User profile for user: michaelatblitz
michaelatblitz Author
User level: Level 1
0 points

File Permissions on NTFS

Hi,

So I noticed that after installing Snow Leopard, when a user writes a file to a shared folder on a NTFS permission structure, no other user on my network can access that file.

When I was on Leopard a user could copy over a file and the file would respect my parent permissions on the NTFS share so other users could access.

What happened w/ Snow Leopard? This is causing a major problem at work. Has anyone else experienced this?

Michael

Mac OS X (10.6)

Posted on Sep 22, 2009 5:01 PM

Reply
11 replies
User profile for user: michaelatblitz
michaelatblitz Author
User level: Level 1
0 points

Sep 22, 2009 5:26 PM in response to nobody loopback

I have a DAS connected to a Win2k3 box. I'm sharing a folder called "projects" on that DAS through Win2k3.

Here are the NTFS perms on the projects folder:
Domain Users - Modify
Domain Admins - Full Access

Now, on Snow Leopard when I copy a file into the projects folder the NTFS permissions now look like:
Michael - Full Access
Domain Admins - Full Access

It drops my Domain Users so no one can access it.

When copying from Leopard, the projects folder looks like:
Domain Users - Modify
Michael - Full Access
Domain Admins - Full Access

Why when I copy over from Snow Leopard do I lose Domain Users? The projects folder is grabbing its permissions from the parent folder which has:
Domain Users - Modify
Domain Admins - Full Access

Does that make better sense?

Message was edited by: michaelatblitz
Reply
User profile for user: nobody loopback
nobody loopback
User level: Level 4
2,570 points

Sep 22, 2009 5:35 PM in response to michaelatblitz

Is your Account "michael" a member of the Domain admins group ?
if yes, remove it from this group (it is not good to do normal work as a domain admin)

If this is not the case,
in the windows Servers properties of the folder:
try, under "security",
remove "full control" from the "CREATOR OWNER" user, or, remove the "CREATOR OWNER" security permissions from this folder.
so that:
system administrators have: full control
domain users: read, write, modify
system: full control

does that fix it ?
Reply
User profile for user: nobody loopback
nobody loopback
User level: Level 4
2,570 points

Sep 22, 2009 5:51 PM in response to michaelatblitz

Apple has obviously changed some defaults of the smb client in 10.6 without putting a warning label on the DVD box.
Another example:
http://discussions.apple.com/message.jspa?messageID=10191802#10191802

The OS defaults when you create a file on your disk, to:
owner: read/write
group: (only the user is member of this group): read
anyone else: no permissions

Now, if you create a file on a network share, these permissions will also be in effect ( this will happen on windows systems too).
Therefore you have to remove Full Control from the CREATOR OWNER.
Reply
User profile for user: nobody loopback
nobody loopback
User level: Level 4
2,570 points

Sep 22, 2009 6:28 PM in response to michaelatblitz

I have not tried this.

If the user is member of the domain users group, he is not able to create a file. therefore, he cannot set permissions to a file.

you can allow the domain user to "Create files/Write data", "Create Folders/Append data", "delete"
Then, he can create a file. Other users will be able to read - but not delete.

do you need some structure like for a roaming user profile ?
http://technet.microsoft.com/en-us/library/cc757013(WS.10).aspx
Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

File Permissions on NTFS

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up