10.4 AFP Group Permissions

I have been having this problem for a while, this post fixed the problem so far. (I.E. folders created will not have restricted permissions for other users if these ownership and permissions are set on the volume.) Thank you Andreas. How did you arrive at these settings?

Hi,
my solutions only seems to work by creating an modifying folders and files on this sharepoint. If I want to copy something from another sharepoint or Volume to this sharepoint with the 2775-permissions I run into an error.

The error message tells me to have not the right permissions, if I still ignore this and continue the files are still copied correctly.

So my conclusion is, that this might not be the best workaround of all.
So I tried to find another solution:
The Finder seems not to able to handle the "unix-based sticky bit". Apple implemented it for AFP-Services by using the "inherit permissions from parent"-flag. Same meaning but different implementaion.

Finally I changed the permissions of the server back to 775 recursively.

The I took the "TinkerTool", http://www.bresink.com/osx/TinkerTool.html and changed the "umask" for the Finder Application on the Tiger-Client.
Per default Finder new created Folders and Files have the permissions rwxr-xr-x.
With this tool I can change it to group write-/readable permission per default.

This change is saved to the user's com.apple.finder.plist file.

I ditribute the com.apple.finder.plist to the TigerClients and
now Tiger Clients really can work as usual on a Panther-server-sharepoint.

I agree, another hack....but I hope it might be helpful for you also.

Andreas

can anyone confirm that this has been fixed with 10.4.2?

I can confirm that it does NOT appear to be fixed. Fortunately, my Xserve has not been rolled out for production use yet. I'll be working to get this resolved this week. I hope to avoid the use of ACLs if I can. I've heard they don't work right either.

I'm wondering if modifying the umask settings on the client machines might fix this. I know how to do this for bash, but I'm not in a way the Finder will respect.

My box is bound to an AD, btw, and thats where the user accounts are being setup and managed. Is the key there, perhaps? I'm new to AD.

Thanks.

I found that the 10.4.2 update removed group ownerships when the group was an Active Directory group (my local groups were uneffected).

I've also found that when users log into AFP shares that they have group permissions for, they cannot see any of the files. Tiger clients work fine.

At last!!! I have found some people having the same problem!! I have been banging my head against a wall with Apple.

I have 3 Xserves at two sites, all running 10.3.9 Server. We purchased 10 iMac G5's with Tiger and I am having a nightmare with users unable to create folders. Is anyone having the problem with 10.3.9 server and 10.4.2 clients?

The owner of our shares is admin: r+w, group: somegroup r+w, everyone: no access but users are unable to create directories. Even when I check the permissions via term they are drwxrwx _. I have tried modifiying the share using chmod as described earlier in this post but users are unable to create folders with folders created by other users.

This issue only occurs when logging on to the LDAP and does not happen when users logon to a local account on the client then manually connecting to the remote server via the 'connect to server command'.

Has anyone got a fix? Or a temp solution while we wait for a fix from Apple?

Any help would be much appriciated.

James
ACTC.

That link does not work ....

Your best bet for triggering permissions setting on a folder would be to use a launchd item for your Tiger clients. You can write one to watch the contents of a server directory and run a particular shell script when the contents are modified.

Before you start, make sure you're familiar with chown, chmod, launchd, and launchctl. Some examples can be found at afp548.com.

--Gerrit

I agree that the problem is client-side for Mac OS X 10.4.2 clients.

You can fix the problem of not being able to create files or folders on share points or not having group and everyone permissions inherited if you properly implement Access Control Lists (ACLs). Please see my post: http://discussions.info.apple.com/webx?128@@.68b4dcdf

However, Tiger clients experience other permissions problems as well. Namely, users whose home directories reside on an AFP share point have permissions errors when files are copied to them from user-mounted AFP share points whose mount points appear in /Volumes. I have this situation documented here: Gerrit DeWitt, "AFP Insufficient Privileges Error - 10.4.2 Finder Bug" #1, 11:30pm Sep 30, 2005 CDT

I hope these details help!

--Gerrit