2 Replies Latest reply: Dec 13, 2013 12:55 AM by bjay999
kristin. Level 2 (235 points)

Hello.

 

My Xserve is running OS X 10.6.8 Server.

 

I have a Share Point with the following permissions set:

 

ACL

Archiving - Large Projects = Allow = Read Only = This folder, Child folders, Child files, Add descendants

 

POSIX

admin = Allow = Read & Write = This folder

staff = Allow = Read Only = This folder

Others = Allow = Read Only = This folder

 

There is a single folder on the Share Point called Transfers. For this folder, I'd like to ALLOW users the ability to Read & Write to the folder, but NOT let them Delete the folder or it's contents.

 

For the Transfers folders, I have the following permissions set:

 

ACL

Archiving - Large Projects = Allow = Custom (Read is checked, Write partially checked with Delete & Delete Subfolders and Files unchecked) = This folder, Child folders, Child files, Add descendants

 

POSIX

admin = Allow = Read & Write = This folder

staff = Allow = Read Only = This folder

Others = Allow = Read Only = This folder

 

When a user in the Archiving - Large Projects group connects to the Share Point, they can't write to the folder. Why is this? According to the ACL, they have Write permission (Write Attributes, Write Extended Attributes, Create Files [Write Data] and Create Folder [Append Data] all checked), so why are they unable to the folder? The only things NOT checked are Delete & Delete Subfolders and Files. So, should they not be able to WRITE to the folder and just not DELETE the files they write? Basically, a standard Drop Box, but they can see the contents of what they've copied into the folder?

 

I've attached a screenshots of the following:

 

- The Archiving - Large Projects group's permissions

- The Effective Permissions of a member of the Archiving - Large Projects group (with the Transfers folder selecvted)

 

If anyone has any ideas on why users can't write to this folder, it'd be much appreciated!

 

Thanks,

Kristin.

 

Group_Permissions.jpg Effective_Permissions.jpg

  • kristin. Level 2 (235 points)

    OK, something I've just noticed—it seems like it's the POSIX staff permissions that's causing this. Right now, staff is set to Read Only and the users can't write to the folder. But, if I change the staff permissions to Read & Write, the users can now write to the folder. BUT, they can also DELETE from the folder, so it's like the extended ACL permissions are of no use? The ACL says they should have ready, write but not delete, yet they can delete (if staff can Read & Write).

     

    Could someone explain what's going on here?

     

    Thanks,

    Kristin.

  • bjay999 Level 1 (0 points)

    Hi Kristin,

     

    maybe it's just a little bit late, but this week i had the same problem with one of our customers.

     

    Here's the support doc from Apple which explains, why you have to set DELETE permissions in Server-App:

     

    http://support.apple.com/kb/TS3752?viewlocale=en_US

     

    Regards

     

    BJay