Can't perform EDIT on database hosted with MacOSX!

[SoCalMacDude]

Help!! It worked fine during testing on a local machine, but now the web user can't edit records. Seems to be an OSX permissions issue. I don't even have a password in the db right now. I must be missing something simple, and I remember running across a statement that said you can't edit records unless . . . , but I can't find itnow! CWP

The error I get is:

Javascript Error: Access restriction.

You do not have the privalages to perform the function: Edit.

Help!! Do I need to open a port on the server to edit, or what am I missing?

Thanks,

Ken

[Jeff Spall]

Hi, If you can search and read then it's not a port issue, but it looks very much like a permissions one.

Assuming that there's no edit restriction within the databaases, you'll need to make sure that you set the permissions of the database files to read/write "everyone". If you installed them logged in as an administrator they probably won't be. Log in as root or administrator and do a "get info" on the files to check and change the permissions .

The location where the files are running could be important too, especially if you're running the server logged in as a "web" user to tighten up the security.

regards, jeff

[SoCalMacDude]

Thanks Jeff, for the useful post.

Could you elaborate on the location issue? Currently, the files are located in the web folder of Filemaker 6 unlimited. Is there a better location that will work?

Thanks,

Ken

[Steve T.]

Hi, Ken! If you suspect it's an OS X permission problem, just copy the file to another server/computer temporarily. From that server/computer, log on to the desired host as the same user that FileMaker will be running as and copy the file back. If you can't get exactly what you want with Jeff's help and you're feeling brave and want to learn how to change owners/permissions without copying the file off, you can use the NetInfo Manager utility in the Mac OS X Applications Utilities folder, but it's kind of messy and counter-intuitive IMO. Mac OS X auto-assigns group permissions and took away group management. Mac OS X Server lets you make/edit/manage groups, but stock X does not... tha'ts bugged me for quite a while now. Of course, there's always the command line, too [man chmod]...

--ST

P.S. BTW, I think Jeff means the locations of your db's.. you know, like putting a db in another user's home directory area in which the user you are logged in as does not have proper access. (Correct me if I'm wrong, Jeff!)

[SoCalMacDude]

Thanks, Steve! I'll try that.

When the user logs into the server, he is dropped into a folder within the FM/Web folder appropriate for his login (based on which customer it is). The HTML files in that folder display the customer logo, and limit the records he can access based on a customer code field that is included in every search (2 customers so far).

Is that somehow the monkey wrench in the cogs? Another guy configuring the server, so I'm kind of doing this remote control!

Thanks for all your help so far. I'm hoping to get this working today. ;-)

Ken

[Steve T.]

Hmm... I dunno, but Mac OS X permissions drove us nuts at first because we were used to OS 9's folder-by-folder permissions. With OS X home directories and the limitations on defiing groups, we were getting frustrated. Instead of each user logging in as themselves, we now log in as whoever the owner is so any file on any particular computer is owned by the owner/primary user.

In your case, you need the security of different logins so your customers don't interfere with each other. You may have to learn how to manage groups using NetInfo Manager after all (or at least the server guy). I hope you manage to get it all in gear!

--ST

[SoCalMacDude]

Problem Solved!!

We simply dropped the Filemaker database into the "Shared" folder, and everything works!!

Thanks again! It was these posts that got us to the answer.

Ken

[Garry Claridge]

You can place them into another folder for better management and more security of the databases. However, you can change the Permissions of the Folder, and Files, from the Finder (OS X 10.2 and above).

All the best.

Garry

[SoCalMacDude]

Thanks, Garry.

Can you explain (in 25 words or less!) how the security works in this case? How is it more secure to have a folder with read/write permission for everyone v.s. the shared folder? Would a hacker have to know the name of the folder to get in, as opposed to the obvious "Shared?"

Ken

[Jeff Spall]

Hi, sorry to have not replied before now, but I see you have it sorted.

I'm finding that if you want to run an OSX webserver on the public internet, you need to be a bit careful about how it's set up and how you run it. We make a user with very limited access priviliges (NO admin priviliges!) and then log in as that user to load all of the web server applications - I use both Apache and Webstar on OSX - and also all of the files you'll want to access. I then run the web server logged in as that user, which protects the server. For changing priviliges in OSX desktop or OSX server, I generally just use the "get Info" command and then unlock it with the admin password, change the owner, change the priviliges, then change the owner back again and lock it again. The brave can also do this in terminal!

I'm not a big fan of the OXS 10.2> file structure where it has folders like "Users" showing and hides loads of the real ones. The original OSX was better at showing the file structure. For instance, using the method above, you need to make sure that your webserver user can have read access to places like /usr/sbin/ and other places you usually can't see.

regards, jeff

[Garry Claridge]

The "Shared Folder" is available over a network. You can create another Folder somewhere else (not within the Users directory) and exclude it from any network access.

I have a Folder at the root (top) level called "Data". Within this I have another Folder caled "Databases", then I have Folders for the various groups of databases.

All the best.

Garry

p.s. About 50 words