5 Replies Latest reply: Oct 22, 2012 7:29 PM by jdblaich
jdejesus429 Level 1 Level 1

Hi All,


i have searched vigorously for an answer on the forums. Here is the issue:


We have an OS X 10.6.8 Server hosting AFP / SMB shares.

We have a folder called "companydata" with 6 sub folders. I have given the ACL permissions ("companystaff" has read/write) to the root companydata folder and made sure the permissions propagated correctly. Both Windows and OS X computers function correctly. The issue seems to occur when a file is created from an OS X computer on any of the directories inside that shared folder.


When an OS X computer creates a new file, it is READ-ONLY for any user except the one who created the file (the owner). When i check the file info on OS X server, it does not seem to be inheriting permissions from the parent folder/root. It only seems to give permission to the owner of that file (read/write), staff (read-only) and everyone (read-only). Noticeably, i do not see the "companystaff" group that is added to the ACL of the root folder and propagated. Its very random.


Following some of the other discussion articles, i have tried creating a new folder, applying permissions, sharing it via SERVER ADMIN, and moving files into the folder. This does not seem to work. If i go into SERVER ADMIN and propagate the permissions, they get applied, but the problem is, everytime a new file is added i am back to square one.


Does anyone have any insight or direction to look into? Any suggestion would be appreciated.




This Server was on different hardware, everything was working fine. Upon moving the server to different hardware (no changes other than hardware - IMAC to Mac Mini) the issue began occuring. I ran a permission repair after moving it just in case that may prevent issues but other than that, not sure what could have caused this.

Mac mini, OS X Server, OS X Server 10.6.8
  • dtodd-hta Level 1 Level 1



    Did you ever get a solution to this issue? I'm having the same problem with a couple of Mac users creating files where the inherit permissions are being ignored.



  • jdejesus429 Level 1 Level 1

    Unfortunately we have not found a solution for the problem. It seems to only be affecting users in Windows, luckily the two users have both Windows and Mac computers so they have ceased using windows for now to edit the files which is a headache.


    I have tried redoing out ACL permissions, stop sharing and re-enabling and a few other things. NOTHING seems to help. Again, only affecting users on Windows, if the same user tried editing from a Mac it works. So i can confirm its not a user specific issue but just something to do with smb most likely

  • jdblaich Level 1 Level 1

    I'll try to help you some.  Most of this is from my experience with LINUX.  Since the core OS and some of the technologies in OSX are taken from Open Source it should apply to you here on the Mac OS.


    I do not know why this hasn't (or whether it has) been implemented in the GUI of the Mac OS.


    I will try to answer some of your questions as they pertain to the Windows shares/samba.  OSX does use samba.


    In Linux, say Ubuntu, the configuration file for samba is in your "/etc/samba" folder and it is called "smb.conf", but under OSX the configuration file (smb.conf) is located directly in your "/etc" folder, at least it is under OSX 10.6.


    You can open your terminal app and type "cd /etc"


    Then you can do an "ls -al"


    That'll list out the files in that folder.  In that folder is the smb.conf file and if you use "more" ("more smb.conf") to view it you will see the settings (basic only -- actually quite primitive).  In that configuration file it points to a "/var/db/samba/smb.shares" include file.


    In that include file is where your shares are referenced.  When samba loads it reads the original smb.conf file and reads the smb.shares also.


    If you look at that file you'll see it has a section header and then the common entries related to each share's configuration.


    There are at least two entries that relate to creating files.  Those are:


    create mask =




    directory mask =


    and there is the


    read only =




    Ensure that the read only flag is set to "no".


    The create mask has to do with creating files.  The directory mask is related to creating folders.


    A create mask of 740 (create mask = 740) is only an example Create mask of 777 is an example that gives all permissions to everyone.


    These numbers serve the same function in all of the file related mask and mode parameters. The numbers are "bit masks" for the file or directory access privileges.


    - The first digit (7) indicates the file's owner's options.

    - The second digit (4) indicates the file's group member's options.

    - The third digit (0) indicates the file's options for everyone else.


    A create mask of 644 would give:


    read/write to the owner

    read only to the group

    read only to everyone else



    A create mask of 777 would give


    read/write to the owner

    read/write to the group

    read/write to everyone else


    Remember these are only for when you create a file or folder.


    When you set the permissions in "get info" and you click the padlock icon to unlock you can tell the system to copy your permissions to all sub folders and the files in them.  That only applies to the existing folders and files. What I explained above applies to the files and folders someone creates after you set that all up.


    So you can edit your /var/db/samba/smb.shares to modify the create and directory mask to make all new files added with certain permissions.  In order to edit this file I'm sure you'll need to use "sudo" to make it work and I believe "nano" is available as a text based text editor.  Ctrl+x exits nano.


    Yeah, I just verified you can use nano to edit it and you proceed with sudo.


    sudo nano /var/db/samba/smb.shares


    In the *nix universe services were meant to be started and stopped on the fly.  The samba service is known as the smbd daemon.  While at the terminal command line you can type "sudo smbd restart".  That should shut down the service and restart it.  It should happen quickly and anyone connected should reestablish immediately.


    In the event that doesn't work you may need to restart the server.  I'm not sure how reliable Apple is when it comes to complying with those sorts of things.


    This is by no means an indepth description.  You'll have to read some more and experiment to get what you want, preferrably after everyone has gone home for the night and you have a chance to make some changes and test till you get what you want.

  • jdblaich Level 1 Level 1

    I just tested this and it didn't give me the results I was looking for. OSX may ignore these file and folder masks.  I certainly hope not.

  • jdblaich Level 1 Level 1

    I did a bit of further testing and found that if I turned off AFP things worked better.  Maybe AFP is overriding the samba permissions settings.  I also noted that the newly created files prompted me for a password in order to change them.  Apple is certainly doing something non-standard here.