Skip navigation

ACL Permissions on Lion Server File Share

489 Views 1 Reply Latest reply: Dec 3, 2012 6:22 AM by infinite vortex RSS
DSHJ Level 1 Level 1 (45 points)
Currently Being Moderated
Nov 30, 2012 11:36 AM

I've run into a problem with a Lion Server (10.7.5) where the ACL's of the file shares aren't working properly on client machines that log into the server. Client machines see the files in the share, but it's as if the ACL's aren't available or visible.

 

Users are logging in via OD authentication, and a group "Access" is applied to their user account.

The File Share in question has the "Access" group with full read/write permissions.

Permissions have been propagated to all files and folders within the share.

Inherited Entries were made explicit.

 

When logging in as a client machine on the network, using proper OD authentication credentials with the "Access" group applied to the user, I have access to the file, but if I try to save the file, I get an error that I don't have permission to save the file. If you look at the permissions on the file/folder from the client machine, it's as if the ACL's from the server don't exist.

 

When SMB users (Windows) try to save a file to the share, they're not accessible by the AFP users. Again, all files and folders in this share should have full read/write access for all "Access" users, which includes both AFP and SMB users.

 

I've tried:

Propagating permissions again

A new share (same problem, but on new share)

Accessing via other machines and user accounts

Turning off SMB

Rebooting all machines

Wiping off all ACL's and adding new ACL's

Calling Apple (they're also stumped)

 

 

Thoughts?

 

Other notes:

The share is on a Pegasus R4 connected via Thunderbolt.

Haven't had this issue before, and it seems recent after update beyond 10.7.2.

Had to rebuild OD from scratch after upgrade to 10.7.4 due to Kerberos problems. 

Mac mini, OS X Server, OS X Server 10.7.5
  • infinite vortex Level 7 Level 7 (21,400 points)
    Currently Being Moderated
    Dec 3, 2012 6:22 AM (in response to DSHJ)

    I had a problem with ACLs not being honoured if if the File Share was a volume rather than being a folder within a volume. However, this for me was fixed on 10.7.4. By the way, how are you "Wiping off all ACL's and adding new ACL's"? To clear out all sign of any ACLs from your file share directory I would use…

     

    sudo chmod -R -N [directory]

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.