Apple Event: May 7th at 7 am PT

Learn more

Add to your calendar 

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: ctzsnooze
ctzsnooze Author
User level: Level 1
47 points

Nested share points visible at login that should be invisible - bug in afp?

I have Mountain Lion Server with a number of share points, users and groups. All my shared files are in a folder 'Shared' at root level.


Let's say I make three folders (say folders A, B and C) in the Shared folder with the posix permission set to 'no access' for 'Everyone', and an ACL allowing access for a single group to each folder (groups A, B and C, respectively).


This works fine. Users in group A only see folder A in their list of accessible sharepoints when logging in and while connected, and they do not see folders B or C. It works fine for users in B and C also. That's how it should be.


But there is a problem with nested share points.


Let's say we now share a folder X within folder A. And we give this share point posix 'no access' for everyone, and an ACL allowing access ONLY by group X.


So users in both groups B and C have no access to folder A, and do not have permission to read the sharepoint X. They should NOT even be aware of the existence of sharepoint X when the log in or are logged in, right?


But what actually happens is that they see sharepoint X in their list of accessible share points! Thats the BUG. If they attempt to connect to sharepoint X from that list - it looks to them just like any other sharepoint that they do have access to - they get this message:


"There was a problem connecting to the server "myserver.com". The share does not exist on the server. Please check the share name, and then try again"


So the afp system is correctly not allowing access to folder X - but why does the client computer show folder X to users that have neither read access its parent directory or to the share point itself?


Could someone try to replicate this, and maybe figure out a solution? I'm stumped. It's very annoying. Users see all kinds of share points that they should not be able to see, but can't access them.


BTW the client doing the access is 10.8.2 and the server is the latest mountain lion 10.8.2 server preinstalled on a mac mini server. I've tried restricting permissions and have ensured that all other ACL's are cleared. I am confident this is a bug in the afp server implementation.


Thanks in advance...


Chris.



Unibody Corei7 MacBookPro, Mac OS X (10.6.4)

Posted on Feb 21, 2013 4:41 PM

Reply

There are no replies.

Nested share points visible at login that should be invisible - bug in afp?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up