Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Folder permissions problems

I'm managing a Lion server, and have a drive set up for file sharing.


I have a group for all users, which I have given read & write access to the whole shared drive.


The problem arises when someone other than me makes a folder in this shared directory. No one but the person who made that folder can write into it, not even me as a server admin. Only when I log directly into the server through screen sharing, and edit the ACL for the group through terminal is access restored to all folders.


So what can I do to fix this? Is there a way to ensure the whole group is given full access by default to new folders and files?

Because I really don't wanna fix the ACL constantly to make the file server work properly.

Mac Pro, Mac OS X (10.7.1)

Posted on Aug 26, 2011 1:32 AM

Reply
37 replies

Aug 29, 2011 1:24 PM in response to onetown

Same problem here, but here are some more details from my experience.


1. The Server is 10.7.1.

2. All the clients are Microsoft Windows (2x Windows 7, and one Windows XP)

3. The Group (OfficeGroup) contains all of the needed users.

4. Each user can create a folder, or upload folders, and/or documents. However, depite having the ACL set (via server gui) to inherited permissions, each user "cannot" access each others files that have been saved/uploaded.

Aug 30, 2011 4:02 AM in response to Cybrwolf

I am experiencing the same issue.


As stated by this Document however http://docs.info.apple.com/article.html?path=Server/10.7/en/t_SetPermissions.htm l saying "By default, each new entry has full read and inheritance permissions." this shouldn't be a problem.


I keep getting this error even though I performed the propagate permissions command using server.app several times now. Does anyone know how to set the default permission of newly created/uploaded files to the ACL of the parent?


Thanks

Sep 12, 2011 2:30 AM in response to Stephen Holmes2

Hey Guys,


I don't know if this will work for you but it did work for me. When you create a new Folder and set it as a new share in Server.app then you have to set the permissions. What I always did was to reset the name for the primary group which was staff for me. This was apparently wrong. You have to add (plus sign on the bottom) a new group or user and leave the rest like it is. Only then the propagated permission will have the expected effect. Apparently reassigning the primary group will not work.


Let me know if this solved your problem. Hope it did 🙂

Sep 20, 2011 1:00 PM in response to onetown

Hi Everybody, My names Doctor Nic (LOL)


I too am experiencing the very same issue with a brand new Mac Pro running 10.7.1.


No matter what I do the permissions wont propagate down to the end users accounts.


This is very easy and straight forward on Windows systems but I do not have enough experience with Macs to know whether this is a flaw in 10.7.1 or if it is something that I missed.


Here is a link to a new discussion that I started just a couple of hours ago which gives more detatils:

https://discussions.apple.com/thread/3337273


I would very much appreciate comments (or even better yet a solution) to this issue <smile>

Thanks in advance.

Sep 21, 2011 9:20 AM in response to onetown

Hi Everybody,


I just wanted to share a complete and very simple solution to this issue on 10.7.1 (Lion) I cannot take credit for discovering it………. but I found it at:


“Joey Gibson’s Blog”


http://joeygibson.com/2011/07/22/osx-lion-to-lion-file-sharing-not-working-how-t o-fix-it/


And he found it at another web site that he does not mention.


Anyway,


All you have to do is turn off AFP and use SMB instead.


(NOTE: I am working with 10.7.1 (Lion) this may not be an option on previous versions of OSX, I do not know for sure.)


Here is how I ran into this problem:


One of the companies that I support bought eight brand new IMac work stations and a brand new almost $6,000 Mac Pro server.


I copied all the existing data over from the seven year old Mac Server to the new server and setup the workstations. At first everything seemed fine. The end users were able to continue work just fine using all of their original data files.


But a problem soon surfaced:


Any and all NEW folders and files that were created going forward gave ONLY the creator (owner) full rights. Everyone else on the network had ONLY READ rights.


I double checked my configuration on the new server. Everyone was in a FULL ACCESS group, ACL’s configured properly and propagated rights down over and over.


But no matter how many fixes and modifications I made the RIGHTS on the server would NOT propagate down to the end users.


This is a serious flaw in AFP (Apple Filing Protocol)


To correct this issue all I had to do was turn off AFP and use SMB (Server Message Block) protocol by itself………. A MICROSOFT standard for many years.


After completely turning OFF AFP and restarting the server and workstations all of the end users now have full access as they should have had using AFP.

Nov 9, 2011 11:41 AM in response to onetown

The solution is simple...


• Open the Server App.

• In the side bar on the left, click on the server under HARDWARE.

• Click on the "Storage" Tab.

• In the list of disks, click the triangle next to the disk you want to modify and navigate to the location where you want the shared folder to be... in my case, I want to create a shared folder inside the "Shared Items" folder.

• Click on the cog/down arrow and select "New Folder...".

• Give the new folder a name and click "Create".

• Select the newly added folder, click the cog below and edit the permissions.

• At that point, you can add the group you want to give access to (as an ACL) and you will notice that you now have the ability to control the Inheritance properties of the folder.

• Once done editing the permissions, share the folder as you normally would.


Hope this helps.


Darryl

Nov 16, 2011 2:08 AM in response to Darryl C.

So here is what I did wrong. I changed the default group that was already set for the share point. It is however IMPORTANT to ADD a new group or user if you want to keep the inheritance. As far as I know the default permissions are only responsible for posix and not for ACL. Be sure to add this new group on top of the others and then propagate the permissions.


Hope this helped somebody

Dec 9, 2011 12:18 PM in response to onetown

Hi Onetown,


Sounds like something else may be going on with your server? <smile>


What I CAN tell you is that it worked flawlessly on this Mac Pro Server running OSX Lion 10.7.1.


When I first set up this Mac server, entering all of the end user accounts manually (NOTHING ported over from the old server) and created a FULL access (to the data drives) workgroup…….. ONLY the creator of NEW folders and files would have read/write privileges EVERYONE else had READ ONLY.


I checked and checked and rechecked all of the settings and spent hours researching the issue. And from the HUNDREDS of posts across the web it is obvious that this is a flaw in OSX Lion 10.7.1. (Note: this may have been corrected with the 10.7.2 patch???)


The minute I turned AFP (Apple File Protocol) OFF so that everyone was using the SMB protocol only……. it has now worked perfectly for the last four months. No matter who creates a new folder or file everyone has full read/write access. Just the way I configured it to be originally. This was the ONLY change that was made and the results were instant; right after the server and all ten Mac workstations were restarted.


I know how important AFP is to Mac’s so I was VERY skeptical of this solution. But from the overwhelming (approximately ninety percent) positive replies (as you will see by following the link below) to this simple solution I gave it a try and “ba-da-bing-ba-da-boom” it was like flipping a light switch it worked so well.


At first I was amazed that SMB (a Microsoft sharing protocol going back over twenty years) would work so much better than AFP. But in retrospect I should not have been surprised seeing how much else needs improving with Macintosh. (gees… so many GUI’s that have been standard in Windows for years STILL have not been written for Mac. Who uses command line interface any more….come on!)


Anyway for more information please see:


http://joeygibson.com/2011/07/22/osx-lion-to-lion-file-sharing-not-working-how-t o-fix-it/

Dec 9, 2011 2:58 PM in response to tekman101101

Darryl C is doing it the right way which will give you correct ACL permissions for both Windows and Mac users. We have had it working correctly under 10.7, 10.71, and 10.7.2 as well as Windows 7 64-bit.


AFP is faster than SMB on Macs so we use AFP for our Mac to Mac sharing and SMB for Mac to Windows sharing. It was pretty much the same in 10.6 but just had a different GUI.


As far as the command line goes, any admin worth his salt.

Feb 12, 2012 6:52 AM in response to jjasper

Yes Jjasper the way Darryl C. pointed out is the way it is SUPPOSED to work and I did that several times. But as you will notice from the hundreds of other people with this SAME EXACT ISSUE there is a flaw with 10.7.1.


This may have been corrected by now with updates from Apple???


And as far as your comment about command line interface….. I was using command line syntax years before GUI’s even existed!


The point was………. why would people bother writing GUI’s for the Mac OS when it is such a hassle to get anything approved to run on the Mac OS especially when all the money is on the Microsoft side with eight or nine Windows systems being purchased for every one Mac.


And all you Macintosh worshipers need to realize the ONLY reason Macintosh is still around is because of the millions of dollars that Bill Gates gave to Steve Jobs to keep Macintosh alive so Bill Gates could say that Microsoft was not really a monopoly. Steve Jobs to his credit did not put most of that into his computer division but instead came out with the IPod which all the music loving kids bought. So now Macintosh is going back up again.


If the proprietary hardware and software those Macintosh computers used was so great why are Macs now using Intel based hardware and running Windows apps like Office?

Apr 9, 2012 5:18 PM in response to kalmicka

kalmicka,


You're a genius. That's the answer. The "primary group" must remain as "Administrators" with "Read Only" access.


At first, I couldn't figure out how to set it back correctly so I unshared a folder, renamed it, created a new one with old name, moved the files, and shared the new folder. The primary group comes up as "Administrators" with "Read Only.


But instead of doing this with about 10 shares, I figured it out. Under "View" in the Server app, select "Show System Accounts". Now you can restore the primary group to "Administrators" and set "Read Only". Make sure to add in the group you had as primary.


Inheritance problems are over for me. Thanks so much.


John Eidsvoog

Folder permissions problems

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.