"Thanks for your advice. If I clear the ACE's on the Pegasus, will it also reset or affect the POSIX permissions? From what I've read, Adobe Photoshop disregards ACL's and looks to POSIX. I may just need to change how my team accesses Photoshop docs."
What version of Photoshop are you running? I have not had issues with ACLs since versions 5 or before. If you are using an older version, then you are correct, PS will ignore the ACL and rely on the POSIX group permissions. I recommend modifying the umask on the Mac systems to ensure that users are writing all files and folders with rw on the group. Customized umask can be implemented for the user level, protecting the OS from potential security concerns.
Another question: In Server.app, if I enable "Show System Accounts" in Users or Groups, I see that there is both a user and a group for "_www". I need to give Apache access to our web files. Should I give the '_www' user access, or should I make '_www' a member of Group "World Wide Web Server" and give that group access?
So you really should not need to explicitly define the www user for the files. Apache will be fine as long as the POSIX everyone bit is we to read. Standard umask should make this work fine. For example, if you look in the default site, the files are not owned by www not the www group:
-rw-r--r-- 1 root wheel 102749 Feb 18 17:10 Server.png
-rw-r--r-- 1 root wheel 7782 Feb 28 07:26 favicon.ico
-rw-r--r-- 1 root wheel 269 Feb 28 07:26 info.php
Yet they are served fine. The piece of importance is the final r-- on the files. POSIX is broken in to three chunks, the user, the group, and everyone else. So above, the user root has rw-, the group wheel has r-- and everyone else has r--. There should be no reason to explicitly define the www user unless you are attempting something I am not aware.
Last, I am aware of the SMB connection issues. However, the SMB connection is forced when I connect through the finder, even though I deselected the Share over SMB in the Server app. Forcing the AFP connection (afp://...) through the Connect to Server function is hit or miss. Some of our team can connect and others cannot. Not sure what to do about that one.
The recommended way is to use the Connect to Server dialog from the Finder. Using the sidebar is a Bonjour connection and is also, as you stated, defaulting to SMB. Remember, you can also customize your Shared Folder and disable SMB access to the share. At this time, AFP is faster, more reliable, and better supporting case and extended attributes and ACLs.
For the systems that are giving you fits, make sure your DNS is correct, then check in the user's home folder for extra .GlobalPreferences.plist files. These are not visible in the Finder so you will need to use Terminal:
ls -la ~/Library/Preferences
If you have a bunch of .GlobalPreferences files, get rid of the extras. This has been known to cause slow server connections.
R-
Apple Consultants Network
Apple Professional Services
Author "Mavericks Server – Foundation Services" :: Exclusively available in Apple's iBooks Store
