I installed Adobe PageMaker 7 in my login running Classic.
When my wife logged into her user and tried to run PageMaker 7 in Classic, it says permission denied and won't open the application. What's with that?
I thought Classic uses the same OS 9.2 I have as a startup System Folder.

Can anyone help on this wierdness? Do I have to re-install in her user running Classic or do I have to re-install after booting in OS 9?

BTW, is there a way to access the Finder in Classic?

yeah, another caveat to installing OS9 apps under classic. the installer knows nothing about OSX permissions.

where did you install it to, just for grins?

rather than muck around trying to twiddle permissions on this installation, and possibly getting them wrong (over and over again), i would advise that you boot to OS9 and clean it off and reinstall it.

-----
thus endeth the lesson

Thanks!!
I wouldn't think OS X would set permissions but I guess that kind of makes sense. I believe I placed the app in the Applications (OS 9) folder or a subfolder of it. I'm not sure dumping it's folder will do the job. There's probably extensions and whatnot that may still have permissions set. Will installing booted in OS 9 overwrite all the files?

Download BatChmod 1.1 (http://www.versiontracker.com/moreinfo.fcgi?id=12057&db=mac). This is one of the most useful gui utilities ever made for X's unix.

Drag the entire "Applications (Mac OS 9)" folder onto it (or just the Adobe Pagemaker 7 folder). Set the permissions as follows:

Owner: root rwx
Group: admin rwx
Everyone: rx

Check the box "Apply ownership and privileges" to enclosed files and folders. Then hit apply. Enter an admin password when prompted and you're done.

Some notes:

1. These are the proper permissions for all Classic Applications. You can apply Batchmod recursively to the Applications (Mac OS 9) folder without problems.

2. These are the correct permissions for most X applications. Print Center is a notable exception. I would not apply this fix to the X "Applications" folder as it may screw up your ability to print. I believe you can apply this fix to any new application that you install to allow all users to use the application. It is true of every application I've ever seen other than Print Center but YMMV.

Hugh

Edit: the problem in Print Center is the permissions for some of the internal package contents. I would take a wild guess and say the same thing is probably true of Netinfo Manager as well but I have not examined the internals.

Edit 2: You can safely do the same permissions editing with the Classic System folder. You may want to further set the permissions of /System Folder/Preferences to: owner: root rwx; group: admin rwx; everyone rwx if your wife is not a admin user and you want her to be able to modify Classic app preferences.

personally, i think this is ill-advised, unless you really know what you're doing.

reasons:

1. have you opened any security holes?

2. some processes need suid and guid bits set. does this utility leave them be, or mangle them

3. have you made unwritable files writable by owner? then you can muck it up

4. does the app have special checking that will make it gak when you've messed with it's permissions?


here's something i've learned:

if it worked yesterday, and nothing changed, and root can perform the task, it's permissions. and something, indeed, did change.

wholesale changes are bad under unix. make small changes and test your results.

--
thus endeth the lesson

here's something i've learned:

if it worked yesterday, and nothing changed, and root can perform the task, it's permissions. and something, indeed, did change.

wholesale changes are bad under unix. make small changes and test your results.

This really is awesome advice. Since the beta I've reinstalled my system on various machines several dozen times after severely hosing it.

That said - I've had no issues doing bulk permissions changes as noted above on the Classic folders. Further, if you make changes using common sense, you can do bulk changes within the various individual /users/username folders.

Things begin to get dicey with the X stuff. While most X applications should have the permissions noted above some do not - so be careful. As noted above, you will lose your ability to print if you apply these wholesale changes to the X apps folder.

Things can become even stranger with the System, Library and Unix folders. Do not apply wholesale changes to these. You will most likely need to reinstall.

Hugh

PS - merv - How did you become an AAA Player? :p

hugh,

yeah, wholesale changes are okay, to a point. but when do you know you're stomping on something.

best not to make those wholesale changes.

here's a find to show you your suid and guid files that if you mangle, woe is you. (this, of course, is only valid if you haven't mangled any already)


% sudo find / -type f \( -perm -2000 -o -perm -4000 \) -print


this will traverse your entire filesystem, /volumes included, and show you your files that are set-uid and set-gid.

redirect this to ~/files.secure and then run it once in a while and diff with the new output to find new files with s/g-uid that you should investigate.

i don't know what aaa player is, but i suppose i've broken something or said too many naughty words

Ok, I ran it, and this was the output. I must say - I'm still getting through O'Reilly's "Learning Unix - 5th Edition" (the rest of what I know I picked up at MacOSXHints and by experimenting) so I have no idea what it means. The only file in the list that I regularly do anything to as root is /Trash. What should I do with the info now that I have it?

/bin/df
/bin/ps
/bin/rcp
find: /dev/fd/4: No such file or directory
find: /Developer: No such file or directory
find: /Library: No such file or directory
find: /Network: No such file or directory
find: /private: No such file or directory
find: /sbin: No such file or directory
find: /System: No such file or directory
find: /TheFindByContentFolder: No such file or directory
find: /TheVolumeSettingsFolder: No such file or directory
find: /Trash: No such file or directory
find: /usr: No such file or directory
find: /Volumes: No such file or directory

Thanks,
Hugh

PS - I guess I'll have to keep breaking and reinstalling to get my rating up too.

hugh,

i'm a bit agape. you ran this thru sudo? and got this?


find: /dev/fd/4: No such file or directory
find: /Developer: No such file or directory
find: /Library: No such file or directory
find: /Network: No such file or directory
find: /private: No such file or directory
find: /sbin: No such file or directory
find: /System: No such file or directory
find: /TheFindByContentFolder: No such file or directory
find: /TheVolumeSettingsFolder: No such file or directory
find: /Trash: No such file or directory
find: /usr: No such file or directory
find: /Volumes: No such file or directory

stop what you're doing

make very small movements.

get up very slowly.

and RUN for the hills. she's gonna blow!


i just don't understand this at all.

let us know if it singed your eyebrows.

and could you send us a listing of your root dir, and your next of kin?

My God doctor!!! This sounds bad!!! LOL.

I copy pasted from your original and this is a copy paste from what I entered (twice) in terminal to get the previous output:

sudo find / -type f \( -perm -2000 -o -perm -4000 \) -print

Perhaps there's a typo in there somewhere. In case there is not, these are the contents of my root directory:

[localhost:/] schickel% ls -la
total 7849
drwxrwxr-t 34 root admin 1112 Jan 18 22:57 .
drwxrwxr-t 34 root admin 1112 Jan 18 22:57 ..
-rw-rw-rw- 1 schickel admin 6148 Jan 18 22:50 .DS_Store
d-wx-wx-wx 3 schickel unknown 264 Jan 18 23:12 .Trashes
-r--r--r-- 1 root wheel 152 Sep 2 16:53 .hidden
dr--r--r-- 2 root wheel 192 Jan 18 22:57 .vol
-rwxr-xr-x 1 schickel unknown 81920 Jan 16 22:07 AppleShare PDS
lrwxrwxr-t 1 root admin 34 Jan 18 22:57 Applications -> /volumes/applications/applications
-rwxr-xr-x 1 schickel unknown 81920 Jan 17 05:01 Desktop DB
-rwxr-xr-x 1 schickel unknown 87570 Jan 17 04:53 Desktop DF
drwxr-xr-x 2 schickel unknown 264 Jan 16 23:41 Desktop Folder
drwxrwxr-x 12 root admin 364 Jan 8 00:34 Developer
drwxrwxr-x 31 root admin 1010 Jan 18 22:03 Library
-rwxr-xr-x 1 schickel unknown 4558 Jan 3 23:03 NAV??? 7.0 QuickScan
drwxr-xr-x 6 root wheel 264 Dec 22 02:07 Network
drwxr-xr-x 3 root wheel 264 Jan 17 04:55 System
drwxr-xr-x 2 schickel admin 264 Jan 8 00:20 TheFindByContentFolder
drwxr-xr-x 4 schickel unknown 264 Jan 3 23:03 TheVolumeSettingsFolder
drwxr-xr-x 2 schickel unknown 264 Jan 16 23:41 Trash
drwxr-xr-x 3 root wheel 264 Jan 11 10:13 Users
drwxrwxrwt 5 root wheel 264 Jan 23 18:08 Volumes
dr-xr-xr-x 1 root wheel 512 Jan 24 04:47 automount
drwxr-xr-x 33 root wheel 1078 Dec 22 02:28 bin
lrwxrwxr-t 1 root admin 13 Jan 18 22:57 cores -> private/cores
dr-xr-xr-x 2 root wheel 512 Jan 18 22:57 dev
lrwxrwxr-t 1 root admin 11 Jan 18 22:57 etc -> private/etc
lrwxrwxr-t 1 root admin 9 Jan 18 22:57 mach -> /mach.sym
-r--r--r-- 1 root admin 563484 Jan 18 22:57 mach.sym
-rw-r--r-- 1 root wheel 3152156 Dec 8 00:40 mach_kernel
drwxr-xr-x 7 root wheel 264 Jan 18 22:57 private
drwxr-xr-x 60 root wheel 1996 Jan 17 04:55 sbin
lrwxrwxr-t 1 root admin 11 Jan 18 22:57 tmp -> private/tmp
drwxr-xr-x 10 root wheel 296 Sep 2 16:55 usr
lrwxrwxr-t 1 root admin 11 Jan 18 22:57 var -> private/var
[localhost:/] schickel%

Just for kicks, what should the output have been? And what should I have done with it had it been right?

Hugh

I tried the same command on a second machine and this is what I got. I'm thinking its a typo or normal. Still curious though:

Welcome to Darwin!
[hschickel:~] schickel% sudo find / -type f \( -perm -2000 -o -perm -4000 \) -print
Password:
/bin/df
/bin/ps
/bin/rcp
find: /dev/fd/4: No such file or directory
find: /Developer: No such file or directory
find: /Library: No such file or directory
find: /Network: No such file or directory
find: /private: No such file or directory
find: /sbin: No such file or directory
find: /Shared Items: No such file or directory
find: /System: No such file or directory
find: /TheFindByContentFolder: No such file or directory
find: /TheVolumeSettingsFolder: No such file or directory
find: /Trash: No such file or directory
find: /usr: No such file or directory
find: /Volumes: No such file or directory
[hschickel:~] schickel%


Hugh

Hey Guys!
BatChmod worked GREAT! I ran it as you said hschickel on the PageMaker 7 folder and when I logged in as my wife, it booted the app up just fine!

THanks for that wonderful tip about that great utility!

hugh,

my results of the find suid and guid files were exactly what i expected:


/Applications/Mail.app/Contents/MacOS/Mail
/Applications/Utilities/Disk Utility.app/Contents/MacOS/Disk Utility
/Applications/Utilities/NetInfo Manager.app/Contents/MacOS/NetInfo Manager
/Applications/Utilities/Print Center.app/Contents/MacOS/Print Center
/Applications/Utilities/Print Center.app/Contents/MacOS/PrintingReset
/bin/df
/bin/ps
/bin/rcp
/Library/Application Support/Roxio/TDIXSupport
/Library/StartupItems/RetroRunHelper/RetroRunHelper
/sbin/dmesg
/sbin/dump
/sbin/mount_nfs
/sbin/mount_smbfs
/sbin/ping
/sbin/rdump
/sbin/restore
/sbin/route
/sbin/rrestore
/sbin/shutdown
/sbin/umount
/System/Library/CoreServices/AuthorizationTrampoline
/System/Library/CoreServices/Classic Startup.app/Contents/Resources/TruBlueEnvironment
/System/Library/Filesystems/AppleShare/afpLoad
/System/Library/Filesystems/AppleShare/check_afp.app/Contents/MacOS/check_afp
/System/Library/Filesystems/cd9660.fs/cd9660.util
/System/Library/Filesystems/hfs.fs/hfs.util
/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/NSLCore.framework/Versions/A/Resources/NSLPlugins/slpdLoad
/System/Library/Printers/IOMs/LPRIOM.plugin/Contents/MacOS/LPRIOMHelper
/System/Library/Printers/Libraries/PrintServer/Contents/MacOS/PrintServer
/System/Library/Printers/Libraries/PrintStarter
/System/Library/Printers/Tools/jobcopyperms
/System/Library/PrivateFrameworks/Admin.framework/Versions/A/Resources/setUserPicture
/System/Library/PrivateFrameworks/Admin.framework/Versions/A/Resources/writeconfig
/System/Library/SystemConfiguration/PrinterNotifications.bundle/Contents/MacOS/makequeues
/usr/bin/at
/usr/bin/atq
/usr/bin/atrm
/usr/bin/batch
/usr/bin/chfn
/usr/bin/chpass
/usr/bin/chsh
/usr/bin/crontab
/usr/bin/fstat
/usr/bin/login
/usr/bin/lpc
/usr/bin/lpq
/usr/bin/lpr
/usr/bin/lprm
/usr/bin/mail
/usr/bin/nfsstat
/usr/bin/passwd
/usr/bin/quota
/usr/bin/rlogin
/usr/bin/rsh
/usr/bin/setregion
/usr/bin/smbutil
/usr/bin/su
/usr/bin/sudo
...


i don't know what to make of your results, yet.

Interesting.



/Applications/Mail.app/Contents/MacOS/Mail
/Applications/Utilities/Disk Utility.app/Contents/MacOS/Disk Utility
/Applications/Utilities/NetInfo Manager.app/Contents/MacOS/NetInfo Manager
/Applications/Utilities/Print Center.app/Contents/MacOS/Print Center
/Applications/Utilities/Print Center.app/Contents/MacOS/PrintingReset


And the above is even more interesting. Without knowing exactly what this means...it would seem we can add two more applications to the list of those whose permissions should not be messed with (mail and disk utility in addition to Printcenter and Netinfo Mangager.) This seems to bear itself out on at least one of my machines as Mail.app is not working and I specifically altered the permissions on this application on this machine. (I never noticed this before as I use entourage for my mail.)

This is very very good to know for the other (not these 4) applications.

I think I'll do a clean install on a test partition tomorrow to test this out. I'll let you know what happens.

Hugh

Clean install. Stock Classic. Stock X.1.2. No Dev Tools. No partitions (I'm wondering if this might be the issue? )

More importantly, what does this mean, and what do I do with it (other than not modify the perms on the 4 apps previously mentioned?

Hugh

Welcome to Darwin!
[localhost:~] hs2admin% sudo find / -type f \( -perm -2000 -o -perm -4000 \) -print
/Applications/Mail.app/Contents/MacOS/Mail
/Applications/Utilities/Disk Utility.app/Contents/MacOS/Disk Utility
/Applications/Utilities/NetInfo Manager.app/Contents/MacOS/NetInfo Manager
/Applications/Utilities/Print Center.app/Contents/MacOS/Print Center
/Applications/Utilities/Print Center.app/Contents/MacOS/PrintingReset
/bin/df
/bin/ps
/bin/rcp
find: /dev/fd/4: No such file or directory
/sbin/dmesg
/sbin/dump
/sbin/mount_nfs
/sbin/mount_smbfs
/sbin/ping
/sbin/rdump
/sbin/restore
/sbin/route
/sbin/rrestore
/sbin/shutdown
/sbin/umount
/System/Library/CoreServices/AuthorizationTrampoline
/System/Library/CoreServices/Classic Startup.app/Contents/Resources/TruBlueEnvironment
/System/Library/Filesystems/AppleShare/afpLoad
/System/Library/Filesystems/AppleShare/check_afp.app/Contents/MacOS/check_afp
/System/Library/Filesystems/cd9660.fs/cd9660.util
/System/Library/Filesystems/hfs.fs/hfs.util
/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/NSLCore.framework/Versions/A/Resources/NSLPlugins/slpdLoad
/System/Library/Printers/IOMs/LPRIOM.plugin/Contents/MacOS/LPRIOMHelper
/System/Library/Printers/Libraries/PrintServer/Contents/MacOS/PrintServer
/System/Library/Printers/Libraries/PrintStarter
/System/Library/Printers/Tools/jobcopyperms
/System/Library/PrivateFrameworks/Admin.framework/Versions/A/Resources/setUserPicture
/System/Library/PrivateFrameworks/Admin.framework/Versions/A/Resources/writeconfig
/System/Library/SystemConfiguration/PrinterNotifications.bundle/Contents/MacOS/makequeues
/usr/bin/at
/usr/bin/atq
/usr/bin/atrm
/usr/bin/batch
/usr/bin/chfn
/usr/bin/chpass
/usr/bin/chsh
/usr/bin/crontab
/usr/bin/fstat
/usr/bin/login
/usr/bin/lpc
/usr/bin/lpq
/usr/bin/lpr
/usr/bin/lprm
/usr/bin/mail
/usr/bin/nfsstat
/usr/bin/passwd
/usr/bin/quota
/usr/bin/rlogin
/usr/bin/rsh
/usr/bin/setregion
/usr/bin/smbutil
/usr/bin/su
/usr/bin/sudo
/usr/bin/top
/usr/bin/uptime
/usr/bin/w
/usr/bin/wall
/usr/bin/write
/usr/libexec/authopen
/usr/libexec/chkpasswd
/usr/libexec/load_hdi
/usr/libexec/load_webdav
/usr/sbin/DirectoryService
/usr/sbin/iostat
/usr/sbin/lsof
/usr/sbin/netstat
/usr/sbin/pstat
/usr/sbin/scselect
/usr/sbin/sendmail
/usr/sbin/sliplogin
/usr/sbin/traceroute
/usr/sbin/trpt
/usr/sbin/trsp
[localhost:~] hs2admin%

hugh,

excellent.

first, get a good familiarity with the items found in that list. does it make sense that they require suid and/or guid permissions?

yes, i reckon that those commands and apps do, indeed, operate under the auspices of the root account.

now then, if you write the output of this find to ~/files.secure, you have a database of those suid/guid commands.

next week, or after some snarky installs that want authentication or install things in /usr/local, or after some user access, or after a security breach, run this command...


% sudo find / -type f \( -perm -2000 -o -perm -4000 \) -print | diff - ~/files.secure


your piping the new suid/guid profile into the diff command, diff'ing them with what was. the result is a, hopefully empty, list of items to be curious about and you can investigate them.

questions?