Folder permissions problems

Hi Nonylus,

well … obvisious, but weren't we told earlier to NOT touch this … Voodoo …

I tried lots of stuff in the last week and it seems to work now … in any case i did two things:

1. in Terminal

sudo defaults write /Library/Preferences/SystemConfiguration/com.apple.smb.server AclsEnabled -bool YES

(not sure if this enables something in afp, but it should not hurt)

2. in Server.app (Version 2.2.1, OS X 10.8.3)

>under "Storage" select the folder you share under "File Sharing"

>click action wheel and "Edit permisions…"

Here you have some more options (Administration and Inheritance) than in the other panels (Finder Info, Server.App>File Sharing, System Preferences>Sharing>File Sharing [a 4th option I forgot earlier])

Hope this helps!

I'm on Mountain Lion Server, same issue.

My problem is that the Staff group is not showing up in the Edit Permissions window, and that's the only group that will let you edit the inheritance (on another, working Mountain Lion Server that I administer). Is there any way to get it back in the Group list?

Hi,

I was working on this issue sometimes desparately, in the last two months. Not daily of course, but I really got very frustrated. I couldn't believe that Apple messed-up with SMB as various reports and posts over the internet state. To my understanding Apple did not mess up the SMB! I will present briefly our configuration and then I will try to list the points that make fool the admin, that SMB is faulty:

• Server: Lion 10.7.5
• Windows Server 2008 R2, on Lion, embedded through Parallels
• Parellels-specific Shared Drives available to Windows Users
• VPN-only access to Mac SMB shares from other Windows machines

As mentioned above by tilobauer, you need to activate ACL for SMB (http://support.apple.com/kb/TS4149) and

create a User Group and assign the relevant users. Once the group is available you then adjust the ACLs through the Server App.

The following hints actions, helped me figure-out how it works:

• If you restart the Lion Server, you need to recycle the SMB service as well. Sometimes the SMB service is not correctly started and SMB shares do not work at-all. This makes you think that all permissions are messed-up and you think you have to do everything again. In the Settings-Sharing-Options, you uncheck the SMB, wait at least 2 mins and then again re-check the SMB box.
• In the rare event that you run and embedded Windows server within the Lion through Parallels, make sure to restart the Windows Server. Parallels is a black-box and apparently the Parallels Shared disks seem to read the ACLs on start-up. So changing the ACLs won't affect the Shared-through-Parallels directories unless Windows are restarted.
• The Finder (Get-Info), Sharing permissions in Settings and the ACL permissions in the Server App are not getting updated in Real-Time. Although this might be understandable from a technical point of view, the admin needs to be very careful with what he sees. Only one application should be used at the time. To be sure that the permissions shown are the valid ones, the applications (including the Server App) should be restarted.

Please note that I'm not an expert Server Lion Admin, but I hope the above might be helpful.

Nope, this problem happens over SMB as well.

This actually fixed the problem for me on 10.9 Server. Leave the primary group as Workgroup (with whatever permissions you want to give it), and then add your main user group after that. Looks like the permissions finally propagate automatically, after about 10-15 seconds or so.

Thank you tilobauer! This did it for me. Really don't see why this isn't a given.

Hi,

Are you still on Lion server? We upgraded to Yosemite, but I 'd recommend a clean install. In terms of Open Directory Yosemite is not backwards compatible with Lion clients though. Beware!

From our point of view it is better to keep the server and clients in the same OSX release.

Best regards

D.