Hello, and thanks for taking a look at this.
We have a small number of Macs (Snow Leopard) on a local network connected to a single server (Snow Leopard Server). When the clients were initially setup we didn't realise that some of the local User IDs were set to 501. We have found a problem in the following scenario which we understand, but don't know how to prevent it:
- Client A (UID 501) opens a text file which resides on the server, edits it and saves. At this point the application (Word or TextEdit for instance) looks for a folder within the root of the shared directory named /.TemporaryItems/folders. (local UID) /TemporaryItems. If it can't find it it creates it. The application then temporarily saves the file in here before performing its actual save. This temporary file is then automatically deleted by the application.
- Next Client B (also UID 501) opens a text file, any text file, which resides in the same share on the server, makes an edit and saves. The same process as above is carried out with no problem.
- The problem arises now if Client B Logs Out (without first disconnecting from the shared directory). It appears that when logging out the folder named TemporaryItems, which is within folder "folders.501", is deleted.
- The result of this is that when Client A next tries to save - they can't! An error appears "There has been a network or file permission error. The network connection may be lost." It seems that on saving the application looked for the TemporaryItems folder, can't find it and threw an error rather than simply recreating it.
After a lot of research it seems that a simple fix is to set the permissions of the parent folder (.TemporaryItems - note the preceding ".") to be sticky. See the following: https://discussions.apple.com/message/7320652?messageID=7320652.
Now this used to work for me but I have since re-built our server and when I try it nothing seems to prevent the items within the sticky folder from being deleted.
We created a fresh directory with the Owner as "root" and the Group set to a new Group with no members, set the folder to be sticky (sudo chmod 1770 folder_name) and still we can delete any content as any User. Scary!
Could this be related to the ACL settings on the share overriding the sticky bit on the folder allowing all Users permission to delete the content?
I would be very grateful if anyone could assist me getting to the bottom of this.