Currently Being ModeratedAug 29, 2011 1:24 PM (in response to onetown)
Same problem here, but here are some more details from my experience.
1. The Server is 10.7.1.
2. All the clients are Microsoft Windows (2x Windows 7, and one Windows XP)
3. The Group (OfficeGroup) contains all of the needed users.
4. Each user can create a folder, or upload folders, and/or documents. However, depite having the ACL set (via server gui) to inherited permissions, each user "cannot" access each others files that have been saved/uploaded.
Currently Being ModeratedAug 30, 2011 4:02 AM (in response to Cybrwolf)
I am experiencing the same issue.
As stated by this Document however http://docs.info.apple.com/article.html?path=Server/10.7/en/t_SetPermissions.htm l saying "By default, each new entry has full read and inheritance permissions." this shouldn't be a problem.
I keep getting this error even though I performed the propagate permissions command using server.app several times now. Does anyone know how to set the default permission of newly created/uploaded files to the ACL of the parent?
Currently Being ModeratedSep 12, 2011 2:30 AM (in response to Stephen Holmes2)
I don't know if this will work for you but it did work for me. When you create a new Folder and set it as a new share in Server.app then you have to set the permissions. What I always did was to reset the name for the primary group which was staff for me. This was apparently wrong. You have to add (plus sign on the bottom) a new group or user and leave the rest like it is. Only then the propagated permission will have the expected effect. Apparently reassigning the primary group will not work.
Let me know if this solved your problem. Hope it did
Currently Being ModeratedSep 20, 2011 1:00 PM (in response to onetown)
Hi Everybody, My names Doctor Nic (LOL)
I too am experiencing the very same issue with a brand new Mac Pro running 10.7.1.
No matter what I do the permissions wont propagate down to the end users accounts.
This is very easy and straight forward on Windows systems but I do not have enough experience with Macs to know whether this is a flaw in 10.7.1 or if it is something that I missed.
Here is a link to a new discussion that I started just a couple of hours ago which gives more detatils:
I would very much appreciate comments (or even better yet a solution) to this issue <smile>
Thanks in advance.
Currently Being ModeratedSep 21, 2011 9:20 AM (in response to onetown)
I just wanted to share a complete and very simple solution to this issue on 10.7.1 (Lion) I cannot take credit for discovering it………. but I found it at:
“Joey Gibson’s Blog”
And he found it at another web site that he does not mention.
All you have to do is turn off AFP and use SMB instead.
(NOTE: I am working with 10.7.1 (Lion) this may not be an option on previous versions of OSX, I do not know for sure.)
Here is how I ran into this problem:
One of the companies that I support bought eight brand new IMac work stations and a brand new almost $6,000 Mac Pro server.
I copied all the existing data over from the seven year old Mac Server to the new server and setup the workstations. At first everything seemed fine. The end users were able to continue work just fine using all of their original data files.
But a problem soon surfaced:
Any and all NEW folders and files that were created going forward gave ONLY the creator (owner) full rights. Everyone else on the network had ONLY READ rights.
I double checked my configuration on the new server. Everyone was in a FULL ACCESS group, ACL’s configured properly and propagated rights down over and over.
But no matter how many fixes and modifications I made the RIGHTS on the server would NOT propagate down to the end users.
This is a serious flaw in AFP (Apple Filing Protocol)
To correct this issue all I had to do was turn off AFP and use SMB (Server Message Block) protocol by itself………. A MICROSOFT standard for many years.
After completely turning OFF AFP and restarting the server and workstations all of the end users now have full access as they should have had using AFP.
Currently Being ModeratedNov 9, 2011 11:41 AM (in response to onetown)
The solution is simple...
• Open the Server App.
• In the side bar on the left, click on the server under HARDWARE.
• Click on the "Storage" Tab.
• In the list of disks, click the triangle next to the disk you want to modify and navigate to the location where you want the shared folder to be... in my case, I want to create a shared folder inside the "Shared Items" folder.
• Click on the cog/down arrow and select "New Folder...".
• Give the new folder a name and click "Create".
• Select the newly added folder, click the cog below and edit the permissions.
• At that point, you can add the group you want to give access to (as an ACL) and you will notice that you now have the ability to control the Inheritance properties of the folder.
• Once done editing the permissions, share the folder as you normally would.
Hope this helps.
Currently Being ModeratedNov 16, 2011 2:08 AM (in response to Darryl C.)
So here is what I did wrong. I changed the default group that was already set for the share point. It is however IMPORTANT to ADD a new group or user if you want to keep the inheritance. As far as I know the default permissions are only responsible for posix and not for ACL. Be sure to add this new group on top of the others and then propagate the permissions.
Hope this helped somebody
Currently Being ModeratedDec 9, 2011 4:03 AM (in response to tekman101101)
This actually made it worse for me.
With AFP new files gave readWrite permission to the creator and read permission to everyone else
WIth SMB the creator gets the same readWrite, but everyone else gets "No Access" and can't even open new folders.
Currently Being ModeratedDec 9, 2011 12:18 PM (in response to onetown)
Sounds like something else may be going on with your server? <smile>
What I CAN tell you is that it worked flawlessly on this Mac Pro Server running OSX Lion 10.7.1.
When I first set up this Mac server, entering all of the end user accounts manually (NOTHING ported over from the old server) and created a FULL access (to the data drives) workgroup…….. ONLY the creator of NEW folders and files would have read/write privileges EVERYONE else had READ ONLY.
I checked and checked and rechecked all of the settings and spent hours researching the issue. And from the HUNDREDS of posts across the web it is obvious that this is a flaw in OSX Lion 10.7.1. (Note: this may have been corrected with the 10.7.2 patch???)
The minute I turned AFP (Apple File Protocol) OFF so that everyone was using the SMB protocol only……. it has now worked perfectly for the last four months. No matter who creates a new folder or file everyone has full read/write access. Just the way I configured it to be originally. This was the ONLY change that was made and the results were instant; right after the server and all ten Mac workstations were restarted.
I know how important AFP is to Mac’s so I was VERY skeptical of this solution. But from the overwhelming (approximately ninety percent) positive replies (as you will see by following the link below) to this simple solution I gave it a try and “ba-da-bing-ba-da-boom” it was like flipping a light switch it worked so well.
At first I was amazed that SMB (a Microsoft sharing protocol going back over twenty years) would work so much better than AFP. But in retrospect I should not have been surprised seeing how much else needs improving with Macintosh. (gees… so many GUI’s that have been standard in Windows for years STILL have not been written for Mac. Who uses command line interface any more….come on!)
Anyway for more information please see:
Currently Being ModeratedDec 9, 2011 2:58 PM (in response to tekman101101)
Darryl C is doing it the right way which will give you correct ACL permissions for both Windows and Mac users. We have had it working correctly under 10.7, 10.71, and 10.7.2 as well as Windows 7 64-bit.
AFP is faster than SMB on Macs so we use AFP for our Mac to Mac sharing and SMB for Mac to Windows sharing. It was pretty much the same in 10.6 but just had a different GUI.
As far as the command line goes, any admin worth his salt.
Currently Being ModeratedFeb 12, 2012 6:52 AM (in response to jjasper)
Yes Jjasper the way Darryl C. pointed out is the way it is SUPPOSED to work and I did that several times. But as you will notice from the hundreds of other people with this SAME EXACT ISSUE there is a flaw with 10.7.1.
This may have been corrected by now with updates from Apple???
And as far as your comment about command line interface….. I was using command line syntax years before GUI’s even existed!
The point was………. why would people bother writing GUI’s for the Mac OS when it is such a hassle to get anything approved to run on the Mac OS especially when all the money is on the Microsoft side with eight or nine Windows systems being purchased for every one Mac.
And all you Macintosh worshipers need to realize the ONLY reason Macintosh is still around is because of the millions of dollars that Bill Gates gave to Steve Jobs to keep Macintosh alive so Bill Gates could say that Microsoft was not really a monopoly. Steve Jobs to his credit did not put most of that into his computer division but instead came out with the IPod which all the music loving kids bought. So now Macintosh is going back up again.
If the proprietary hardware and software those Macintosh computers used was so great why are Macs now using Intel based hardware and running Windows apps like Office?