by Michael Miller on April 15, 2014
So for a long time, there was a group set on the Out of a Jam Staff wiki. And lo, all was well. Users were added to the group, and access was had by all.
Then, one day, Michael added a new employee to the JamStaff group and and behold – they had zilch for permissions on the wiki. Being in the middle of running around like a chicken with its head cut off and its hair on fire, Michael simply added the user directly and gave them access. “I’ll fix that someday,” he told himself and, as is always the case with such things, someday never came. As time went on, it got more and more annoying, but he got more and more used to it as well, so there you go. Apathy is the immovable object.
Fast forward to today, and not only did being part of the group do zip, but it actually wasn’t possible to add a user directly to the wiki either. Oh, you could add, but saving would give a nasty red message saying ‘Error Saving ACL’s’. Wondering if the ill fated group, which lit up in red at that message as well and was set as owner, might be part of the problem, Michael attempted to delete it. When it vanished, attempting to save just gave an unhelpful ‘Error Saving Settings’ and that’s it.
So, long story short, it became increasingly apparent that something was up with that group and it was messing things up. Longer story shorter, the Wiki imports a group UID upon the initial group creation, and then, should one happen to delete and re-create the group, will not update with the new UID. Makes sense, but what are you to do when you can’t even remove the group anymore from the standard interface?
So, here’s how you fix it.
NEEDLESS TO SAY DO NOT GO MUCKING ABOUT IN YOUR WIKI DATABASE IF YOU DO NOT KNOW FOR A FACT YOU HAVE THE WORLDS MOST AWESOME BACK UP OF IT YOU COULD DESTROY IT FOREVER THANK YOU.
First, fire up Server.app and go to Tools > Directory Utility. From there, go to ‘Directory Editor’ and choose ‘Groups’ from the ‘Viewing’ drop down menu.
Click on the group in question and select ‘GeneratedUID’ from the list and copy out the value there.
Then fire up the Terminal and put in the following:
sudo psql -h “/Library/Server/Wiki/PostgresSocket” –username=collab
This will fire up psql and -h gives it the location of the database to connect to. It’s worth noting that particular string won’t work for any number of other useful postgres commands like dumpall for backups, due to Mavericks annoyingness involving sockets. But that’s a painful story for another day. –username=collab defines that hey, you want to connect as the collab user. This is good, because collab is the user assigned to the collab database, which is the wiki database.
Then, type in
This lists all the tables in the database. The one we want is, in this case, groups
SELECT * FROM groups;
Will show (select) all (the * wildcard definition) from the groups table. You could put in a term instead of *, if you know what you are looking for. This command will show you the columns in the groups table.
The column we want in this case is group_id. We want to change the group id for the troublesome group in question. So, type the following:
UPDATE groups SET group_id = ‘NEW-GROUP-ID’ WHERE group_id = ‘OLD-GROUP-ID’;
So, UPDATE modifies the table, SET defines the column to be modified and the first = is the new value. WHERE says ‘only put this data in the column I’m about to define that has the data I’m going to define’. Which, in this case, is group_id again and the old, existing, incorrect group ID again in single quote marks.
So, the command I ran to fix one of the groups was, exactly:
update groups set group_id = ‘0E52D7BF-2332-4C0D-95BC-263C4CF50AAE’ where group_id = ‘1B3A214D-A301-4C94-A473-0161EC51F881’;
After correcting our staff group, it properly went away and quit lighting up in red when I went to edit it in the web interface, but another gorup started to do so. It, too turned out to be a carry over with an incorrect UID. When I updated it to the proper current UID all was well.
By the way, just be safe, after doing the above edits I did
sudo serveradmin stop wiki
sudo serveradmin start wiki
To start and stop the service before checking back in on it.
Now, adding a user just to the group alone (once I re-added it) is all one needs to do to give the user access! Huzzah!