set permissions and privileges for new files

You can search for how to change the umask. There should be some info about it on the net.

However, why do you need to do this? Setting up file sharing ACLs on the shared folder may be a better way.

You would have to disable SIP (System Integrity Protection)

<Edited by Host>

A more elegant and "mac-like" solution is to use Folder Actions.

A Folder Action can run whenever a file is added to the corresponding folder.

The "Folder Actions Setup" application is located at /System/Library/CoreServices/Folder Action Setup.

Just attach a Folder Action to that folder, and make it so that when a file is added to it the script changes permissions for the file.

You'll have to take inspiration from one of the provided scripts to create your own.

If you need, I may look at it, but only later today or maybe tomorrow.

Apple says that you are free to copy and adapt the scripts to your needs.

Let's say you are “serving” your Public folder from your home directory to your team, and you want the team to have read/write capability and others not on the team will have read permissions. Here is how you configure this, without any SIP privilege changes.

On your computer, in System Preferences : Sharing, you check File Sharing. Initially, it will be off (red dot), and under options, you can select one or both of SMB and AFP sharing.

For Shared folders, you click the + symbol and add the Public folder. On the right-panel, you configure the selections to Your name : Read & Write, Staff : Read & Write, and Other: as Read-only.

Next, you visit System Preferences : Security & Privacy. Unlock this panel, and under the Firewall tab, you click Firewall Options, and uncheck Block all incoming connections. When you do, you will see File Sharing (AFP, SMB) lit as green. This means that staff and others can now access your shared Public folder. Leave the other two checkboxes selected. Lock your Security & Privacy panel again, and quit System Preferences.

Others will need the following checked in Finder Preferences:

• General : Connected Servers
• Sidebar : Shared : Connected Servers

Once they have clicked your host name in their Finder's Shared section, and select your shared Public folder, you can place a file in there with default Read & Write privileges for you, but Read for Staff and Others — and members of the team (Staff) will be able to Read and Write the document because of the overriding privileges that you established in the System Preferences : File Sharing panel for Staff and Others.

I tested this on a 2014 MacBook Air running OS X 10.11.4 as the file server, and saved a Pages document into the Public folder on it. On my Mac mini, running OS X 10.11.5, I opened a Finder window, located the MBA name, and double-clicked it. I selected the shared Public folder, opened and updated the shared Pages document, and saved it. Back on the MBA, I verified via Quick Look that the document had indeed, been updated.

You are on an iMac, but for someone doing this on a Mac laptop, it is crucial that they turn off file sharing on it before entering into any public wi-fi cloud. Every one will see your machine name advertised to them if they have the right Finder settings in place.

See here: Re: Granting full control for every user on folder Users/Shared?

JB,

Please read thru these detailed instructions a few times, in order to get accustomed to the steps that you might take.

On each of your office network Mac's, you may create an office work Group in System Preferences > Users & Groups.

For this example, let's call your office work Group, "OFFICEGROUP". (No spaces; all capital alpha [A-Z] characters.)

Plus additional setup, which will very likely help solve your current dilemma.

- - -

Now, at *your* office Mac, go to System Preferences > Users & Groups.

Create a Group. Somewhere around the lower-left quadrant of the Users & Groups window, you should find a "+" (PLUS symbol) button . . . click on that . . . produces a pop-down window.

For New Account, select "Group".

Enter "OFFICEGROUP" (no quotes). Click the Create Group button.

Once you have created that new Group, "OFFICEGROUP", it will show in the list of Users & Groups.

You may then hold down your keyboard Control key and with the mouse arrow, tap on the icon for "OFFICEGROUP". (ie Right-click on "OFFICEGROUP" in the list of Groups.)

That should produce a small pop-up window, in which you may select "Advanced Options". Click on that choice, "Advanced Options".

In the resulting Advanced Options mini-dialog window, *DO NOT change anything EXCEPT,* set a value for the Group ID. Let's make that value: 1900. Click OK.

After that mini-dialog-window vanishes, you should be looking at the Users & Groups window, and in the general area that is the right-hand 2/3rds of it (I'm looking at Mac OS 10.8.5 "Mountain Lion" windows as I write this):

Name: OFFICEGROUP

and below that, a list of Users.

ENABLE any User(s) that you see at this time, whom you want to be part of OFFICEGROUP.

Quit System Preferences.

Now, go to each of your other office Mac computers and repeat the same steps, above.

Having completed those tasks at the other office Mac computers, return to this point in these instructions.

Now at your own office Mac computer, return to System Preferences > Users & Groups.

In the left-hand area of the window, select "OFFICEGROUP". In the roughly-right-hand area of the window, again, you should see a list of Users under

Name: OFFICEGROUP

Whatever users of the office Mac computers, are *not* in this Users list, add them as follows.

Click on the "+" (PLUS symbol) button again, and in the pop-down window, select for

New Account: Sharing Only

Full Name: (same as it is on the respective office Mac)

Account Name: (same as it is on the respective office Mac)

Password: (same as it is on the respective office Mac)

Verify: (same as it is on the respective office Mac)

We presume, here, that you are the Mac administrator for your office, and you know such info re the other Mac users. If you *do not know* their passwords, you'll need to ask them to assist with entering that particular info.

Let's say, that you've added 4 (Sharing Only) users, by this point.

*Try* to ENABLE them as Users for your office work Group "OFFICEGROUP". These new users *should* show under

Name: OFFICEGROUP

ENABLE them in *this list* of Users *if you can.*

You get the idea, you want these users to be members of your office work group, "OFFICEGROUP" - particularly on *your* office Mac computer.

NOTE: 'Sharing Only' users might *not* show on the left-hand side of the Users & Groups window. Don't let that bother you. Just keeping going . . .

Quit System Preferences.

Restart *your* office Mac computer.

Go to System Preferences > Sharing. Click on File Sharing (you probably have it ENABLED).

Under "Shared Folders" select the folder that you are sharing across your office network for those other Mac users.

Under the Users portion of the window, you should see (and set permissions):

FYI, the order of that list of three, is

Owner

Group

Everyone

Now, locate an Options button nearby, somewhere around the area of the same window and click on it.

That should produce a pop-down window. I'm looking at the Mountain Lion window, and it provides these settings, and you probably want (assuming that you are not sharing with Windows machines):

ENABLED "Share files and folders using AFP"

DISABLED "Share files and folders using SMB (Windows)"

Click the Done button.

While still at the System Preferences > Sharing window, you might want to police the permissions settings for any other Shared Folders. Given your info at present, there is no apparent need to share anything but the particular folder that you mentioned . . . so you might want to remove from the list of Shared Folders, any folders that you DO NOT want to share. (Same at the other Mac computers.)

In other words, share what you want, but not by accident. (Often with Mac's, the OS automatically shares the user's Public folder when File Sharing is first enabled, but you DO NOT have to share it. Be safe, secure, is the point.)

Quit System Preferences.

Restart ALL of the office Mac computers, beginning with your computer.

At the other office Mac computers, test the connection back to your computer, and the file / folder access that you have in mind.

That's it; good luck.

This will not work as requested since the default umask for users on OS X is such that it sets the file owner to the user that created it and sets the group to read only. Just because you created a group other than Staff won't change that fact. The new files will have OFFICEGROUP set to Read Only due to the umask. It doesn't matter that the folder has Read/Write for OFFICEGROUP.

I followed your instructions and cannot create a file in that folder that is editable by another user in the group.

In the link I posted above, I showed how to apply ACLs to the desired folder to get all users read/write access to all files and subfolders created by any user of the group.

You must also leave a space after the command and then drag the topmost folder you wish to share from into the Terminal window. That will automatically add the full path to the folder. Or, you can copy and paste the whole line into TextEdit, alter the group name, and add the full path to the folder you desire to share, then copy/paste it into Terminal

So, the full command will look like:

sudo chmod -R +a "long acl string" /full/path/to/sharing/folder

First, you shouldn't share out a folder in your home folder. It's just too messy. Use the Shared folder instead.

Second, it won't change the permissions on the individual files. The folder you shared should have Custom permissions. It is those "Custom" permissions that allow each user to edit the files created by other users.

If you haven't already, you should set up Sharing Only users on your Mac to correspond with each of the other users in the office, as ChisolmLee15 discussed.

You are trying to use a Client version of OS X to act as a File Server. It isn't, but you can make it simulate one well enough with the ACL modification. You would likely be better off running the OS X Server on that Mac, but I don't know anything about setting it up, so you'll have to get help from others here or on the OS X Server forum if you want to go that route.

This would be a lot easier if you just install Mac OS X Server on the computer. You would have better control over file sharing that way.

Or better yet, why not dedicate a Mac as a Server with Mac OS X Server installed. Many people buy and set up Mac minis for just this purpose.

Mac OS X Server is available in the Mac App Store for $20.00 USD

http://www.apple.com/osx/server/