Skip navigation

Permissions issues

1168 Views 10 Replies Latest reply: Jul 4, 2012 4:21 PM by markduncan RSS
GreatGeek Level 1 Level 1 (0 points)
Currently Being Moderated
Mar 26, 2012 2:15 PM

Can someone tell me how to set permissions properly on my Mac Lion server? I can create a file and save it to the server. Later, I can't open the file to make additional changes to it. How can I set the permissions on a folder and roll them out to all of the files within the folder and set them to a specific group? It's easy in Windows but I'm new to Mac and would appreciate your help!

Mac OS X (10.7.2)
  • Javier Ruiz Calculating status...
    Currently Being Moderated
    Mar 27, 2012 3:40 PM (in response to GreatGeek)

    Not sure if this is what you are looking for:

     

    http://www.lagentesoft.com/batchmod/index.html

  • mistersquid Level 3 Level 3 (795 points)
    Currently Being Moderated
    Mar 27, 2012 11:43 PM (in response to GreatGeek)

    You need to provide a bit more information, please.

     

    What, exactly, are you doing when you "make additional changes to" your file? Which software are you using and/or by what means are you effecting your changes?

     

    Additionally, what is the exact error message you are presented?

  • Sam Venning Level 1 Level 1 (5 points)
    Currently Being Moderated
    Apr 2, 2012 7:29 PM (in response to GreatGeek)

    If you dig around these forums you'll see that SOME people are having LOTS of problems with Lion Server not honouring ACLs. My computer with Lion Server at home is working okay. Our two Lion Servers at work were honouring ACLs for a while but then stopped for no apparent reason.

     

    Unfortunately, it seems there is a bug in some installations of Lion Server that causes ACLs to be ignored. When ACLs aren't set the file server uses to POSIX permissions. The variable that controls the POSIX permissions for newly created files is called the 'unmask'. The default 'unmask' value sets group read-only access to new files and folders. You don't want to change the 'unmask' (too technical). Indeed, you shouldn't need to change the unmask if ACLs are working (ACLs override POSIX permissions... including the unmask restriction). I'm desperately waiting for Apple to fix Lion Server so that ACLs work reliably. hope 10.7.4 fixes the problem.

     

    One solution would be to abandon Lion Server (10.7) and revert to Snow Leopard Server (10.6). For the moment I'm sticking with Lion Server and applying read&write (group and others) permissions to all folders each day – not at all elegant.

     

    The PeachPit book "OS X Lion Server Essentials" is the best book I've found that explains OS X Server services and configuration. It has a very good explanation of POSIX ownership and permissions as well as ACLs.

  • Javier Ruiz Level 1 Level 1 (0 points)
    Currently Being Moderated
    Apr 3, 2012 10:54 AM (in response to GreatGeek)

    Apologies. I think the other replies are closer to what you are looking for. I misunderstood your issue. This app helps with resetting the ACLs on a  local user account. It looks like your having issues with server groups. I've found that 10.7 is extremely buggy and agree with other to revert to 10.6 if at all possible.

  • Javier Ruiz Level 1 Level 1 (0 points)
    Currently Being Moderated
    Apr 3, 2012 10:54 AM (in response to GreatGeek)

    Apologies. I think the other replies are closer to what you are looking for. I misunderstood your issue. This app helps with resetting the ACLs on a  local user account. It looks like your having issues with server groups. I've found that 10.7 is extremely buggy and agree with other to revert to 10.6 if at all possible.

  • Ian Butler Calculating status...
    Currently Being Moderated
    Apr 4, 2012 6:05 AM (in response to Sam Venning)

    I have a fix of sorts - works with OD users where the directory is on another machine. The problem does seem to affect a number of users BTW, with setups that were working fine suddenly ceasing to honor ACL settings, meaning that permissions are devolved to POSIX settings, which only allow limited inheritance.

     

    1. I have an OD group with 20 members, let's call that Production. It's ACL is being ignored for AFP on OS X 10.7.3 Server, but individual user ACL's from the OD are honored. Local user and group ACL's are honoured also.
    2. So I have created a local group called Prod_Users, using Server Manager. To that local group I have added my OD group mentioned above (since groups can be nested).
    3. I have then added this new local Prod_Users group to my shares as an ACL, giving it the required permissions include inheritance. This is best done by going to the Hardware -> Storage section of Server Manager, as there is a good deal more granularity available.
    4. This ACL is honored correctly, so obviating the need to fiddle with POSIX settings. Lets's hope a fix is forthcoming so we don't need these workarounds.
    5. Note - adding multiple OD groups to the local group works also.

     

    Ian

  • markduncan Level 1 Level 1 (0 points)
    Currently Being Moderated
    Jul 4, 2012 4:21 PM (in response to GreatGeek)

    I have a similar problem where I created several shares on an xserve with OSX 10.7.4 server that were working great but at some stage during the installation the users then couldn't see any shares except for shares where the POSIX had everyone set to read.

    After a bit of experimenting the ACL definately don't work which is annoying but I have found a work around, whether it stays working after this experience I'm not so confident.

     

    When I assign a group to a share the ACL's don't appear to work but if I assign a group to a group and then assign that to the share as an ACL it works.

     

    To expand on that more,  what i did was create a user group called Management_Share which I then assigned  read/write permissions to the Management shared folder.  I then added the Management group which contains all the users and made it a member of the Management_Share user group and bingo it works.

     

    Like I said before I can't confirm yet that it will stay judging by my experience here but it definately works now.

    Hope this helps.

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.