G.Willi

Q: Lion Server 10.7.3 file sharing permissions

I'm having really strange issues with Lion Server. Since upgrading to 10.7.3 I no longer have permissions to modify files on Share Points that I was once able to in 10.7.2. When I go to modify certain files or folders I get "The operation can’t be completed because you don’t have permission to modify some items."

Mac mini, Mac OS X (10.7.3)

Posted on Feb 9, 2012 2:48 AM

Close

Q: Lion Server 10.7.3 file sharing permissions

  • All replies
  • Helpful answers

Previous Page 2
  • by Caribou38,

    Caribou38 Caribou38 May 18, 2012 5:30 PM in response to Sam Venning
    Level 1 (0 points)
    May 18, 2012 5:30 PM in response to Sam Venning

    Thanks everyone for your troubleshooting. We are going to upgrade our client systems to Lion.

     

    The Mac Mini server now runs Lion 10.7.4 Server and users reported issues with File shares permissions.

    The shares are also stored on a Promise Raid connected with thunderbolt.

     

    Would the thunderbolt connection have any influence on that issue ? I know it doesn't seem to be a hardware issue at all, but I just noticed we were having this issue on Promise Raid systems conencted with Thunderbolt.

  • by jochen80,

    jochen80 jochen80 May 30, 2012 6:15 AM in response to jochen80
    Level 1 (0 points)
    May 30, 2012 6:15 AM in response to jochen80

    hello together.

    i just worked with the workaround of brian for the last weeks. until today everything worked fine with the local groups. but now the server ignores the first local group. and the happends while the server is running. suddenly the group-members can not access the folder who worked 1 minute ago. i just duplicate the group and set the acl to the new group and it works again!

    i think i will downgrade vom 10.7.4 to 10.6.8 now.

    greets jochen

  • by thesubmitter,

    thesubmitter thesubmitter May 30, 2012 7:22 AM in response to Sam Venning
    Level 1 (0 points)
    May 30, 2012 7:22 AM in response to Sam Venning

    I am having a related strange problem

     

    I am using a Pegasus R6 but my files are not in the Root (or the root is not being shared, I am a few folders deep in)

     

    It seems permissions are not having the expected affect. ACE involving groups don't seem to take effect and I have to add the users individually. It happens intermittently for some folders.

     

    The server is file server connected to an OpenDirectory LDAP Server providing the users/groups

     

    when i do  "id ..." the user info appears correct

  • by Sam Venning,

    Sam Venning Sam Venning May 30, 2012 7:17 PM in response to G.Willi
    Level 1 (5 points)
    May 30, 2012 7:17 PM in response to G.Willi

    Like the two previous posts, I'm still getting folders not honouring the ACL defined in Server.app. They appear okay in Server.app but in the Finder Get Info window I see "Fetching..." in place of one ACL (the other ACL is working fine). This is extremely frustrating. Lion Server doesn't seem to be ready for business applications – sppppppth to business users.

     

    Mac mini Server (2GHz, Intel Core i7, 8GB RAM), Mac OS 10.7.4 Server, Promise Pegasus R6 Thunderbolt RAID.

  • by thesubmitter,

    thesubmitter thesubmitter May 31, 2012 7:44 AM in response to Sam Venning
    Level 1 (0 points)
    May 31, 2012 7:44 AM in response to Sam Venning

    I wonder if the R6 is involved in all this as I have the same model...

  • by Frando,

    Frando Frando Jul 3, 2012 5:14 AM in response to G.Willi
    Level 2 (153 points)
    Mac OS X
    Jul 3, 2012 5:14 AM in response to G.Willi

    I have had the same issues but on 10.7.4 server and clients.  I don't have a Pegasus but I do have a Drobo Pro attached by iSCSI.  However the share I am having a problem with are the "Groups" ones.  They are at root on the ServerHD.

     

    I have restarted the server a number of times and they are now working.  The only thing that I have changed recently is to stop a user account from llogging in automatically on the actual server.  I recently setup a basic local user to run a couple of apps 24/7.  I had thought it was the apps causing the problem but having stopped runing them a few days ago, and then today stopped the user account loging on, I wonder if, for me at least, it is the user account being logged in.

  • by bendadog,

    bendadog bendadog Jul 6, 2012 12:26 AM in response to G.Willi
    Level 1 (0 points)
    Jul 6, 2012 12:26 AM in response to G.Willi

    Hi,

     

    I've come across the same problem.

     

    I posted a question on serverfault.com about it but didn't get any reply (yet).

     

    Anyway, as you might be able to see from the question, I've noticed that for me it doesn't work if I use OD Groups but it works totally fine if I add OD users directly to the ACL.

     

    Does anyone get that too?

     

    Ben

  • by sa_admin,

    sa_admin sa_admin Jul 6, 2012 6:41 PM in response to Sam Venning
    Level 1 (0 points)
    Jul 6, 2012 6:41 PM in response to Sam Venning

    Hi, Just tried the folders-nested-3-deep method on an external firewire drive, and all permissions are still ignored... even a user with "No Access" can browse, modify and delete any content in the Sharepoint.

  • by bendadog,

    bendadog bendadog Jul 8, 2012 4:25 PM in response to bendadog
    Level 1 (0 points)
    Jul 8, 2012 4:25 PM in response to bendadog

    As an addition to my last posting, I should point out that using OD Users permissions does not require a subfolder, it works fine sharing an entire volume.

  • by timcu,

    timcu timcu Jul 10, 2012 4:28 AM in response to bendadog
    Level 1 (25 points)
    Jul 10, 2012 4:28 AM in response to bendadog

    I am getting the same problem with 10.7.4 file sharing. It is ignoring some ACL's for OD groups but honouring others. Ones that were working are now no longer working. I solved the problem be resorting to POSIX permissions which seem very reliable. I sorted out the umask problem by creating a file /etc/launchd-user.conf on every client which contained the line

     

    umask 002

     

    Now every file created by users is group writeable which is what I was trying to achieve with ACL's.

     

    See http://support.apple.com/kb/HT2202

  • by iGary,

    iGary iGary Aug 8, 2012 9:45 PM in response to gmbinom
    Level 4 (1,577 points)
    Servers Enterprise
    Aug 8, 2012 9:45 PM in response to gmbinom

    This worked for me as well.

     

    Good find!

  • by MattMacPro,

    MattMacPro MattMacPro Aug 22, 2012 5:34 PM in response to G.Willi
    Level 1 (0 points)
    Aug 22, 2012 5:34 PM in response to G.Willi

    Hi

     

    I too had ACL file permission issues on a Mac OS 10.7.4 Server. Had been working fine for server months and then I couldn't add a user as an ACL. Restared the machine and non of the ACL's applied to any of the sharepoints worked at all. POSIX permissions were working OK - but with the umask issue from the client it meant that file would slowly be locked to the user who created or edited it. So just using POSIX permission was not an option for me.

     

    The solution that worked for me was to create nested groups. I had to create a new group called 'All Staff 2' and then add the original group 'All Staff' to the new group. It creates a group within a group or nested group. I had to do this for all the groups on the server. I then had to re-apply the permissions again to all the share points on the server - so the permissions would be correct. Once I have nested groups the ACL worked as they should. The new groups I created all were groups within the OD.

     

    Hope this might help someone .....

Previous Page 2