Miguel Muelle
Level 1 (4 points)
Servers Enterprise

Q: OS X Server - Members of Staff do not share Permissions

Running OS X Server v. 2.2.5 (169.7) on a Late 2012 Mac Mini Server running OS X 10.8.5, and I keep running into the following issue:

 

When a member of the Staff group creates a folder on the server, none of the other users in the Staff group have permissions to move files into it or otherwise mess with it until Admin or the user that created it changes permissions directly on the server.

 

Is there a way that any folder created by a member of that group can be Read & Write permitted automatically?

 

Thank you in advance!

 

Miguel

Posted on Aug 24, 2016 9:37 AM

Close
Miguel Muelle

Q: OS X Server - Members of Staff do not share Permissions

  • All replies
  • Helpful answers

  • by Fai2,Helpful

    Fai2 Fai2 Aug 25, 2016 6:58 AM in response to Miguel Muelle
    Level 1 (14 points)
    Servers Enterprise
    Aug 25, 2016 6:58 AM in response to Miguel Muelle

    You don't say what, if anything, has been done on the server to set the default permissions on the sharepoint in question.

     

    In my (much later than your) version 5.x of Server.app this is done in Services > File Sharing > Settings. Then double-click on the sharepoint name to open a permissions window. It's now possible to edit its permissions, allowing both groups and individuals certain levels of access.

     

    Managing these permissions can be tricky, and beyond the scope of this post — or my ability! — to explain properly. If your Admin isn't familiar with the topic it may be time to buy a third party manual (I recommend the "OS X Server Essentials" series by Arek Dreyer, available in iBooks).

     

    It's also no bad idea not to mess around too much with the permissions on your live sharepoint. Instead set up a test folder and share that, then use it for experimentation. Lastly Apple has removed the old Permissions Inspector that used to be so valuable in testing who really has what level of access to stuff in a sharepoint. However there's a useful third party utility called TinkerTool System that can do that.

  • by Antonio Rocco,Helpful

    Antonio Rocco Antonio Rocco Aug 25, 2016 6:58 AM in response to Miguel Muelle
    Level 6 (10,582 points)
    Servers Enterprise
    Aug 25, 2016 6:58 AM in response to Miguel Muelle

    If by Staff group you mean the default POSIX Staff Group then this is the expected behaviour. POSIX permissions don't propagate. Rather than struggling with POSIX permissions use Access Control Lists (ACLs) instead. These are more granular, far reaching as well as being inheritable. Avoid using the Staff POSIX Group. Create another group instead, name it something like Company Staff and add users to it. Then edit the permissions on the Share. Select the plus Icon and add the ACL for that group. It will appear topmost in the window above the default POSIX users and groups and their permissions. Don't mess with these. Once you're  one propagate the permissions. Test access with a number of users and hopefully things will behave as you want them to.

  • by cdhw,

    cdhw cdhw Aug 24, 2016 5:56 PM in response to Miguel Muelle
    Level 4 (2,623 points)
    Servers Enterprise
    Aug 24, 2016 5:56 PM in response to Miguel Muelle

    You need to set up appropriate permissions and ACL's:

     

         http://www.techrepublic.com/blog/apple-in-the-enterprise/introduction-to-os-x-ac cess-control-lists-acls/

     

    C.

  • by Miguel Muelle,

    Miguel Muelle Miguel Muelle Aug 25, 2016 1:32 PM in response to Miguel Muelle
    Level 1 (4 points)
    Servers Enterprise
    Aug 25, 2016 1:32 PM in response to Miguel Muelle

    Thank you all for your replies.  We are a very small studio, and I am a designer, and by no means a "real" Admin.  That being said, I think I can follow this advice and see if I can clean up this issue.  I'll keep you posted.