Network users having trouble with apps — possible permissions problem


We've noticed some oddities where some applications don't work properly for users with existing network accounts [but, see the "User Comparison" section, as they do work with a test network account].

Application Issues

Adobe Bridge CS3

For example, when I run Adobe Bridge CS3 as an existing network account user, it pops up dialog boxes that say:

The operation could not be completed.
A file or directory
already exists with the same name.

followed by one that says:

The operation could not be completed.

It doesn't put anything useful in the system log (like which 'file or directory already exists with the same name'). I compared the log results with running it as a local admin and a test network user, and it is doing some funny copying:

Jul 20 08:55:23 Master-2009-07-54 [0x0-0x45045].com.adobe.bridge2[1457]: mv: rename /Applications/Adobe Bridge CS3/Bridge Bridge Opener Preferences.xml to /Applications/Adobe Bridge CS3/Bridge Bridge Opener Preferences_de.xml: Permission denied
Jul 20 08:55:23 Master-2009-07-54 [0x0-0x45045].com.adobe.bridge2[1457]: cp: /Applications/Adobe Bridge CS3/Bridge Bridge Opener Preferences.xml: Permission denied

that is best described as inexplicable.

Adobe Photoshop Elements (6)

When run as an existing network account user, it pops up a dialog that says,

Could not synchronize the color settings because of a program error.

Google Earth

Could not create directory:

[presumably there is supposed to be some more text that wrapped off the side of the dialog, between 'Library' and 'Earth'.]

The next time I tried running it, I got this:

Google Earth could not write to the current cache or myplaces file location. The values will be set as follows:

My Places Path: "/Network/Servers/—
Cache Path: "/Network/Servers/——w

[again, the text went past the end of the dialog]

Google Earth has this to say in the system log:

Jul 21 10:25:40 LeopardMaster-2009-07-20 [0x0-0xfa0fa].com.Google.GoogleEarthPlus[6606]: Intrinsic Alchemy  v3.2 Beta-0303 (Dynamic/Release) 
Jul 21 10:25:40 LeopardMaster-2009-07-20 [0x0-0xfa0fa].com.Google.GoogleEarthPlus[6606]: Built by google on Tue Mar 3 17:33:00 PST 2009
Jul 21 10:25:40 LeopardMaster-2009-07-20 [0x0-0xfa0fa].com.Google.GoogleEarthPlus[6606]: Can't save ticket store (permissions problem?)
Jul 21 10:25:40 LeopardMaster-2009-07-20 [0x0-0xfa0fa].com.Google.GoogleEarthPlus[6606]: INFO: Using igOglVisualContext.
Jul 21 10:25:43 LeopardMaster-2009-07-20[5838] ([0x0-0xfa0fa].com.Google.GoogleEarthPlus[6606]): Exited with exit code: 1

User Comparison

I was testing with two user accounts. One was a student, herein referred to as ——wild- or Wild332, and the other is called 'cesteststudent'. The first was created by a script nearly a year ago, and the second was created manually in Workgroup Manager this morning.

Running the id command for both users yields:

uid=8222(Wild332) gid=620450(CES_Students) groups=620450(CES_Students),620403(CES_Grade_03)

uid=1093(cesteststudent) gid=620450(CES_Students) groups=620450(CES_Students),620403(CES_Grade_03)

The two look equivalent. What is curious, though, is that when I run the applications listed above with the test user, I do not run into any problems. Likewise, I have no trouble with the applications when running as a local user, with or without administrator privileges.

I ran the 'mount' command as the existing user, and it included these two entries:

trigger on /Network/Servers/ (autofs, automounted)
afp_0SU2uk0006ow0000oM0000VU-1.2e000012 on /Network/Servers/ (afpfs, nodev, nosuid, automounted, mounted by Wild332)

When I ran

touch /Network/Servers/
ls -l /Network/Servers/
-rw-r--r--  1 Wild332  CES_Students  0 Jul 21 10:36 

The results are as expected. For good measure, I ran:

ls -l `which touch`
-r-xr-xr-x  1 root  wheel  43056 Feb  6 20:45 /usr/bin/touch
ls -l /Applications/Google\\ Earth 
-rwxr-xr-x  1 sysadmin  admin  32132912 May  5 02:37 /Applications/Google Earth


Well, I'm confused. The user appears to have read/write access to their files. Application's run as the user (don't they?). The applications seem to be upset because they do not have read/write access to the users files. [And they haven't told me exactly which file(s) they are trying to access.]

Does anyone know what is wrong, or in which direction I should probe?

Thank you.

Best Answer

It would be painful and tedious, but the next step I would pursue is running the application under dtruss (or ktrace if you're on an older OS X). This way you can see exactly which calls are failing.

Something like this should do the trick:

sudo dtruss -f open /Applications/Adobe Bridge CS3/Bridge > dtruss.out 2>&1

Of course, that only works if the errors occur during startup. If they are triggered by activity once the application is already open, you'll need to identify the PID of the running app and run something like this:

sudo dtruss -f -p $PIDOFAPP > dtruss.out 2>&1

When analyzing the dtruss.out file, grep -v is your friend.

