Currently I’m on my 2015 Macbook Pro with an Aura Pro X2 1TB internal drive (not sure if that changes the mounting).
I’m very new to terminal and have been looking everywhere for an explanation on why my SUDO / PKEXEC / ETC. are not working and/or there’s no directory.
I’ve been reading around and it seems the closest problem is my PATH is going to the wrong spot possibly, but I’m not sure how it happened so I can’t fix it.
> echo $PATH
/usr/bin:/bin:/usr/sbin:/sbin
> ls -l /etc/sudoers
-rwxrwxrwx 1 root wheel 1563 Mar 13 2020 /etc/sudoers
All the files that are said to not have malfunctioned like: bash_profile, etc. are not found on my computer. At least I don’t think.
If anyone could help me out that would be a blessing.
Commands are case-sensitive. Most commands (if not all) are in lowercase, meaning it's sudo and not SUDO.
I'm using OSX Mojave and I've been wanting to use the at command to run scripts at certain times, but I've discovered that I need to change its plist file in order to use it. Right now, one of the attributes in it is Disabled=true which of course, isn't what I want.
I've gone to the ends of the earth to try to change that. I tried XCode, Pref Setter, chmod, chown, vim, and doing all of that in root. No matter what, it always says, "readonly file" or "You do not have permission."
Are plists supposed to be immutable? I'm pretty sure they aren't. Here is some of the things I've tried.
~root# id
uid=0(root) gid=0(wheel) groups=0(wheel ...
~root# atrun=/System/Library/LaunchDaemons/com.apple.atrun.plist
~root# chmod 777 $atrun
chmod: Unable to change file mode on
/System/Library/LaunchDaemons/com.apple.atrun.plist: Operation not permitted
~root# ls -l $atrun
-rw-r--r-- 1 root wheel 444 Aug 22 23:11 /System/Library/LaunchDaemons/com.apple.atrun.plist
Make a copy of com.apple.atrun.plist from /System/Library/LaunchDaemons
into your home directory or wherever you want to work on it.
Open com.apple.atrun.plist with Xcode and the settings will show up in user readable form.
Change the setting for "Disabled" from 1 to 0 then save and exit Xcode
Copy your changed com.apple.atrun.plist file to /Library/LaunchDaemons
This can be manually launched to enable batch.
I'm implementing bash script to rsync all backup folders in my TimeMachine to my NAS storage in the same local network. After the rsync is completed, I tried to rsync back from NAS to my TimeMachine but failed. The error messages are as below:
rsync: delete_file: unlink
"/Volumes/TimeMachine/Backups.backupdb/kongycmac/2017-05-16-
120657/Mac OS/usr/share/man/mann/S3.n" failed: Operation not
permitted (1)
After further checked on the file permissions, I realised that the file permission for my backup folder in TimeMachine and backup folder in NAS are different, as below:
TimaMachine Backup:
drwxr-xr-x# 4 root wheel 136 May 16 12:06 kongycmac
NAS Backup:
drwxr-xr-x 4 root root 4096 May 12 17:37 2017-05-
12-173741
What does the '#' means in TimeMachine Backup folder? What shall I do to change my folder permission in NAS backup to become drwxr-xr-x# ?
Scratching my head in this issue for 3 days, appreciate if anyone can provide a good suggestion for this.
Check the man page for ls, in the "Long Format" section:
If the file or directory has extended attributes, the permissions
field printed by the -l option is followed by a '#' character.
The directory will also have an access control list (normally indicated by "+", but "#" takes precedence).
You can view the extended attribute(s) and ACL with ls -l#e. But you may not be able to replicate them on the NAS -- the ability to store various kinds of metadata are filesystem-dependent, and unless the NAS is using the Mac OS Extended (aka HFS+) filesystem, it probably doesn't support them (at lest directly). But they might be being saved anyway -- if you use rsync -E it might store them in a separate metadata file with a "._" prefix on the filename. But that'll depend on exactly how you're using rsync, what's on the NAS, etc.
I'm not sure how critical the ACLs are for Time Machine backups (I think they're mostly there to keep people from messing up the structure of the backup system), but the extended attributes seem to be pretty important. If you want to be able to get the TM backup back in a form that TM can use it, you need them.
But there's actually another problem: Time Machine uses hard-linked directories, and I don't think many (any?) filesystems other than Mac OS Extended support those. This... may cause trouble.
I am the owner, as shown by ls -alts, but for whatever reason, I can't change the permissions of the files like I want. I want to make the file read only:
chmod 400 <file-name>
however, the ls -al still shows -rwxrwxrwx.
The file is on an external drive. I know that sometimes this causes issues when users want to read and write. However, in this case, I'd like to make the access to my files more restrictive not less restrictive.
I checked out this SO question but I don't see an option to make the permissions more restrictive.
thanks.
You can't change the permissions on the file because it's on a FAT32 volume, and that volume format does not support storing file permissions (see, for example, this askubuntu question). But if all you want to to is make the file read-only, you can get that effect by locking it (and the lock attribute is supported on FAT32). You can either use the Finder's Get Info window (check the "Locked" box), or use the command chflags uchg <file-name>.
I'm sharing a git repository with a colleague, and because git does not propagate the full panoply of Unix file permissions, we have a "hook" that runs on update which sets the 'other' permissions as they need to be set. The problem? The hook uses chmod, and it turns out that when my colleague commits a file, he owns it, so I can't run chmod on it, and vice versa. The directories are all group writable, sticky, so I believe that either of us has the right to remove any file and replace it with one of the same name, same contents, but different ownership. Presumably then we could chmod it. But this seems like an awfully big hammer, and I'm a bit leery of screwing it up. So, two questions:
Can anybody think of another way to do it?
If not, what's the best design for a bulletproof shell script that implements "make this file belong to me"? No cross-filesystem moves, etc etc...
For those who may not have realized, write permission does not confer permission to chmod:
% ls -l value.c
-rw-rw---- 1 agallant ta105 133 Feb 10 13:37 value.c
% [ -w value.c ] && echo writeable
writeable
% chmod o+r value.c
chmod: changing permissions of `value.c': Operation not permitted
We are both in the ta105 group.
Notes:
We're using git not only to coordinate changes but to publish the repo as a course web site. Publishing the web site is the primary purpose of the repo. The permissions script runs at every update using a git hook, and it ensures that students do not have permission to read solutions that have not yet been unveiled.
Please do not suggest that I have the wrong umask. Not all files in the repo should have the same permissions, and whatever umask is chosen, permissions on some files will need to be changed. Not to mention that it would be discourteous for me to impose my umask preferences on my colleagues.
UPDATE: I've just learned that in our environment, root is quashed to nobody on all machines we have access to, so that a solution which relies on root privileges won't work.
There is at least one Unix in which I've seen a way to give someone chmod and chown permissions on all files owned by a particular group. This is sometimes called "group superuser" or something similar.
The only Unix I'm positive I've seen this on was the version of Unix that the Encore Multimax ran.
I've searched a bit, and while I remember a few vague references to an ability of this sort in Linux, I have been unable to find them. So this may not be an option. Luckily, it can be simulated, albeit the simulation is a bit dangerous.
The way to simulate this is to make a very specific suid program that will do the chmod as root after checking that you are a member of the same group as owns the file, and your username is listed as having that permission in a special /etc/chmod_group file that must be owned by root and readable and writeable only by root.
The most straightforward way to do this is to make your partner and you members of a new group (let's say "devel"), and have that as the group of the file. That way it can be owned by either of you, and as long as the group is right, you can both work with it.
If that doesn't work with you, "sudo" can be configured such that only those two users can run a chmod command on files in that specific directory as root with no password.
If you set your umask correctly, the files could be created with the correct permissions in the first place:
$ umask 0022
$ touch foo
$ ls -l foo
-rw-r--r-- 1 sarnold sarnold 0 2011-02-20 21:17 foo
$ rm foo
$ umask 0002
$ touch foo
$ ls -l foo
-rw-rw-r-- 1 sarnold sarnold 0 2011-02-20 21:17 foo
I'm taking a step back. Let me know if I'm violating some restriction in your system I haven't read.
From your question, I assume you're trying to share a git repository using file:// URLs and relying on the UNIX filesystem permissions to take care of authorisation etc. Why don't you consider another way to share your repositories that doesn't involve this hassle?
I can think of two ways.
You can create bare repository on either of your machines, add that as a remote to your working repos and use it to collaborate. Serving it can be done using the inbuilt git daemon command. Detais are here. This will however not give you any access control.
You can install gitosis locally and use that to serve your repository. This allows a simple access control system so that you can restrict/allow certain users.
There was a related question that came up a while ago that might be relevant. git daemon worked for him - Administrating a git repo without root permissions
I also found something on server fault that might be relevant to your problem - https://serverfault.com/questions/21126/git-daemon-and-access-control-for-multiple-repos
Probably not the most elegant way, but it seems to work
$ umask 0002
$ mv value.c value.c.tmp
$ cat value.c.tmp > value.c
$ rm value.c.tmp
one could argue that it could be made bulletproof, but then someone brings along a RPG...
If both of you need to chmod, I can not think of another way - if it is OK that YOU can chmod but no the other guy, you can chmod 6770 . or chmod g+s,u+s . in the directory (e.g. set SUID and GUID bits) so the one that owns the directory will always be the owner of the files. Unfortunately some (if not most), namely EXT2/3/4 ignore the SUID bit.
Of course, setting the umask to 0002 will solve the problem by not making it mandatory.
Assuming that your publishing hook actually deploy files, rather than just setting permissions in the working copy, you could deploy to a temporary location then use rsync to ensure that the file contents and permissions are correct.
Slightly nicer, but requiring some infrastructure which I'm guessing isn't in place, would be to ensure that the deploy script only runs under one user. You could do this using sudo, if your sysadmins allow, or by setting up a git server service, like gerrit, or even by having a cron job run every five minutes which checks for updates and deploys if necessary.
This might work:
touch $name.tmp
chmod 660 $name.tmp
cp $name $name.tmp
if cmp $name $name.tmp 2>/dev/null; then
rm $name && \
cp $name.tmp $name && \
rm $name.tmp
fi
It's just a variation of your original idea
Ok, a mixture of things that build on previous answers:
you can set the umask of a folder if you mount it at fstab. If you could agree with people to work on that mount, you could enforce g+w
If you set the group-id bit of that folder (g+s) all files will belong to the group the folder belongs to, so the group ownership of the file propagates
Is that doable? Of course enforcing that mount point is no easy task. Any better ideas around that one anyone?