File Sharing Permissions Problem When NEW Files Created

Question

Level 1

8 points

File Sharing Permissions Problem When NEW Files Created

My wife & I have a home office network setup for our business, and are having trouble with shared files over the network. We're both on Macs, and all of our client files reside on an internal hard drive in my Mac Pro. I've set her up as a "Sharing Only" user on my computer (which matches the username & password of her account on her iMac), and have properly setup file sharing in both the System Preferences, and in the directory itself that we want shared. I've also applied the permissions to all files & folders below the main folder, and she can view, open and save whatever she needs and it works great.

*Here's where the problem comes in...* If either of us create a NEW file or folder, the other person doesn't have WRITE access to it (we can browse and open it fine). The second I go to update a file she created, it won't let me over-write it, and I have to go into the permissions for that specific file and give myself Read/Write access. I've experimented with "Groups", and assigned both of us a special group, and applied that group access to that directory, but it doesn't make any difference when a NEW file or folder is created - it doesn't copy the parent directory permissions to itself, it makes one of us the owner, and nobody else has access.

Is there any way around this? We're both constantly creating new files, and it really hampers our workflow to have to keep re-applying file permissions every time one of us creates something new. Ideally, any new files created within that main client folder would automatically have the same permissions as the parent directory. Any help would be greatly appreciated! Thanks!!

Mac Pro (early 2008), 24" iMac, MacBook, Mac OS X (10.5.6)

Posted on Jan 22, 2009 12:38 AM

Reply

Answer 1

gotzenn Author

Level 1

8 points

Jan 23, 2009 10:02 AM in response to gotzenn

Anyone have any thoughts?

Reply

Answer 2

jaxjason

Level 5

5,063 points

Feb 6, 2009 6:13 PM in response to gotzenn

i have almost the same problem, and am not getting very hopeful since nobody has answered your question yet. Mine is even though I set up users I still get permission errors when trying to overwrite files. Heres hoping someone will see this and write us an answer.

One thought, does anyone have a folder action that we can place on the parent folder to automatically set the permissions on newly added files and folders?

Thanks,
Jason

Reply

Answer 3

red_menace

Level 6

17,066 points

Feb 6, 2009 7:20 PM in response to gotzenn

The standard POSIX permissions don't have inheritance, so if the owner of the file hasn't set the desired permissions, you won't be able to change it. You can use Access Control List (ACL) entries, which can be inherited (see your user's Drop Box, for example), but since there are several thousand combinations, you need to be careful that you understand and set the needed entries. The Finder's Get Info window doesn't let you mess with ACLs, and the Terminal may not be for everyone, so there are other utilities out there. Apple's Server Admin Tools can be used (you don't need to be running a server to use many of the tools), and another utility that puts a decent interface on the ACL entries is Sandbox.

Reply

Answer 4

Feb 9, 2009 4:22 PM in response to gotzenn

I'm glad to find this post but sorry for the other folks that have posted.

I've been trying to solve this for weeks, using both client Leopard and Server Leopard and neither of them will work for me.

The only entity that inherits permissions from the parent folder is a new subfolder...that works perfectly.

Apple seems to be in serious denial about this. I've been on the phone with their Enterprise (Server) group for more than 5 hours and no one has been able to solve this.

This is such a simple file sharing setup scenario, I can't believe this problem even exists! Sandbox didn't work for me, but the author is working on it, too. Hopefully, if no one else finds a solution, I'll have one via Michael.

It seems like there is something, somewhere in Leopard that prohibits files from inheriting the ACLs/permissions that are set in the folder that the file is saved/copied/moved into. My tests have used TextEdit and every file gets only POSIX info, meaning that the owner is the user who created it and s/he gets Read&Write access, while the group (despite the ACL that I created) and everyone else get Read Only.

So effectively, Apple prevents users from working on the same file without creating an administrative nightmare.

I sure hope someone tells me I'm wrong!

Reply

Answer 5

Király

Level 6

10,025 points

Feb 9, 2009 5:10 PM in response to bikesarefun

Here's how to do this with Access Control Lists.

1) Go to System Preferences -> Accounts. Unlock the padlock. Click the + button. Make a new group. Call this group "sharing" for the purposes of this exercise. Add the users you want to the group.

2) Make a new empty folder in /Users/Shared. Call it "sharefolder".

3) Log in to an admin account and paste all three of these lines at once into Terminal:

sudo chmod +a "sharing allow delete,chown,list,search,add_file,\ addsubdirectory,delete_child,file_inherit,directoryinherit" \ /Users/Shared/sharefolder

4) From now on, any files you create or copy to the sharefolder or to any of its subfolders will inherit read+write permission for all users in the group. If you have any existing files that you want to move into the sharefolder, a simple move by drag & drop won't cause the permissions to propagate. you need to hold down the option key while dragging them in. This will copy them over, ensuring that the ACL permission is properly inherited.

One other caveat: Files created by a small number of OS X apps won't inherit the permissions properly if saved directly into the ACL folder hierarchy. TextEdit is one such app. Save TextEdit files in a temporary location first, and then copy them in. Then they will have the correct permissions.

Reply

Answer 6

Király

Level 6

10,025 points

Feb 9, 2009 5:15 PM in response to bikesarefun

bikesarefun wrote:
My tests have used TextEdit and every file gets only POSIX info, meaning that the owner is the user who created it and s/he gets Read&Write access, while the group (despite the ACL that I created) and everyone else get Read Only.

TextEdit is a problem app with ACLs, because if the way it saves new files. It creates a temp directory first, saves the file there, then moves the file to the destination folder, and finally deletes the temp directory. Since files don't inherit ACLs when moved to an ACL folder (they need to be copied or newly created there), TextEdit files won't inherit any ACLs. I have filed a bug report with Apple about this; hopefully they will fix it someday soon.

See my other post in this thread for how to get around this with TextEdit files.

Reply

Answer 7

Feb 9, 2009 5:16 PM in response to Király

Thanks for your answer...it is totally on the mark.

Michael, the author of Sandbox, independently pointed me in this direction about 10 minutes ago.

You are the first to be aware of the caveat that you write: TextEdit doesn't work properly. I've since found that OpenOffice is another. Comic Life does work.

If anyone has more apps to add to this list, it would be super helpful, too.

And thanks for the copying workaround!

Reply

Answer 8

Király

Level 6

10,025 points

Feb 9, 2009 5:38 PM in response to bikesarefun

bikesarefun wrote:

You are the first to be aware of the caveat that you write

When I discovered it, I thought so too. But when I went and filed my Bug Report, Apple listed my bug report as a "duplicate". So presumably somebody before me reported it first.

I've since found that OpenOffice is another. Comic Life does work.

Safari (saving a web page to disk) and Grapher are two more OS X apps with the issue. I haven't tested any other third party apps.

Reply

Answer 9

Feb 9, 2009 5:47 PM in response to Király

Firefox and Thunderbird and Grab (an OS X app) work as expected...Preview (another OS X app) does NOT...

Reply

Answer 10

Király

Level 6

10,025 points

Feb 9, 2009 7:05 PM in response to bikesarefun

The best way for Apple to fix this would be to modify the HFS+ filesystem so that ACLs will get attached upon move, not just upon create or copy. That will fix the problem with Apple's own apps and with all third party apps too. But I have no idea if this is even possible without a complete HFS+ overhaul or even replacement with a new filesystem.

Reply

Answer 11

red_menace

Level 6

17,066 points

Feb 9, 2009 9:22 PM in response to Király

I would bet that their ACL implementation is one of the recognized standards. The inheritance is documented, but the way that some (OK, a lot) of their applications don't work with it is a bit of a surprise. I guess the rule for shared folders should be to only copy files to them.

And just to add to the list, BBEdit saved files work with the inheritance.

Reply

Answer 12

jaxjason

Level 5

5,063 points

Feb 10, 2009 7:09 AM in response to Király

Will try this when I get home. thanks alot, Hopefully this works. My wife works in the bedroom on her homework while I take care of our 3 y/o in the living room, keeping him out of her hair. But I still need to review her papers before submission. If this works, it will be a godsend!

Thanks alot,
Jason

Reply

Answer 13

Feb 10, 2009 9:41 AM in response to Király

I agree that the move command/implementation is the problem. All other issues would disappear if moving files inherited permissions from the folder they were moved into. That's how every other OS I've worked with operates - it's intuitive and simply common sense.

Thanks again for solving this mystery...let's see if Apple corrects the problem!

Reply