f



I messed with "ignore ownership on this volume" and got burned...

hi,

i promise that i searched this topic many times over before posting (as
well as mac documentation). i saw similar questions, but not an answer
to what has happened to me.

i have an iMac G5 (tiger 10.4.x) with a firewire external hard drive. i
allow several other users on my computer but do not wish for them to
access that external drive. so, in looking for a way to lock others out
(i am the only admin on the mac), i un-checked the "ignore
ownership..." checkbox.

that is all i did.

upon the next re-boot of the mac, i can not see the external firewire
drive at all. i do not seem to have access. i have checked other
'guest' accounts on my mac and they do not see the drive in the finder
at all.

i would greatly appreciate any assistance that could help me see my
drive again.

0
1/18/2006 4:30:28 AM
comp.sys.mac.system 33446 articles. 2 followers. jfmezei.spamnot (9455) is leader. Post Follow

4 Replies
348 Views

Similar Articles

[PageSpeed] 21

<iwasfixin2@gmail.com> wrote:

> i promise that i searched this topic many times over before posting (as
> well as mac documentation). i saw similar questions, but not an answer
> to what has happened to me.
> 
> i have an iMac G5 (tiger 10.4.x) with a firewire external hard drive. i
> allow several other users on my computer but do not wish for them to
> access that external drive. so, in looking for a way to lock others out
> (i am the only admin on the mac), i un-checked the "ignore
> ownership..." checkbox.
> 
> that is all i did.
> 
> upon the next re-boot of the mac, i can not see the external firewire
> drive at all. i do not seem to have access. i have checked other
> 'guest' accounts on my mac and they do not see the drive in the finder
> at all.

Did you run 'Disk Utility' to check that the drive is still seen by that
program? You may be able to mount it using 'Disk Utility'.


-- 
Johan W. Elzenga            johan<<at>>johanfoto.nl
Editor / Photographer      http://www.johanfoto.nl/
0
nomail12 (400)
1/18/2006 10:39:47 AM
iwasfixin2@gmail.com wrote:
> upon the next re-boot of the mac, i can not see the external firewire
> drive at all. i do not seem to have access. i have checked other
> 'guest' accounts on my mac and they do not see the drive in the finder
> at all.
> 
> i would greatly appreciate any assistance that could help me see my
> drive again.

Log in as an administrator, launch Terminal, and type the following 
commands:

cd /Volumes
sudo -s (to become root)
ls -l

If you can see the drive there, you can use the chmod and chgrp commands 
to get read/write access back.  Something like this should do it:

chmod 770 /Volumes/external-drive-name
chgrp admin /Volumes/external-drive-name

These commands will give administrators read-write access, and lock 
everyone else out.

If that doesn't get it back, open Netinfo Manager, and enable the root 
account under the Security menu.  Then log into the root account.  The 
root account should show the FW drive on the desktop.  Re-check the 
ignore ownership box.  Then log back into your admin account and you 
should see the drive again.  MAKE SURE you have the permissions set so 
you can read/write the drive before rebooting again!

-- 
Seth
0
me9 (1688)
1/19/2006 8:04:59 AM
On 2006-01-19 03:04:59 -0500, me@home.spamsucks.ca (Seth) said:

> iwasfixin2@gmail.com wrote:
>> upon the next re-boot of the mac, i can not see the external firewire
>> drive at all. i do not seem to have access. i have checked other
>> 'guest' accounts on my mac and they do not see the drive in the finder
>> at all.
>> 
>> i would greatly appreciate any assistance that could help me see my
>> drive again.
> 
> Log in as an administrator, launch Terminal, and type the following commands:
> 
> cd /Volumes
> sudo -s (to become root)
> ls -l
> 
> If you can see the drive there, you can use the chmod and chgrp 
> commands to get read/write access back.  Something like this should do 
> it:
> 
> chmod 770 /Volumes/external-drive-name
> chgrp admin /Volumes/external-drive-name
> 
> These commands will give administrators read-write access, and lock 
> everyone else out.
> 
> If that doesn't get it back, open Netinfo Manager, and enable the root 
> account under the Security menu.  Then log into the root account.  The 
> root account should show the FW drive on the desktop.  Re-check the 
> ignore ownership box.  Then log back into your admin account and you 
> should see the drive again.  MAKE SURE you have the permissions set so 
> you can read/write the drive before rebooting again!

I am very new to Macs and somewhat new to Unix.  I battled with a 
related issue last night for some time.  I wanted to mark one directory 
in my firewire drive as being unavailable to all users but myself.  
First I couldn't get my changes to stick and then found the "Ignore 
Ownership on this Volume" checkbox.  Once I checked that the settings 
went through and everything worked the way I wanted them to.  The 
non-admin users could not access the directory.  End of story, right?  
Not so fast.  I then tried to click the ignore option as a non-admin.  
It let me check it without prompting for an admin password and then I 
was able to access the directory.  When I tried to uncheck the item I 
was then prompted for an admin password.  I think this is a bug.  I 
think the admin check should be there for either option, but at a 
minimum I think they got it backwards.  Am I wrong?  Is there a work 
around?  Granted, my kids won;t be able to figure all this out and get 
into the folder, but I would also like it to work correctly.

Thanks,
John

0
2/3/2006 9:46:25 PM
raggio <raggio.nospam@optonline.net> wrote:
> Not so fast.  I then tried to click the ignore option as a non-admin.  
> It let me check it without prompting for an admin password and then I 
> was able to access the directory.  When I tried to uncheck the item I 
> was then prompted for an admin password.  I think this is a bug.

I agree, but Apple seems to think it's a "feature."  I submitted a bug 
report about this way back in the Panther days and it hasn't been 
addressed. 

> I think the admin check should be there for either option, but at a 
> minimum I think they got it backwards.  Am I wrong?

Again I agree.  I think unprivileged users being able to override 
permissions settings to get r+w access to a whole volume is a big 
security concern but Apple doesn't seem to think so.  Until they do we've 
just got to live with it.

> Is there a work around?  Granted, my kids won;t be able to figure all 
> this out and get into the folder, but I would also like it to work 
> correctly.

No, the only way to lock your kids out of a directory inside the FW drive 
is to lock them out of the entire drive.  If you specify "No Access" to 
the drive, then the drive will not appear on their desktop, so there's no 
Ignore Ownership box for them to check.  If they have read-only access 
to the drive then they can check the Ignore Ownership box and get full 
read-write access to the whole thing, overriding all permissions settings.

Actually, there is ONE way to manage access to FW drives through Simple 
Finder accounts.  Go to System Prefs -> Accounts -> Parental Controls -> 
Finder & System and check the Simple Finder box for your kids' accounts.  
Then go to your FW drive, and find the folders to which you want the 
kids to have read access.  Put aliases of those into /Users/Shared on your 
boot volume.  Your kids can then read those files and be locked out of 
the rest of the FW drive.  This is what I do with my kids' accounts.  My 
kids are young so Simple Finder works just fine for them.  If your kids 
are older, and already used to standard accounts, they might protest this.
 
-- 
Seth
0
me9 (1688)
2/5/2006 10:29:50 AM
Reply: