Newsroom Update

Beginning in May, a special Today at Apple series titled “Made for Business” will offer small business owners and entrepreneurs free opportunities to learn how Apple products and services can support their growth and success. Learn more >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: sameng
sameng Author
User level: Level 1
0 points

File sharing permissions with windows?

I'm trying to set up a simple user and group permission based file sharing server using OS X Server on a Mac Mini.


I can successfully enable SMB and see shared files on the mac from all the windows 7 computers in the office, except the problem is I can see ALL the shared folders.


For example, I set up a "quickbooks" user so that our accountants who mount to the server with that login, should only be able to see our quickbooks folder and not the other shared folders. I have all the permissions set correctly, yet no matter what I do, if the folder is flagged as "Shared" in any way shape or form, Every single user can see the contents of that folder.



Am I doing something wrong? Or is there an easy way to fix this? Or are user and group permissions even possible when sharing to windows 7 machines?



Any help would be greatly appreciated, Thanks!

OS X Server-OTHER, Mac OS X (10.6.8)

Posted on Jul 19, 2011 4:02 PM

Reply
Question marked as Best reply
User profile for user: John Lockwood
John Lockwood
User level: Level 6
13,685 points

Posted on Jul 20, 2011 4:08 AM

You need to run Server Admin and click on the File Sharing icon at the top. Then click on Share Points, and Browse. You then browse to the folder you want to set the permissions on.


You will see in the bottom half of the window the current permissions. While in theory you can use just POSIX permissions, Snow Leopard prefers using ACL permissions. So as an example to set a folder to be only accessible by members of a specific group and to deny access to everyone else you would do the following.


  • Click on the + symbol at the bottom
  • A window will open listing all your users and groups, click on groups at the top
  • Find the special 'Everyone' group and drag it to the ACL section
  • Find the group you want to give access to and also drag that to the ACL section but make sure it is above the Everyone group as higher setting override lower settings
  • Set the Everyone group to Deny Read permission, this will prevent them being able to access this folder
  • Set the group you do want to have access to Allow Read or Allow Read/Write, the first would let them only be able to read, the second also allows them to create files or modify files.
  • Now click on the Save button in the bottom right.
  • You might also want to click on the gear wheel symbol and choose 'Propagate permissions' if you want to apply these permissions to all the files and folders within this folder.
View in context
2 replies
Question marked as Best reply
User profile for user: John Lockwood
John Lockwood
User level: Level 6
13,685 points

Jul 20, 2011 4:08 AM in response to sameng

You need to run Server Admin and click on the File Sharing icon at the top. Then click on Share Points, and Browse. You then browse to the folder you want to set the permissions on.


You will see in the bottom half of the window the current permissions. While in theory you can use just POSIX permissions, Snow Leopard prefers using ACL permissions. So as an example to set a folder to be only accessible by members of a specific group and to deny access to everyone else you would do the following.


  • Click on the + symbol at the bottom
  • A window will open listing all your users and groups, click on groups at the top
  • Find the special 'Everyone' group and drag it to the ACL section
  • Find the group you want to give access to and also drag that to the ACL section but make sure it is above the Everyone group as higher setting override lower settings
  • Set the Everyone group to Deny Read permission, this will prevent them being able to access this folder
  • Set the group you do want to have access to Allow Read or Allow Read/Write, the first would let them only be able to read, the second also allows them to create files or modify files.
  • Now click on the Save button in the bottom right.
  • You might also want to click on the gear wheel symbol and choose 'Propagate permissions' if you want to apply these permissions to all the files and folders within this folder.
Reply

File sharing permissions with windows?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up