0

I have a service on my local Mac that offers a command line utility to work with it from the Terminal (The service is FileMaker Server and the utility is fmsadmin, but I don't think those facts are relevant). When the server program was installed, it created an fmserver user for it to operate under, and everything fmsadmin does seems to be under that user. Files created by the server or the utility are all owned by fmsadmin and in the wheel group, although I don't know why they have that group, as fmserver doesn't seem to be a member of it.

The script I'm trying to write will use the fmsadmin tool to make a backup of one of the served files to a temporary folder. This much I have working. But then I want to move the file to a different location controlled by the currently logged in user.

And there's the catch 22. fmsadmin can't write to the location I want the file to be in, and my account can't move the file to where I want because it doesn't have permission to move it. I can do it manually in the Finder, but only by putting in my account password.

Currently my (Python) script is having fmsadmin back the file up to /tmp/. The backup, even though it's a single file, actually creates a folder structure, duplicating the folder structure FileMaker uses for hosting the files. So the backup command results in the file being at /tmp/Databases/Subfolder/database.fmp12. Here are the ls results for each of those:

drwxrwxr-x  3 fmserver  wheel  96     Nov 17 16:01 Databases/
drwxrwxr-x  3 fmserver  wheel  96     Nov 17 16:01 Subfolder/
-rw-rw-r--  1 fmserver  wheel  954368 Nov 17 16:10 database.fmp12

Id like to move the file database.fmp12 to /Users/chuck/project-name/

drwxr-xr-x    8 chuck  staff   256 Nov 17 16:09 project-name/

How can I automate this in a (Python) script? Currently I run into permission errors when trying to move the file to where I want or when trying to save the backup where I want it. My goal isn't to solve this just on my system, but to make the script work on another user's system.

Improve this question
3
  • 1
    Could update the question to include the directories in question and the permissions and ownership for those directories? Commented Nov 18, 2017 at 0:45
  • Can you add your user to wheel? Commented Nov 18, 2017 at 1:20
  • @Olorin I had thought of that, but rejected it because (as I've edited the original question), the goal isn't to just get this working on my system, but to be able to copy this script to any macOS-based system running a local copy of FileMaker Server and have it work correctly. I'll experiment with adding the currently logged in user to the wheel group. If I can do that, it would probably suffice. Commented Nov 18, 2017 at 2:16

2 Answers 2

Reset to default
1

There are a few things you could do. The easiest thing might be to just add chuck to the wheel group. Is there a reason why that won't work?

Alternatively, you could try changing the owner of /tmp/Databases/ to the staff group and then setting the setgid bit on that directory, i.e.:

sudo chown :staff '/tmp/Databases/'
sudo chmod g+s '/tmp/Databases/'

Then all of the new files created in that directory should be owned by staff. In either case, you'll probably want to make sure that the fmserver user has the right umask, although based on what you've posted it looks like it does. Check out this post:

It looks you can use launchctl to set the umask on OS X:

launchctl config fmserver umask 002

There's also the fancier option of using access control lists. For more about that see the following AskDifferent post:

Improve this answer
7
  • I've edited the original question to reflect that I'd like this script to work without alteration on another system other than my own, but that may not be an option. I just tried to add chuck to wheel from the script (knowing I could later figure out what the logged in user's name is and substitute chuck for that), and got a permission error. I might just have to require that the other system has this done manually. Commented Nov 18, 2017 at 2:05
  • Adding chuck to wheel (with sudo dscl . -append /groups/wheel GroupMembership chuck) didn't work, when Python gets to the line that tries to move the file, it gets a permissions error. Commented Nov 18, 2017 at 2:13
  • @Chuck Do you have sudo privileges on the machine where you're running that command? Commented Nov 18, 2017 at 16:51
  • Yes, that's how I added chuck to wheel. And I can assume that any other machine I run this on will be installed by a user with sudo abilities. But I'd like to avoid requiring the script itself have sudo abilities (if that's even a thing). Commented Nov 18, 2017 at 19:16
  • @Chuck Ok, just checking. I wasn't sure you were able to do that. There is such a thing as requiring the script to have sudo privileges. Lots of software requires administrative privileges for various tasks - like the Finder, for instance, when it prompted you for your password. That said, I agree that it's much better to avoid that if at all possible. Commented Nov 18, 2017 at 19:23
0

After much help from igal, I found a solution. The end result I wanted was for a file written to by the fmserver user to be placed in a particular location. fmserver couldn't write to the folder, and chuck couldn't move it from the temp folder. Both users, however, were a member of the staff group, so editing the permissions for the target folder with chmod g+w project-folder was the answer.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.