Hello,
I have a new MacPro 2019 with Catalina and server 5.9 installed.
With a Promise Pegasus3 r6 connected.
I have made sereval users with different permissions for the used folders.
The problem is that the new folders do not get the right permissions.
How can i solve this problem?
Mac Pro
This remains a bug in System Preferences where the file_inherit and directory_inherit attributes are not set on the ACL. The resolution is to use Terminal to set the proper ACE and then propagate permissions to apply to existing data. This is not too hard but there are a few little catches along the way. Let's set some conditions for the example.
Shared Folder Path: /Volumes/Data/Projects
Group with full access: Creative
I recommend following this process.
1: Add the Projects folder to the list of shared folders in System Preferences
2: In the list of users, press the + button and add the group Creative to the list. The list will now have 4 values, likely listed from top to bottom: Creative (ACE), Local Admin (POSIX owner), Staff (POSIX group), Everyone. (Local Admin will be the name of your local admin and Staff may be wheel depending on where and how you created your shared folder)
3: Set the Creative entry to Read & Write
4: Quit System Preferences
5: Open Terminal
6: Enter the following command to see the current ACE applied to the shared folder:
ls -l /Volumes/Data
You will note that the ACL will display as:
list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity
This is incorrect and in the cause of the failure to inherit.
7: To correct, first switch the shell from zsh to bash (zsh can not handle the = and # very well)
bash
8: Now enter the following command to set the proper ACE on the shared folder:
sudo chmod =a# 0 "creative allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit" /Volumes/Data/Projects
9: Confirm the addition by using:
ls -l /Volumes/Data
You should see the file_inherit and directory_inherit attributes listed now.
10: Open System Preferences
11: Right click on the shared folder in the Shared Folders column and select "Apply Permissions to Enclosed Items". The Permissions column will turn grey while the permissions are being applied and black when done. If you have a small data set, the process should be very quick.
12: You are done. Unmount the shares from any active system and then reconnect to the server. Members of the Creative group will have collaborative access to the shares and generally, the inheritance will take care of itself.
Hope this is helpful. Submit a Feedback if you have access and ask that System Preferences get fixed. This was introduced in 10.14.2 and remains through 10.15.2.
Reid Bundonis
Carbon Technologies
This remains a bug in System Preferences where the file_inherit and directory_inherit attributes are not set on the ACL. The resolution is to use Terminal to set the proper ACE and then propagate permissions to apply to existing data. This is not too hard but there are a few little catches along the way. Let's set some conditions for the example.
Shared Folder Path: /Volumes/Data/Projects
Group with full access: Creative
I recommend following this process.
1: Add the Projects folder to the list of shared folders in System Preferences
2: In the list of users, press the + button and add the group Creative to the list. The list will now have 4 values, likely listed from top to bottom: Creative (ACE), Local Admin (POSIX owner), Staff (POSIX group), Everyone. (Local Admin will be the name of your local admin and Staff may be wheel depending on where and how you created your shared folder)
3: Set the Creative entry to Read & Write
4: Quit System Preferences
5: Open Terminal
6: Enter the following command to see the current ACE applied to the shared folder:
ls -l /Volumes/Data
You will note that the ACL will display as:
list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity
This is incorrect and in the cause of the failure to inherit.
7: To correct, first switch the shell from zsh to bash (zsh can not handle the = and # very well)
bash
8: Now enter the following command to set the proper ACE on the shared folder:
sudo chmod =a# 0 "creative allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit" /Volumes/Data/Projects
9: Confirm the addition by using:
ls -l /Volumes/Data
You should see the file_inherit and directory_inherit attributes listed now.
10: Open System Preferences
11: Right click on the shared folder in the Shared Folders column and select "Apply Permissions to Enclosed Items". The Permissions column will turn grey while the permissions are being applied and black when done. If you have a small data set, the process should be very quick.
12: You are done. Unmount the shares from any active system and then reconnect to the server. Members of the Creative group will have collaborative access to the shares and generally, the inheritance will take care of itself.
Hope this is helpful. Submit a Feedback if you have access and ask that System Preferences get fixed. This was introduced in 10.14.2 and remains through 10.15.2.
Reid Bundonis
Carbon Technologies
Any thoughts on how to get more folks to jump on this bandwagon to get it fixed other than just submitting feedback? Seems like we need some more pressure on Apple than the zero feedback feedback option.
I've been fighting this issue for a couple of years now with Apple tech support cases with no forward movement at all. Seems like this was happening in 10.13 as well. We had a bunch of ACL/Perm issues with file sharing tests that made us stick with 10.12.6.
Thanks for putting so much time into coming up with a kludge for this. Looking forward to testing it out. Keep up the great work!
Hi Reid,
Thank you for this guide.
This solved the problem.
Thank you.
Gr Hugo
Inheritance new folders and files catalina, server 5.9
