acinpdx

Q: file permissions - how to edit a user account

file permissions - how to edit a user account that is creating files with permissions that are not wanted anymore.

 

i understand how to reset permissions on files or folders, but i do not understand how to reset the permissions a user is "creating".

 

ie, each time this user creates a file, the file needs to be manually edited for its permissions. so i need to edit the user's settings, but i can't find where to do that.

 

this is a home office setup. we have two users with admin privileges. our imac is acting as a server of sorts - it holds common files that need to be edited by both users. the other user is typically working on shared files from a macbook over wifi.

 

osx 10.6.8

 

any help is greatly appreciated - thanks up front!

 

adam

iMac, Mac OS X (10.6.8)

Posted on Mar 30, 2012 10:48 AM

Close

Q: file permissions - how to edit a user account

  • All replies
  • Helpful answers

  • by Király,

    Király Király Mar 30, 2012 1:05 PM in response to acinpdx
    Level 6 (9,812 points)
    Mac OS X
    Mar 30, 2012 1:05 PM in response to acinpdx

    There's no reliable way to change a user account so that all of the files its user creates automatically have some custom permissions setting applied.

     

    But what you can do is use ACLs to make a sharing folder, wherein all files copied to or newly created in the folder get a custom permissions setting. If that sounds like what you want, post back and I'll post the details.

  • by fane_j,

    fane_j fane_j Mar 30, 2012 9:09 PM in response to Király
    Level 4 (3,667 points)
    Mar 30, 2012 9:09 PM in response to Király

    How about setting a custom umask in </etc/launchd-user.conf>? Wouldn't this work (but for all users, not a specific one)?

  • by jsd2,

    jsd2 jsd2 Mar 30, 2012 9:46 PM in response to fane_j
    Level 5 (6,210 points)
    Mar 30, 2012 9:46 PM in response to fane_j

    How about setting a custom umask in </etc/launchd-user.conf>?

     

    My recollection is that this does work in Snow Leopard (for all users) but not currently in Lion because the Lion Finder does not respect the umask settings.

     

    The utility TinkerTool System (not TinkerTool) has  a friendly GUI for this. This is the default:

    .

    .Screen shot 2012-03-31 at 12.23.02 AM.png

    Unchecking all the boxes and restarting will set the user umask to 000, granting read-write permissions on new objetcts for all users.

  • by Király,

    Király Király Mar 30, 2012 11:25 PM in response to jsd2
    Level 6 (9,812 points)
    Mac OS X
    Mar 30, 2012 11:25 PM in response to jsd2

    Changing the umask does not produce reliable results. Many apps, including Apple's own Finder, will override any custom umask setting and apply the OS X standard set of read and write for the creator, and read only for group and others. This is true even in Snow Leopard, and going all the way back to the beginning of OS X 10.0.

     

    ACLs on a specific folder or set of folders is the best way to set this up.

  • by fane_j,

    fane_j fane_j Mar 30, 2012 11:49 PM in response to Király
    Level 4 (3,667 points)
    Mar 30, 2012 11:49 PM in response to Király

    Király wrote:

     

    Changing the umask does not produce reliable results. Many apps, including Apple's own Finder, will override any custom umask setting and apply the OS X standard set of read and write for the creator, and read only for group and others. This is true even in Snow Leopard

    I cannot argue with you, because I've never tried or tested it myself. However, this KB article

     

    <http://support.apple.com/kb/HT2202>

     

    states the opposite:

     

    "In Mac OS X v10.5.3 and later, you can create the file /etc/launchd-user.conf with the contents "umask nnn". […]

     

    This will set the user's umask for all applications they launch, such as Finder, TextEdit, or Final Cut Pro, and control the permissions set on new files created by any of these applications."

  • by acinpdx,

    acinpdx acinpdx Apr 1, 2012 3:28 PM in response to Király
    Level 1 (0 points)
    Apr 1, 2012 3:28 PM in response to Király

    Thanks for the replies,

     

    but

     

    What are ACLs?

    What is umask?

     

    It doesn't sound like there's consensus or that there's global user permission control as i was hoping

     

    i'm not fully understanding the responses, sorry

     

    thanks!

  • by Király,

    Király Király Apr 1, 2012 3:30 PM in response to fane_j
    Level 6 (9,812 points)
    Mac OS X
    Apr 1, 2012 3:30 PM in response to fane_j

    The document you linked says it's for OS X Server. I don't know if the same rings true for the client version of OS X.

     

    acinpdx, ACLs are Access Control Lists; basically special sets of permissions that can be applied to override the standard POSIX permissions. A nice thing about them is that they can be set on a folder so that each item added has the folder's ACL permission settings inherited.

  • by fane_j,

    fane_j fane_j Apr 1, 2012 6:43 PM in response to Király
    Level 4 (3,667 points)
    Apr 1, 2012 6:43 PM in response to Király

    Király wrote:

     

    The document you linked says it's for OS X Server.

    Indeed, but client and server are architecturally identical, so I don't see any reason it shouldn't work. However, as always, the proof of the pudding is in the eating.