Access denied for non admin users when accessing files - Powered by Kayako Help Desk Software

Knowledgebase

19Filesystem related 13Using tape drives 46Tips and tricks 9Using disk drives 8Command line interface (CLI) 33Installation and Configuration 9Volume handling 7Job handling 4Supported Hardware 7Index related 6Backup Strategies 4Supported 3rd party products 6PresSTORE White Papers 85Troubleshooting 15How Stuff Works 8Known compatibility problems

Knowledgebase: Tips and tricks

Access denied for non admin users when accessing files

Posted by Sven Koester, Last modified by Andre Kuehnemund on 03 March 2017 19:30

When files are restored by an non administrator user in P5, sometimes the files cannot be written to the destination folder and an error message "Access denied" or "Permission denied" appears.

This may also appear even if the user is actually allowed to write to that folder.

The reason for this is a technical limitation: the P5 server itself runs in background as a root process (or SYSTEM process on Windows). In order to limit access to files or directories, the access control must be simulated in P5. The P5 server emulates the standard Unix access rights based on users and groups, but it does not simulate ACL (Access Control Lists) permissions.

Because of that, users that have no traditional Unix style permissions to write to a file are not permitted by P5 to write at the same place.

Notes:

Administrator users are not restricted by P5.
PresSTORE does not honor ACL (Access Control List) permissions when accessing files. But ACLs where given in file attributes are saved and restored by PresSTORE as expected.

(281 vote(s))

Helpful

Not helpful

Comments (1)

Christian Völker

17 July 2012 14:56

Hello, actually, this does not happen sometimes but persistently for all users from our Open Directory. I created a fixed restore path for them (which is an inconvenience already) and did chown -R :staff and chmod 777 for the final directory. All users belong to group staff and are able to write to the folder through AFP (using ACLs, so this does not indicate anything here). So, everything is as open as I can think of. Also, I could not figure out how to allow at least downloading archived files to the client machine.

Only local user accounts on the server with admin rights are able to restore data from tape archive. Obviously, I dont intend to hand out login data with admin authorization to all users who should be allowed to restore archive data. You describe the facts clearly, but what is the proposed solution?

Post a new comment Reply to comment
Post a new comment Reply to comment

Full Name:
Email:
Comments:

CAPTCHA Verification
CAPTCHA Verification

Please enter the text you see in the image into the textbox below (we use this to prevent automated submissions).

Help Desk Software by Kayako