Previous 1 2 Next 15 Replies Latest reply: Apr 2, 2009 10:04 AM by Antonio Rocco
Rodrigo M. Ramos Level 1 Level 1 (0 points)
Hi fellows,
I have 2 completely different servers running on completely different locations, but with very similar issues.

Location A: Mac OS X Server 10.4.11, completely up to date, running flawlessly for about of couple of years. A few days ago, I happened a hard drive failure and I need to restore all data from a Retrospect backup to a brand new drive. I reconfigured all the share points and ACLs just like was before the crash, but several permission problems started to happen. The POSIX permissions are taking precedence over ACL!

For example: An user has full control (ACL) over a file (any kind of file), but if that user isn’t the owner (POSIX) and the staff group or everyone has ready only permission, that user couldn’t write/modify/delete that same file. The server is completely ignoring the ACL inherited from upper folders.

* When I reconfigured the share points and permissions, I used 10.5.5 Server Admin running on my Mac.


Location B: A brand new Mac OS X Server 10.5.6, completely up to date. Since day one we have several issues also regarding to permissions. Like location A above, the POSIX are taking precedence over ACL, BUT, the problem only appears to affect PowerPoint Files. Accessing via SMB, PowerPoint 2007 couldn’t even open the file on read only mode! Open via AFP on PowerPoint 2008 or via SMB on PowerPoint 2007, the file could be opened in read only mode.

If the user is the owner or became the owner, the problem doesn’t happen at all.

Running ls –le on Terminal, all the ACEs and POSIX are listed properly, using Effective Permissions Inspector all permissions appears to be ok, the user have full control over the file/folder.

Does anyone have any clue?

Thank you!

Message was edited by: Rodrigo M. Ramos

MacBook black 2.2GHz, 4GB, 320GB, Mac OS X (10.5.6)
  • Antonio Rocco Level 6 Level 6 (10,315 points)
    Hi

    +. . . hard drive failure and I need to restore all data from a Retrospect backup to a brand new drive . . .+

    I'm guessing you did not enable ACLs for that volume? Whenever enabling or disabling ACLs for a volume (replacement drive or otherwise) always restart the Server otherwise the ACLs don't 'take' and only POSIX permissions are honoured. This is the situation for 10.4. ACLs are not enabled by default. With 10.5 they are.

    Try to share a folder rather than the volume itself.

    Try to use the Server Administration tools that came with 10.4 to administer a 10.4 Server.

    Tony
  • Rodrigo M. Ramos Level 1 Level 1 (0 points)
    Hi Tony, the ACLs are enabled and the server was also restarted.
    My share points are folders, not the entire volume.

    The initial configuration i did using the 10.5 Server Admin, but after that i'm using the 10.4 Workgroup Manager.

    Thanks anyway!
  • Rodrigo M. Ramos Level 1 Level 1 (0 points)
    By the way, i don't know why i called you Tony! I read your name completely wrong...
    Sorry about that, Antonio.
  • Antonio Rocco Level 6 Level 6 (10,315 points)
    Hi Rodrigo

    That's OK either one will do and no need for any apologies my friend. Sorry I could not help.

    Tony
  • rkovelman Level 2 Level 2 (320 points)
    In the past I have seen Retrospect not copy over ACL's and the POSIX was just wrong. What I needed to do was basically clear out all the permissions from command line and make sure all files were
    Admin - read and write
    Administrators - read
    Everyone - read
    Make sure you do this in command line and propagate permissions through out the drive. I rebooted after. I then set the share up and as "Tony" said make sure you share files NOT the volume. I then went to each folder and set up the POSIX first again. Then I enabled ACL's and rebooted. Then I re entered the ACL's and propagated again.

    This is was like 2-3 years ago but it didn't fail me.
  • Rodrigo M. Ramos Level 1 Level 1 (0 points)
    I'll try that on 10.4.11 server (location A).
    But the mystery remains on the other 10.5.6 server (location B). Any ideas?

    Thank you
  • rkovelman Level 2 Level 2 (320 points)
    Location B...hmmm

    This is only PPT files?
    AFP is ok?
    SMB not ok?
  • Rodrigo M. Ramos Level 1 Level 1 (0 points)
    This is only PPT files?
    *- As far as i can tell, yes.*

    AFP is ok?
    SMB not ok?
    *- It happens on both protocols.*

    I know, it's pretty weird!
  • rkovelman Level 2 Level 2 (320 points)
    Is the PPT files in different share points or in the same one?

    If its in the same try a different share point

    If that works fine what about other office documents, word and excel?

    How far down in the share point is it? Or levels?
  • Rodrigo M. Ramos Level 1 Level 1 (0 points)
    rkovelman wrote:
    Is the PPT files in different share points or in the same one?

    *Different ones.*


    If that works fine what about other office documents, word and excel?

    *Only ppt opens as read only.*

    How far down in the share point is it? Or levels?

    *It varies a lot. Some files are 1 level deep, others are 3, 4...*

    Thanks!

    Message was edited by: Rodrigo M. Ramos
  • rkovelman Level 2 Level 2 (320 points)
    Interesting are these computer bound to OD / LDAP or do they just mount the drive and save the file?

    Have you tried to push permissions back down (propagate)?

    What Office is this? 2004 and 2007? Which is the mac using and vise versa?
  • Rodrigo M. Ramos Level 1 Level 1 (0 points)
    rkovelman wrote:
    Interesting are these computer bound to OD / LDAP or do they just mount the drive and save the file?

    *No computer is bound yet, but they will.*

    Have you tried to push permissions back down (propagate)?

    Yes.

    What Office is this? 2004 and 2007? Which is the mac using and vise versa?

    *2008 on Macs, 2007 and 2003 on PCs.*
  • rkovelman Level 2 Level 2 (320 points)
    The only Office bug that I have seen is this. Each user has a UID on there computer. If not bound to the server it goes by the UID on the system which turns out to be 100 lets say. If bound to the server and logged they use the UID off the server which no one can have the same number. Not sure if this would create a permission issue or not?

    2008 on macs - make sure they are fully updated but I think the only issue was Entourage? What were the PPT files made in?

    Again I am just trying to help I have no idea at this point. Sorry!
  • Anthony Helm Level 1 Level 1 (5 points)
    I'm having a similar problem since rebuilding an XRaid setup. POSIX permissions are fine, but ACLs are completely ignored. I've even gone in to modify them on the command line with no success.

    XServe running OS X Server 10.4.11
Previous 1 2 Next