Folder permissions problems

What if we don't have the server app? I'm sharing from OS X 10.7.3, not 10.7.3 Server.

Hi John,

There are a few options that you can try.

1) Use the built-in options Apple provides in the Sharing panel of System Preferences.

2) Use a free utility like BatChmod to help manage privs.

3) Learn a few Terminal commands and tinker around that way.

or

4) Open the purse strings and purchase Mountain Lion 10.8 upgrade for $19.99, plus the Server application for $19.99, as well.

Daryl,

Thanks for responding. I think I'm going to start a new thread instead of hijacking! 🙂

This issuse has been driving me bannanas but the reason I am working on it at 2:00 am is becasue I need my file server running correctly tomorrow.

Darryl C's solution didn't quite work for me, but the issue is I am running LDAP on 2 different servers than this particular file server. One LDAP server is 10.6.8 and the other 10.7.1

Inherited permissions were not working for network users and groups, but by serendipidy I created a local user and permissions were inherited correctly for local users and groups.

This fixed it for me:

I created a local group and set inherited ACL permissions for that group in the server pane. Add your network group to this and the permissions propogate.

Are any of you still having a problem with permissions in OS X Server - Lion or OS X Server - Mountain Lion?

I am an Apple Consultant and Trainer working with several school districts currently. If you have any problems, please feel free to message me.

I ended up giving up on it. I downloaded an app called SMBUp and haven't had any problems since. 🙂

So how do I fix this on 10.6.8.

It does not appear to have the Server app.

I am so tired of constantly having to "propogate permission" I am about to throw that uselsss MAC server out of the window and migrate the data onto a Microsoft Windows 2008 server and have the MAC users map to a windows machine, a solution that I am pretty sure will work way better than using a MAC server.

Sorry but that MAC server does not impress me one little bit!!!

Hello Everybody,

One of the companies that I support purchased a brand new top of the line MAC server and I was tasked with getting it set up on their mostly Windows domain.

This is EXACTLY the same issue that I ran into and I spent hours and hours setting and resetting all of the settings on the MAC server EXACTLY as recommended by APPLE....but nothing worked.

It appears that even Apple is not aware of this flaw.

Anyway...here is a link to a solution that worked PERFECTLY and has now been working for the whole domain for over a year:

https://discussions.apple.com/thread/3337273?answerId=16201567022#16201567022

To make a long story short....

You simply turn OFF Macintosh's "AFP (Apple File Protocol)" and use Microsoft's "SMB (a Microsoft sharing protocol going back over twenty years) which is a MUCH better protocol.

And I know all you DIE HARD Mac people out there are going to hate this solution but I guarantee you it works PERFECTLY.

It has nothing to do with hate, this just isn't a good solution for companies that run mostly Macs, as SMB performance is much weaker than AFP in a Mac environment.

In my case, I'm supporting a single Windows workstation, which I would eliminate if I could.

Unfortunately, that solution works fine for PCs, but it fails miserably on Macs. There are serious issues and ramifications by having Macs use the SMB protocol. I'll list a couple of problems that I personally ran into by doing this...

• Directory listings don't get pushed out properly and Mac clients are left with incomplete file listings. At times, folders would appear incomplete or empty, when in actuality they were loaded with files.

• Microsoft Office freaks out by using SMB. Word and Excel files continually open as "Read Only" and it becomes a nightmare to save files back to the server.

• Side bar links in the Finder just break. They'll work for a while, but if you restart or log out, they will generally stop working.

These are just a few of the problems I ran into, but it's enough to say, NEVER AGAIN.

BUT, the issues that I ran into with SMB was with 10.7.5 Server. I have not tried it in 10.8.2 Server. Hopefully Apple fixed all the SMB issues in 10.8. All I can say is, good luck!

Fair enough then....

Each domain configuration is unique....

I guess the bottom line then is for Macintosh to actually recognize that there is a flaw on at least 10.6 and fix it...... which they may have already done with 10.7 ???

DANG..... sounds like the issue STILL exists in 10.8

Why is Macintosh completely missing this flaw?

It's all over the web.

OS X 10.8.3 Server

Same symptons: Wrong inheritance … sometimes … somewhere …

I don't like the idea of disabling AFP. That's not a solution. (You could call it a temporary walkaraound.)

I like the solution of kalmicka: creating new folder and new shares of these folders without touching the initial rights. seems to solve thing, but …

new folders have these rights:

Finder info (10.8.3):

same folder in Server.app (2.2.1) / Storage

a freshly created share point under file sharing looks like this (system accounts viewable):

So – following the advise of kalmicka – "Staff" (which is the primary group) is the group to be untouched by you. (Only member of group "Staff" is "System Administrator" aka root.)

The problem with this solutions is, that as long there is "staff: read only" this volume/share point is viewable by any user on the network:

though this user has no rights, he can see everything on this volume/sharepoint.

What must be done to keep their eyes away from this sharepoint/volume – without changing the primary group "Staff" to "no access"?

Thanks in advance!

Tilo

Hi tilobauer,

In your screenshots, Everyone also has Read rights. Remove rights for Everyone and this user should not view the shared folders anymore.

What still isn't clear to me is HOW to make sure NEW folders created by end users will inherit from parent folder.