You are hitting a bug introduced in 10.14.2. Basically, System Preferences is not setting the inheritance flag on the ACL entry when you choose Read/Write for a group. For example, if you have a shared folder and you use the permissions editor in System Preferences > Sharing to set a group to read write, this is what you get (this output produced by using ls -lae):
drwxr-xr-x+ 2 carbon wheel 64 Aug 7 16:47 BadShare
0: group:thegroup allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity
This does not provide inheritance. The ACL on the share should look like this:
drwxr-xr-x+ 2 carbon wheel 64 Aug 7 16:51 GoodShare
0: group:thegroup allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit
Note the file_inherit and directory_inherit attributes at the end.
To resolve your issues you need to perform two steps. First, you need to modify the ACL for the group or groups linked to the share. Then you need to propagate the permissions so the existing children and descendants receive the inheritance and can can pass it on to new files.
Step 1: Modify your ACL.
You will need Terminal for this. The command you want is the chmod command. I will using the BadShare example above in this example. Change the values to match your environment. I am executing relative to the shared folder.
chmod =a# 0 "thegroup allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit" BadShare
The syntax is the command (chmod), the direction for which ACE I am targeting (0) and the action (=), the name of the group (thegroup), the right (allow), what it will equal (list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit), and the path to the shared folder (BadShare). Obviously replace the group name, the ACE index value, and the path to the Share to match your setup.
Step 2: Propagate the new permissions
Return to System Preferences > Sharing. Right-click on the shared folder that you just edited permissions on above. In the list of options you will find "Apply Permissions to Enclosed Items." Choose that option. The permissions table to the right will turn gray as the permissions cascade through your data. When they turn black, the process is complete.
Unmount the share from all clients and establish fresh connections.
Now you have inheritance working. I was hoping for a fix in 10.14.6 but the reports remain open. So until Apple fixes System Preferences, you will need to use the command to initially set inheritance.
Reid Bundonis
Carbon Technologies
