apple-banana

Q: user permissions

Hi and thanks for taking the time to review my question.

 

I have a Mac Mini with the OS X Server App.  I have 2 Apple iMacs accessing shared folders on the Mac Mini.  I did the following on the Mac Mini Server Share permissions and am wondering if there is a better way in a small business environment to handle user permissions.

 

User 1: management

User 2: employees

 

Management Folder - permissions: management: read & write, everyone: no access

Shared Documents Folder - permissions: management and employees: read & write, everyone: no access

 

When connecting on the workstations (Finder -> Connect to Server, afp://) the issue is as follows:

 

Everything works fine unless a management user creates a folder in "Shared Documents".   An employee cannot then access that folder or read/write to it.

 

How do you allow a management user to create folders in the shared documents folder, which in-turn will allow an employee to work with that folder?

 

Basically, management has access to all folders, employees have access to one shared folder, but if management creates documents or folders in the shared documents folder, the employees can't access those folders and documents.

 

Help!  Thanks.

Mac mini, OS X Yosemite (10.10.5)

Posted on Apr 14, 2016 8:36 AM

Close

Q: user permissions

  • All replies
  • Helpful answers

  • by Linc Davis,

    Linc Davis Linc Davis Apr 14, 2016 8:50 AM in response to apple-banana
    Level 10 (207,963 points)
    Applications
    Apr 14, 2016 8:50 AM in response to apple-banana

    You have to make the ACL on the parent shared folder inherited.

  • by apple-banana,

    apple-banana apple-banana Apr 14, 2016 9:13 AM in response to Linc Davis
    Level 1 (4 points)
    Servers Enterprise
    Apr 14, 2016 9:13 AM in response to Linc Davis

    Thank you for your reply.  Setting an inheritance rule makes sense.

    For the parent folder, "Shared Folders", I assume there is no GUI option to make the folder's ACL inherited.  Can you point me to the terminal command you are referring to?  (From googling, I only see terminal commands for setting inheritance, but some mention SMB, which is not the case here as all devices are Apple computers, so the AFP protocol would be solely used)

     

    Thanks

  • by Linc Davis,

    Linc Davis Linc Davis Apr 14, 2016 9:26 AM in response to apple-banana
    Level 10 (207,963 points)
    Applications
    Apr 14, 2016 9:26 AM in response to apple-banana

    I assume there is no GUI option to make the folder's ACL inherited.

    In the sidebar of the Server.app window, select the icon at the top with the name of the server. Then select the Storage tab in the main window pane.

    Navigate to the folder in question and select it. From the popup menu at the bottom with a gear icon, select

              Edit Permissions...

    Verify that the permissions are what they should be, and make changes if necessary. Then, from the same menu, select

              Propagate Permissions...

    Check all applicable boxes, including Access Control List. If in doubt, check all boxes. Click OK.

  • by apple-banana,

    apple-banana apple-banana Apr 14, 2016 10:11 AM in response to Linc Davis
    Level 1 (4 points)
    Servers Enterprise
    Apr 14, 2016 10:11 AM in response to Linc Davis

    Thanks, I have done this in the past and it was a temporary solution.  Any new folders created did not inherit permissions automatically.

    The solution I need would automatically have the proper permissions...

  • by Linc Davis,

    Linc Davis Linc Davis Apr 14, 2016 11:13 AM in response to apple-banana
    Level 10 (207,963 points)
    Applications
    Apr 14, 2016 11:13 AM in response to apple-banana

    Please post a screenshot of the inheritance settings.