5 Replies Latest reply: Jul 12, 2011 7:58 AM by jeremyfromwilmington
gcosgrove Level 1 Level 1 (0 points)

I'm using Snow Leopard 10.6.6 Server with about 10 Mac desktops running 10.6 also.  I'm confused about ACL vs. POSIX sharing permissions.

 

I would like to have shared folder(s) where anyone can create folders and files that have default READ & WRITE permissions so that any other desktop user can open/modify/edit, etc any of the folders and files within the folders.

 

I set a FOLDER A to have the following permissions:

ACL

     Everyone; Allow; Full Control; This folder, Child folders, Child Files, All descendants (inherited)

POSIX

     sysadmin; Allow; Read & Write; This folder

     admin; Allow; Read & Write; This folder

     Others; Allow; Read & Write; This folder

 

And then someone creates a folder named FOLDER B in FOLDER A and those permissions are:

ACL

     Everyone; Allow; Full Control; This folder, Child folders, Child Files, All descendants (inherited)

POSIX

     bob (or whoever created the folder); Allow; Read & Write; This folder

     admin; Allow; Read Only; This folder

     Others; Allow; Read Only; This folder

 

And files created within FOLDER B has permissions:

ACL

     Everyone; Allow; Full Control; This file (inherited)

POSIX

     bob (or whoever created the file/folder); Allow; Read & Write; This file

     admin; Allow; Read Only; This file

     Others; Allow; Read Only; This file

 

How can I set this up so that users can create folders and files that other users can read & write?


Mac OS X (10.6)
  • 1. Re: Default file sharing permissions
    Xepharalon Level 1 Level 1 (10 points)

    ACLs should be read first for access control, so you shouldn't have any problems with this setup. Have you actually encountered errors?

    If you're testing prior to applying this use the Effective Permissions Inspector (accessible through the gear under permissions settings of a share point) to see if your users have access. From server admin, select the AFP service, then from the Settings tab, select Access, and enable administrator to masquerade as any user. You can then create files and folders as different users and test your effective permissions again.

     

    Hope this works for you.

  • 2. Re: Default file sharing permissions
    VincensoXFIN Level 1 Level 1 (40 points)

    So you want your users to gain access to all new child folders? You set all the permissions right in the folder A, but I think you have forgot to propagate permissions.

     

    Go to folder A (the main folder), and see if your permissions are still OK, (Everyone; Allow; Full Control; This folder, Child folders, Child Files, All descendants (inherited)). Then click the gear button in the bottom of server admin and click propagate permissions, and OK on the popup. Then it will rewrite permissions to all child files and folders. Did this help?

  • 3. Re: Default file sharing permissions
    gcosgrove Level 1 Level 1 (0 points)

    According to the Effective Permissions Inspector, all of the users have access (which matches what the ACL Everyone Full Control SHOULD be doing), but users actually DON"T have full control.  It's acting like the ACL is being ignored completely and it's using the POSIX permissions instead.

     

    And I can propagate permission to "reset" the permissions, but as soon as someone creates a new file or folder, the NEW file and folders default to:

    ACL

         Everyone; Allow; Full Control; This file (inherited)

    POSIX

         bob (or whoever created the file/folder); Allow; Read & Write; This file

         admin; Allow; Read Only; This file

         Others; Allow; Read Only; This file

  • 4. Re: Default file sharing permissions
    VincensoXFIN Level 1 Level 1 (40 points)

    So, old files are still in the right permission format, and only the new files have issues?

     

    I dont know if you described the full structure of your share point, but please do. Are there more folders above this level of subfolders? Look to top of the disk and check the permissions in there. For instance try allowing full control to almost root level of disk to everyone for a while to see if it would help.

     

    Yeah, it really sounds like something is making the ACL to be ignored. Can you edit the POSIX?

  • 5. Re: Default file sharing permissions
    jeremyfromwilmington Level 1 Level 1 (0 points)

    Has anyone figured this out?  Im having the exact same problem and can't seem to be able to find a fix for it.  Any help would be greatful.