Multiple users - shared folders - file permissions

Hello,

Check this post by, "joshz" ... http://discussions.apple.com/thread.jspa?threadID=1788541

Anything help there???

That link is available at the top of the Leopard category. http://discussions.apple.com/forum.jspa?forumID=1225






Carolyn 🙂

You can set this up with ACLs. It requires a little tinkering on the command line, though.

First go to System Preferences -> Accounts. Unlock the padlock and click the + button. Make a new group (not a new user). Call it something like "sharegroup". Add the users to it to whom you wish to grant access.

Then go to /Users/Shared. Make a new folder there called "sharefolder" or something similar. Move all your files to be shared into this folder.

Then log in to an admin account and paste all three of these lines into Terminal at the same time:

sudo chmod -R +a "sharegroup allow delete,chown,list,search,add_file,\
addsubdirectory,delete_child,file_inherit,directoryinherit" \
/Users/Shared/sharefolder

From this point on, any file or folder you newly create or copy to any location in the sharefolder hierarchy will have full read+write permission to all the users in the group. Note that if the file already exists in a different location and you attempt to move it in, the permissions won't inherit. So hold down the option key when dragging to ensure the file is copied and not moved.

Also, a small number of certain applications (Apple's TextEdit is one of them) will ignore the directive to have new files inherit the permissions and will supply the OS X defaults. You'll have to save these apps' new files in a temporary location first and then copy them in with Finder for the permissions to inherit properly.

Easiest sweetest way is to create a read/write sparse disk image and place it in your /Users/Shared
directory.

The default method for mounting disk images will result in the user having full ownership privileges
of all the files & folders contained therein. Thus when scanning a mounted disk image, and copying
data to/from it, there will be no permission related errors. The implications of this become huge
when you realize that anyone who mounts a DMG will have full access. This allows you to share your
data with other users without having to worry about access restrictions. This can be invaluable when
synchronizing with a "central repository" that you need several users to have access to.

Creating a blank disk image for storage
You can use Disk Utility to create a blank disk image to store files. Normally, you need to gather all
the files you want to be included into a single location before you create a disk image. However,
with a blank disk image, you can add files to the image at any time.

To create a blank disk image, Open Disk Utility:
Choose File > New > Blank Disk Image.
Type a name for the disk image, and choose where you want to save it from the pop-up menu.
In Volume name, enter the name for the volume that appears on your desktop when you double
-click the disk image.
Choose the size of the disk image from the Volume Size pop-up menu.
To require a password to open the disk image, choose an encryption scheme from Encryption.
Choose “Single partition - Apple Partition Map” from the Partitions pop-up menu.
Choose “sparse bundle disk image” from the Image Format pop-up menu.
Click Create.

Resizing a disk image
If you can read from and write to a disk image, you can make it larger or smaller when you either
need to save disk space or store more in it.

To resize a disk image:
Open Disk Utility. Select the disk image if it appears in the list of disks and volumes, and then click
Resize in the toolbar.
Otherwise, click Resize in the toolbar, and then select a disk image from the dialog that appears.
Select a new size.
##
You can even get fancier by creating a small app with automator that will mount the image, then
place it (the app) in each user's login startup item list. Then the image will mount on the desktop
when the user logs in and will be easily accessible like any other mounted disk.

Kj

KJK555 wrote:
Easiest sweetest way is to create a read/write sparse disk image and place it in your /Users/Shared directory.

You forgot to mention to change the permissions of the .sparseimage file to read+write for the other user. If User A creates a disk image, no other user can modify its contents until User A makes it group or world writable.

But even if that is done, the problem with sparse images is that they do not work well with fast user switching, because sparse disk images cannot be mounted in more than one user account at the same time. If User A mounts the disk image, and then User B logs in, nothing in the disk image will be accessible. User A must log back in, unmount the image, then switch to B, and remount it under that account.

Some might find that an acceptable solution, but it would drive my wife and me nuts!

Very true, if going multi-user (at the same time) disk images won't do.

In that case ACL's are the only good solution. That's how I share my iTunes library.

Another excellent way to share data is to set up and share data on an NTFS drive
(provided of course you are using an NTFS read/write driver).
You can even share your data with your boot camp installation using NTFS.
This works real well using Paragon NTFS. Even the extended attributes are
preserved.

Kj

There is also the option of putting the shared documents on a separate hardware volume--either another partition on the boot drive or another drive inside the machine or attached to it externally--with the setting to 'ignore permissions' in its 'Get Info' window.

I tried it, it seems to work: every user can access files, edit and save them, or delete them. Users connecting from another machine on the local network can also do so. Time Machine/Capsule automatically backs up the contents of the drive, at least when it is internal (my situation).

If I adopt it, backups will be more complicated, it might also affect performance.

I think I would rather partition one drive into two partitions: a boot partition for system, applications and user folders, and a shared partition for shared documents. Is that better/worse than having two separate drives running in the same machine?

Anyone have experience of this, or pros and cons to consider?

In 10.3 and earlier I used to do exactly that - put my shared stuff on an external drive and check the Ignore Ownership button. All files were available to all users then with full read+write permission.

But that made backups tedious. When 10.4 came along I was happy to dump the old method and move all my files to the boot volume, and set the ACLs to accomplish the same thing. Been doing that ever since.

Eden Sarfaty, the Terminal command you included in an above post looks just fine to me.

"In fact, I had previously created a "sharegroup" for this purpose : )
However, the folder I have specifically designated for this function is a sub-folder of my own (User1) Shared Folder. I don't see that this should make any difference - should it?"

If a folder is in your home directory it will not be accessible by other users unless it on the first level
(where your Public and Sites folder is located).
##

"I do not understand why the same inheritance properties are not carried by the "Apply to enclosed items" command under the Action button in the Sharing and Permissions pane of the Get Info window."

Finder's permission handling is crude and unpredictable. All I ever use it for is getting a quick look
at permissions.
Do yourself a favor and get yourself a good posix permissions program like FileXaminer and learn
the terminal commands chmod and chown. The terminal is still the King when it comes to changing
permissions on directory structures and apps.
For ACL management, Sandbox is the only GUI available. Chmod is still the most powerful ACL
manager though, as it can place and remove ACL's on files as well as folders and can traverse
directory structures easily.

Kj

recommend reading:
http://manuals.info.apple.com/enUS/File_Services_Adminv10.5.pdf
http://manuals.info.apple.com/enUS/Command_Line_Adminv10.5.pdf
http://www.afp548.com/filemgmt/index.php?id=40
http://manuals.info.apple.com/enUS/File_Services_Adminv10.5.pdf
http://support.novell.com/techcenter/articles/anp20010601.html
recommended app:
http://www.apple.com/downloads/macosx/unixopensource/clix.html