1 Reply Latest reply: Nov 9, 2005 11:41 PM by Gerrit DeWitt
Oliver Kess Level 1 (45 points)
I updated my 10.3.9 server to 10.4.2.
All shares, users and groups and the whole OD was updated fine. All mobile user accounts were still manageable. After one week of stable functionality I got the expression that everything is doing fine.
That changed when I had to enter a new user to the server.
The newly entered user did not see any shares. See my post Oliver Kess, "Shares and Guest Access - unable to see Share without it", 02:07am Nov 7, 2005 CDT
I started doing deeper research. I activated detail view and looked into the group memberships.
The following disturbs me:
The group "all" is used to make share access available.
The shares are set:
owner: admin read/write
group: all read
everyone: nothing
Now when I watch detail view I notice there are three different settings:
GroupMembers, GroupMembership and Member
Only two of these groups contain all the users, the two are GroupMembership and Member.
The third group GroupMembers only contains the users that are newly created after the update to 10.4.2 server.
Can anyone help me on this one, why is this so?
Could this have something to do with the topic mentioned on my link above, that newly created users do only get access to the shares when the access right for everyone is set to read?
Any comment is appreciated!
  • Gerrit DeWitt Level 4 (3,900 points)
    In Workgroup Manager, click the Groups tab, select one of the desired groups and click the Update Legacy Group button to create a global unique ID (generated ID) for the group. Tiger Server uses GUIDs for groups and users along with GIDs and UIDs.

    Generally speaking, the GUIDs serve two purposes:

    1. They allow users and groups to be identified globally for use with Access Control Lists.

    2. They allow stricter membership checking by the memberd process. This process extends the POSIX group membership model to allow users to be members of more than 16 groups and allows groups to be nested within groups.

    POSIX group membership entries still exist: the primary group and the POSIX group memberships are used when checking to see if POSIX group access should be granted to the connecting user for a filesystem object.