the permissions; funny I am an admin too! So naturally I try to take ownership so I may adjust those permissions. I can try to take ownership all day long, but it never takes. Each attempt produces different reactions from the OS, but never the correct one. It seems to me that Tiger has some major file level security issues.

i.e. here is a scenario I have used to consistently reproduce these inconsistencies with both 10.4 and 10.4.1: Create two admin users and one standard user; create a folder as one of those users and provide “read only” access for the other admin and the standard user; login as the other admin, try to take ownership of that folder so you can make adjustments to the permissions to provide the standard user full access.

Another area this is adversely affecting me is with software installations.

Please, if anyone can try the above and let me know if I am crazy or what, I would greatly appreciate it. Thanks[/FONT]

[CatOne]

Originally Posted by Donp213

[FONT=Arial]I have recently added a new G5 to my user base. Of course it came preloaded with Tiger. I administer a multi-user environment with multiple admins and just about everyone else as standard users. As you may know, some applications do not like to run under the standard user account, so I usually tweak the application folder to allow greater access to specific groups. Now, if one of my other admins installed the product, by default I cannot adjust the permissions; funny I am an admin too! So naturally I try to take ownership so I may adjust those permissions. I can try to take ownership all day long, but it never takes. Each attempt produces different reactions from the OS, but never the correct one. It seems to me that Tiger has some major file level security issues.

i.e. here is a scenario I have used to consistently reproduce these inconsistencies with both 10.4 and 10.4.1: Create two admin users and one standard user; create a folder as one of those users and provide “read only” access for the other admin and the standard user; login as the other admin, try to take ownership of that folder so you can make adjustments to the permissions to provide the standard user full access.

Another area this is adversely affecting me is with software installations.

Please, if anyone can try the above and let me know if I am crazy or what, I would greatly appreciate it. Thanks[/FONT]

I don't understand what you mean by "tweak the application folder..." and "take ownership of that folder."

The Applications folder should be owned by root, and it should have group "admin." If you start monkeying around with this, you're bound to have issues. It sounds like you're experiencing them.

Finer grained controls can be doled out using ACLs, which are present in OS X 10.4. They are not enabled in 10.4 "client" by default, only 10.4 server, but you can turn them on.

You can get more details on ACLs from this page of John Siracusa's excellent article on Ars Technica:

http://arstechnica.com/reviews/os/macosx-10.4.ars/8

[Donp213]

[FONT=Arial]CatOne,

Thank you for your prompt response, I really appreciate it. And I appreciate the link, very informative! As for what was said about the application folders, I have always used such methods to get certain apps to work in a limited user environment and have never experienced any adverse effects. But that is neither here nor there when it comes to my simple question. The scenario I typed out, where I have been able to consistently reproduce the problem, does not pertain to an app location, just on the root. If someone has previously had to adjust permissions to this affect, prior to Tiger, they will certainly understand the flaw. Again though, thank you for your response, ACL’s are certainly the way to go and I will experiment with that. I did just purchase Tiger server and I was happy to read that this granularity had been added. Thanks again. [/FONT]

[Sydney Tsai]

Do you mind telling us what program you are trying to use?

[Donp213]

My focus is not on the application here. My focus is just on file level security. Can someone please just try my scenario and I know you will see exactly what I am talking about.