10 Replies Latest reply: Jul 4, 2012 4:21 PM by markduncan
GreatGeek Level 1 Level 1 (0 points)

Can someone tell me how to set permissions properly on my Mac Lion server? I can create a file and save it to the server. Later, I can't open the file to make additional changes to it. How can I set the permissions on a folder and roll them out to all of the files within the folder and set them to a specific group? It's easy in Windows but I'm new to Mac and would appreciate your help!


Mac OS X (10.7.2)
  • 1. Re: Permissions issues
    GreatGeek Level 1 Level 1 (0 points)

    No one? Really? Wow.

  • 2. Re: Permissions issues
    Javier Ruiz Level 1 Level 1 (0 points)

    Not sure if this is what you are looking for:

     

    http://www.lagentesoft.com/batchmod/index.html

  • 3. Re: Permissions issues
    mistersquid Level 3 Level 3 (795 points)

    You need to provide a bit more information, please.

     

    What, exactly, are you doing when you "make additional changes to" your file? Which software are you using and/or by what means are you effecting your changes?

     

    Additionally, what is the exact error message you are presented?

  • 4. Re: Permissions issues
    GreatGeek Level 1 Level 1 (0 points)

    I haven't seen the error message because it's happening with the users (and their office is an hour away from me) but they say the can create a file and save it to the server. Then if they open it later and make changes, it won't let them save it back to the server, saying they don't have permission. They've had to save files to their desktops, change the name on it. and then copy it to the server.

  • 5. Re: Permissions issues
    Sam Venning Level 1 Level 1 (5 points)

    If you dig around these forums you'll see that SOME people are having LOTS of problems with Lion Server not honouring ACLs. My computer with Lion Server at home is working okay. Our two Lion Servers at work were honouring ACLs for a while but then stopped for no apparent reason.

     

    Unfortunately, it seems there is a bug in some installations of Lion Server that causes ACLs to be ignored. When ACLs aren't set the file server uses to POSIX permissions. The variable that controls the POSIX permissions for newly created files is called the 'unmask'. The default 'unmask' value sets group read-only access to new files and folders. You don't want to change the 'unmask' (too technical). Indeed, you shouldn't need to change the unmask if ACLs are working (ACLs override POSIX permissions... including the unmask restriction). I'm desperately waiting for Apple to fix Lion Server so that ACLs work reliably. hope 10.7.4 fixes the problem.

     

    One solution would be to abandon Lion Server (10.7) and revert to Snow Leopard Server (10.6). For the moment I'm sticking with Lion Server and applying read&write (group and others) permissions to all folders each day – not at all elegant.

     

    The PeachPit book "OS X Lion Server Essentials" is the best book I've found that explains OS X Server services and configuration. It has a very good explanation of POSIX ownership and permissions as well as ACLs.

  • 6. Re: Permissions issues
    GreatGeek Level 1 Level 1 (0 points)

    Javier, I appreciate the app but it doesn't see my groups in Open Directory.

  • 7. Re: Permissions issues
    Javier Ruiz Level 1 Level 1 (0 points)

    Apologies. I think the other replies are closer to what you are looking for. I misunderstood your issue. This app helps with resetting the ACLs on a  local user account. It looks like your having issues with server groups. I've found that 10.7 is extremely buggy and agree with other to revert to 10.6 if at all possible.

  • 8. Re: Permissions issues
    Javier Ruiz Level 1 Level 1 (0 points)

    Apologies. I think the other replies are closer to what you are looking for. I misunderstood your issue. This app helps with resetting the ACLs on a  local user account. It looks like your having issues with server groups. I've found that 10.7 is extremely buggy and agree with other to revert to 10.6 if at all possible.

  • 9. Re: Permissions issues
    Ian Butler Level 1 Level 1 (35 points)

    I have a fix of sorts - works with OD users where the directory is on another machine. The problem does seem to affect a number of users BTW, with setups that were working fine suddenly ceasing to honor ACL settings, meaning that permissions are devolved to POSIX settings, which only allow limited inheritance.

     

    1. I have an OD group with 20 members, let's call that Production. It's ACL is being ignored for AFP on OS X 10.7.3 Server, but individual user ACL's from the OD are honored. Local user and group ACL's are honoured also.
    2. So I have created a local group called Prod_Users, using Server Manager. To that local group I have added my OD group mentioned above (since groups can be nested).
    3. I have then added this new local Prod_Users group to my shares as an ACL, giving it the required permissions include inheritance. This is best done by going to the Hardware -> Storage section of Server Manager, as there is a good deal more granularity available.
    4. This ACL is honored correctly, so obviating the need to fiddle with POSIX settings. Lets's hope a fix is forthcoming so we don't need these workarounds.
    5. Note - adding multiple OD groups to the local group works also.

     

    Ian

  • 10. Re: Permissions issues
    markduncan Level 1 Level 1 (0 points)

    I have a similar problem where I created several shares on an xserve with OSX 10.7.4 server that were working great but at some stage during the installation the users then couldn't see any shares except for shares where the POSIX had everyone set to read.

    After a bit of experimenting the ACL definately don't work which is annoying but I have found a work around, whether it stays working after this experience I'm not so confident.

     

    When I assign a group to a share the ACL's don't appear to work but if I assign a group to a group and then assign that to the share as an ACL it works.

     

    To expand on that more,  what i did was create a user group called Management_Share which I then assigned  read/write permissions to the Management shared folder.  I then added the Management group which contains all the users and made it a member of the Management_Share user group and bingo it works.

     

    Like I said before I can't confirm yet that it will stay judging by my experience here but it definately works now.

    Hope this helps.