1 Reply Latest reply: Dec 3, 2012 6:22 AM by infinite vortex
DSHJ Level 1 Level 1 (45 points)

I've run into a problem with a Lion Server (10.7.5) where the ACL's of the file shares aren't working properly on client machines that log into the server. Client machines see the files in the share, but it's as if the ACL's aren't available or visible.

 

Users are logging in via OD authentication, and a group "Access" is applied to their user account.

The File Share in question has the "Access" group with full read/write permissions.

Permissions have been propagated to all files and folders within the share.

Inherited Entries were made explicit.

 

When logging in as a client machine on the network, using proper OD authentication credentials with the "Access" group applied to the user, I have access to the file, but if I try to save the file, I get an error that I don't have permission to save the file. If you look at the permissions on the file/folder from the client machine, it's as if the ACL's from the server don't exist.

 

When SMB users (Windows) try to save a file to the share, they're not accessible by the AFP users. Again, all files and folders in this share should have full read/write access for all "Access" users, which includes both AFP and SMB users.

 

I've tried:

Propagating permissions again

A new share (same problem, but on new share)

Accessing via other machines and user accounts

Turning off SMB

Rebooting all machines

Wiping off all ACL's and adding new ACL's

Calling Apple (they're also stumped)

 

 

Thoughts?

 

Other notes:

The share is on a Pegasus R4 connected via Thunderbolt.

Haven't had this issue before, and it seems recent after update beyond 10.7.2.

Had to rebuild OD from scratch after upgrade to 10.7.4 due to Kerberos problems. 


Mac mini, OS X Server, OS X Server 10.7.5
  • 1. Re: ACL Permissions on Lion Server File Share
    infinite vortex Level 7 Level 7 (21,400 points)

    I had a problem with ACLs not being honoured if if the File Share was a volume rather than being a folder within a volume. However, this for me was fixed on 10.7.4. By the way, how are you "Wiping off all ACL's and adding new ACL's"? To clear out all sign of any ACLs from your file share directory I would use…

     

    sudo chmod -R -N [directory]