designhaus.eu

Q: El Capitan, Permissions not propagating on share

El Capitan, Permissions not propagating on share

 

Hello readers. I have a shared folder on my iMac 5k

Macintosh HD/Users/Shared/Enterprise Server

 

Myself and two users with read/write privileges save files and folders to this share

 

When we are creating folders and saving documents into this folder structure they retain the ownership rights of the creator/client rather than inheriting them from the enclosing folder

 

This makes it difficult to collaborate.

 

I have re-propagated permissions from Command+R startup which fixes the ownership for current files and folders but does not fix the inheritance issue for newly created items

 

I found similar stories on the web

 

It seems that POSIX is not enabling inheritance and that ACL is just missing

 

I was able to explicitly create ACL's using Tinker Tool and all works well on a test share. This reminded me of the tools in Apple Server.

 

Surely I should not need to do this using a third party application. Am I missing something? Am I asking to much of the non server OS?

MacPro's, iMac's, G5's, laptops, Mac OS X (10.5.7)

Posted on Dec 4, 2015 7:22 AM

Close

Q: El Capitan, Permissions not propagating on share

  • All replies
  • Helpful answers

  • by babowa,

    babowa babowa Dec 4, 2015 7:51 AM in response to designhaus.eu
    Level 7 (32,049 points)
    iPad
    Dec 4, 2015 7:51 AM in response to designhaus.eu

    I'm going to take a stab here (and may be wrong) and suggest that it might have something to do with the new SIP feature in El Capitan:

     

    About System Integrity Protection on your Mac - Apple Support

     

    (click on/read the root user link as well)

     

    If you'll do a search for 'disable sip' on these forums, there have been some threads with instructions on how to disable SIP in terminal.

  • by designhaus.eu,

    designhaus.eu designhaus.eu Dec 4, 2015 8:05 AM in response to babowa
    Level 1 (1 points)
    Dec 4, 2015 8:05 AM in response to babowa

    Thank you. Yes, I think you may be on the right track. I will set up a test on a spare machine. I am not willing to do that on a live 'server'!

     

    I am a huge Apple fan, one of 'the faithful' so I am reluctant to criticise… But it seems that the 'shares' simply won't be usable without changes to the process of inheritance. In which case I am surprised there are not more voices. Anyway, let us see what else is posted here

     

    Drew

  • by diegofromcrc,

    diegofromcrc diegofromcrc Apr 1, 2016 12:30 AM in response to Linc Davis
    Level 1 (4 points)
    Mac OS X
    Apr 1, 2016 12:30 AM in response to Linc Davis

    I tried this but it doesn't work

  • by cdhw,

    cdhw cdhw Apr 1, 2016 2:46 AM in response to designhaus.eu
    Level 4 (2,653 points)
    Servers Enterprise
    Apr 1, 2016 2:46 AM in response to designhaus.eu

    A couple of suggestions:

     

    Check that user 'foo' on the client has the same UID & GID as user 'foo' on the server

     

    Try creating a folder inside the mount-point:

     

         /Users/Shared/Enterprise Server/OurFiles

     

    and giving it the permissions and ACLS you want. Check that the ownership and permissions for OurFiles are correct on both server and client. Use OurFiles to put your stuff in. Check permissions, ownerships and ACLS using Terminal.app.

     

    C.

  • by Barney-15E,

    Barney-15E Barney-15E Apr 1, 2016 4:59 AM in response to designhaus.eu
    Level 9 (50,094 points)
    Mac OS X
    Apr 1, 2016 4:59 AM in response to designhaus.eu

    It seems that POSIX is not enabling inheritance and that ACL is just missing

     

    I was able to explicitly create ACL's using Tinker Tool and all works well on a test share. This reminded me of the tools in Apple Server.

     

    Surely I should not need to do this using a third party application. Am I missing something? Am I asking to much of the non server OS?

    By default the client version of OS X does exactly as you see. When you create a file, you are the owner and it doesn't allow the group to edit. You will have to set an ACL, either with Terminal or a third-party program to force inheritance.

    This will work, and needs to be set on the top-level folder. Once that is done, and you assign users to the group, all the group members will be able to have access to the files created by other group members and any new folders will inherit this ACL:

    sudo chmod -R +a "MySharingGroup allow delete,chown,list,search,add_file,add_subdirectory,delete_child,file_inherit,di rectory_inherit" /Users/Shared/Enterprise\ Server/

    Change the name of the group as you would like, and create it in Users & Groups. Add the desired users to that group in Users & Groups.

    The command will create the ACL and propagate it to all subfolders.

  • by Donkeywrangler,

    Donkeywrangler Donkeywrangler Aug 13, 2016 10:52 AM in response to Barney-15E
    Level 1 (8 points)
    Mac OS X
    Aug 13, 2016 10:52 AM in response to Barney-15E

    I couldn't get my terminal commands to work but buying OS X Server app worked for me

    Similar to this

     

    Sharing Permissions ****