14 Replies Latest reply: Apr 22, 2009 3:52 PM by Eden Sarfaty
Eden Sarfaty Level 1 Level 1 (80 points)
I want to be able to copy and move files between two user accounts so that each user will have read-write permsssions for those files. I have the standard Shared User folder (HD:Users:Shared), and the standard Users' Shared folders.

More specifically, I want to copy or move files to either of these shared folders and have those files take on the permissions of the shared folder into which they are copied or moved. As of now they do not do that; whether copied or moved, they retain the permissions they were created with.

"Apply to enclosed items" only works to change permissions for items already in a folder, not for new items. I haven't found a Folder Action for the purpose, nor anything in Automator that would appear to help.

iMac Core2Duo 20' 2.4, Mac OS X (10.5.6)
  • Carolyn Samit Level 10 Level 10 (95,975 points)
    Hello,

    Check this post by, "joshz" ... http://discussions.apple.com/thread.jspa?threadID=1788541

    Anything help there???

    That link is available at the top of the Leopard category. http://discussions.apple.com/forum.jspa?forumID=1225






    Carolyn
  • Király Level 6 Level 6 (9,560 points)
    You can set this up with ACLs. It requires a little tinkering on the command line, though.

    First go to System Preferences -> Accounts. Unlock the padlock and click the + button. Make a new group (not a new user). Call it something like "sharegroup". Add the users to it to whom you wish to grant access.

    Then go to /Users/Shared. Make a new folder there called "sharefolder" or something similar. Move all your files to be shared into this folder.

    Then log in to an admin account and paste all three of these lines into Terminal at the same time:

    sudo chmod -R +a "sharegroup allow delete,chown,list,search,add_file,\
    addsubdirectory,delete_child,file_inherit,directoryinherit" \
    /Users/Shared/sharefolder


    From this point on, any file or folder you newly create or copy to any location in the sharefolder hierarchy will have full read+write permission to all the users in the group. Note that if the file already exists in a different location and you attempt to move it in, the permissions won't inherit. So hold down the option key when dragging to ensure the file is copied and not moved.

    Also, a small number of certain applications (Apple's TextEdit is one of them) will ignore the directive to have new files inherit the permissions and will supply the OS X defaults. You'll have to save these apps' new files in a temporary location first and then copy them in with Finder for the permissions to inherit properly.
  • KJK555 Level 4 Level 4 (2,895 points)
    Easiest sweetest way is to create a read/write sparse disk image and place it in your /Users/Shared
    directory.

    The default method for mounting disk images will result in the user having full ownership privileges
    of all the files & folders contained therein. Thus when scanning a mounted disk image, and copying
    data to/from it, there will be no permission related errors. The implications of this become huge
    when you realize that anyone who mounts a DMG will have full access. This allows you to share your
    data with other users without having to worry about access restrictions. This can be invaluable when
    synchronizing with a "central repository" that you need several users to have access to.

    Creating a blank disk image for storage
    You can use Disk Utility to create a blank disk image to store files. Normally, you need to gather all
    the files you want to be included into a single location before you create a disk image. However,
    with a blank disk image, you can add files to the image at any time.

    To create a blank disk image, Open Disk Utility:
    Choose File > New > Blank Disk Image.
    Type a name for the disk image, and choose where you want to save it from the pop-up menu.
    In Volume name, enter the name for the volume that appears on your desktop when you double
    -click the disk image.
    Choose the size of the disk image from the Volume Size pop-up menu.
    To require a password to open the disk image, choose an encryption scheme from Encryption.
    Choose “Single partition - Apple Partition Map” from the Partitions pop-up menu.
    Choose “sparse bundle disk image” from the Image Format pop-up menu.
    Click Create.

    Resizing a disk image
    If you can read from and write to a disk image, you can make it larger or smaller when you either
    need to save disk space or store more in it.

    To resize a disk image:
    Open Disk Utility. Select the disk image if it appears in the list of disks and volumes, and then click
    Resize in the toolbar.
    Otherwise, click Resize in the toolbar, and then select a disk image from the dialog that appears.
    Select a new size.
    ##
    You can even get fancier by creating a small app with automator that will mount the image, then
    place it (the app) in each user's login startup item list. Then the image will mount on the desktop
    when the user logs in and will be easily accessible like any other mounted disk.

    Kj
  • Király Level 6 Level 6 (9,560 points)
    KJK555 wrote:
    Easiest sweetest way is to create a read/write sparse disk image and place it in your /Users/Shared directory.


    You forgot to mention to change the permissions of the .sparseimage file to read+write for the other user. If User A creates a disk image, no other user can modify its contents until User A makes it group or world writable.

    But even if that is done, the problem with sparse images is that they do not work well with fast user switching, because sparse disk images cannot be mounted in more than one user account at the same time. If User A mounts the disk image, and then User B logs in, nothing in the disk image will be accessible. User A must log back in, unmount the image, then switch to B, and remount it under that account.

    Some might find that an acceptable solution, but it would drive my wife and me nuts!
  • KJK555 Level 4 Level 4 (2,895 points)
    Very true, if going multi-user (at the same time) disk images won't do.

    In that case ACL's are the only good solution. That's how I share my iTunes library.

    Another excellent way to share data is to set up and share data on an NTFS drive
    (provided of course you are using an NTFS read/write driver).
    You can even share your data with your boot camp installation using NTFS.
    This works real well using Paragon NTFS. Even the extended attributes are
    preserved.

    Kj
  • Eden Sarfaty Level 1 Level 1 (80 points)
    Carolyn, if I'm reading it right, the post you've linked to warns against "Apply[ing permissions] to enclosed items" at the Home Folder level - which, fortunately, I have not done - and explains how to restore one's Home Folder permissions if one has, unfortunately, done so. There are no permissions issues in moving or copying files between folders in the Home Folder of any of the multiple users on the several Macs on my network. However, I will retain the information on how to restore in case any of my other users applies this command to his or her own Home Folder - so, thanks.
  • Eden Sarfaty Level 1 Level 1 (80 points)
    I do use sparse disk images for other purposes, but as Király noted and I have found, they are not useful for this purpose in the context of fast user switching, which is crucial for my workflows.

    As for an Automator app, I'm unhappy to say that every time I have attempted to use Automator I have not found a suitable Action or combination thereof to accomplish whatever task it is I'm trying to automate. I suspect that for present purposes an Applescript could be written to use as a Folder Action, but I'm not able to invest the time to learn Applescript. In any event it appears that in lieu of an Automator app I could achieve the same result (to mount a disk image as a Login Item) simply by dragging the disk image or an alias thereof into the Login Items pane of the user in question. Works every time, but has the same deficiency in the context of fast user switching as noted above.

    Thank you for your thoughts.
  • michael@wengam Level 1 Level 1 (10 points)
    There is also the option of putting the shared documents on a separate hardware volume--either another partition on the boot drive or another drive inside the machine or attached to it externally--with the setting to 'ignore permissions' in its 'Get Info' window.

    I tried it, it seems to work: every user can access files, edit and save them, or delete them. Users connecting from another machine on the local network can also do so. Time Machine/Capsule automatically backs up the contents of the drive, at least when it is internal (my situation).

    If I adopt it, backups will be more complicated, it might also affect performance.

    I think I would rather partition one drive into two partitions: a boot partition for system, applications and user folders, and a shared partition for shared documents. Is that better/worse than having two separate drives running in the same machine?

    Anyone have experience of this, or pros and cons to consider?
  • Eden Sarfaty Level 1 Level 1 (80 points)
    In fact, I had previously created a "sharegroup" for this purpose : )

    However, the folder I have specifically designated for this function is a sub-folder of my own (User1) Shared Folder. I don't see that this should make any difference - should it? - apart from the fact that the Terminal commands you have provided would have to be slightly modified, which I am not competent to do without validation from someone who is. For example:

    sudo chmod -R +a "sharegroup allow delete,chown,list,search,add_file,\
    addsubdirectory,delete_child,file_inherit,directoryinherit" \
    /Users/User1/Shared/SharedWithUser2

    Apart from whether I've got what I think should be a couple of simple substitutions right, I do not understand why the same inheritance properties are not carried by the "Apply to enclosed items" command under the Action button in the Sharing and Permissions pane of the Get Info window. It seems to me that if all one wanted to do was to change the permissions for the items that are in the folder at a specific time, without automatically applying those permissions to any future items created or copied to that folder, all one would have to do would be to Edit>Select All, File>Show Inspector, then unlock and change the permissions.

    Such are the persistent infelicities of OS X. Maybe Snow Leopard. Nah.

    Message was edited by: Eden Sarfaty
  • Eden Sarfaty Level 1 Level 1 (80 points)
    I presently do what you are suggesting for some sharing purposes (for example, an iPhoto Library) on an external network drive that has several sharepoints, each of which has a different set of user permissions, ranging from different single users to all users. But it does indeed complicate backup, it can affect performance when what one is doing is processor- or network-heavy, and it is rather cumbersome for what should be a simple built-in function of the multi-user sharing scheme.
  • Király Level 6 Level 6 (9,560 points)
    In 10.3 and earlier I used to do exactly that - put my shared stuff on an external drive and check the Ignore Ownership button. All files were available to all users then with full read+write permission.

    But that made backups tedious. When 10.4 came along I was happy to dump the old method and move all my files to the boot volume, and set the ACLs to accomplish the same thing. Been doing that ever since.

    Eden Sarfaty, the Terminal command you included in an above post looks just fine to me.
  • KJK555 Level 4 Level 4 (2,895 points)
    "In fact, I had previously created a "sharegroup" for this purpose : )
    However, the folder I have specifically designated for this function is a sub-folder of my own (User1) Shared Folder. I don't see that this should make any difference - should it?"

    If a folder is in your home directory it will not be accessible by other users unless it on the first level
    (where your Public and Sites folder is located).
    ##

    "I do not understand why the same inheritance properties are not carried by the "Apply to enclosed items" command under the Action button in the Sharing and Permissions pane of the Get Info window."

    Finder's permission handling is crude and unpredictable. All I ever use it for is getting a quick look
    at permissions.
    Do yourself a favor and get yourself a good posix permissions program like FileXaminer and learn
    the terminal commands chmod and chown. The terminal is still the King when it comes to changing
    permissions on directory structures and apps.
    For ACL management, Sandbox is the only GUI available. Chmod is still the most powerful ACL
    manager though, as it can place and remove ACL's on files as well as folders and can traverse
    directory structures easily.

    Kj

    recommend reading:
    http://manuals.info.apple.com/enUS/File_Services_Adminv10.5.pdf
    http://manuals.info.apple.com/enUS/Command_Line_Adminv10.5.pdf
    http://www.afp548.com/filemgmt/index.php?id=40
    http://manuals.info.apple.com/enUS/File_Services_Adminv10.5.pdf
    http://support.novell.com/techcenter/articles/anp20010601.html
    recommended app:
    http://www.apple.com/downloads/macosx/unixopensource/clix.html
  • Eden Sarfaty Level 1 Level 1 (80 points)
    "If a folder is in your home directory it will not be accessible by other users unless it on the first level
    (where your Public and Sites folder is located)."
    ##
    Well, I can't say I've seen this helpful little fact before. Thank you. And for the light-reading links you provided, thank you as well. For all the time I've spent rooting around now and again, I'm sure I could have read them. Maybe even understood them : )
  • Eden Sarfaty Level 1 Level 1 (80 points)
    ... the Terminal command you included in an above post looks just fine to me.


    Thank you for the help.