User profile for user: crapple95
crapple95 Author
User level: Level 1
5 points

10.13.3 smb permissions inheritance lost

Hey there, i would reply to this post from january but its locked?? 10.13.2 SMB With Server 2012 R2 come on, how is a 2 month old post old...



Anyways we are having problems with one particular mac that got upgraded to 10.13.3 osx. I have reimaged the machine from scratch and it still has the issue.


Problem: When copy and pasting between folders on a network drive, the folder becomes unreadable to all but the user who created it. This obviously creates a lot of problems for that user. The fileserver is windows 2012 server.


We have one other mac running 10.13.3 that does not have the issue. All other OSX machines are running 10.12.


There are multiple forums posts with multiple issues with SMB in this release. Some recommend changing to CIFS which has worked for the user somewhat, though not everywhere and not perfectly. Others recommend doing things to the windows server such as changing "rejectunecryptedaccess" to false, or disabling .ds_store files on the mac, or disable local smb caching... However i really dont want to be making changes to the windows server that affects everyone in the company, when the problem is just one osx machine. The machine specific fixes may work, but i dont want to go disabling parts of the machine willy nilly, especially since i have another 10.13.3 client which can save and copy files fine.


There are also many different fixes in many different posts, for a few different issues, but nothing exactly like what i am seeing here.

Has anyone had this exact problem and has a fix for it? Permissions get reset so that only the user who created the file can read it. It simply is ignoring the inherited permissions. And it seems to happen mostly when copy and pasting between SMB folders.

User uploaded file

iMac, OS X Yosemite (10.10.3), null

Posted on Mar 29, 2018 7:56 AM

Reply

Similar questions

2 replies
User profile for user: crapple95
crapple95 Author
User level: Level 1
5 points

Mar 29, 2018 11:23 AM in response to crapple95

Not sure why i can no longer edit my post, but i was able to reproduce on the other mac with 10.13.3 now. Exact steps are 1) take a network file, on a network drive 2) make a folder on another network drive and copy it there. 3) then select that file that you copied, make another folder on the second drive, and then copy it there. the permissions get set to "everyone no access" and then i cant even view the file in the preview window. The folder permissions on the parent folder are correct.


So it has something to do with copying files between two network folders. I am going to determine if its just this one particular drive doing it and will post back.

Reply
User profile for user: crapple95
crapple95 Author
User level: Level 1
5 points

Mar 29, 2018 11:54 AM in response to crapple95

man there is like a 20 minute timer on editing posts. very frusterating apple. this is worse than the microsoft forums, and thats saying something! anyways i think i fixed it.


so i can reliably reproduce now. So i can test. I noticed that there is a weird SID on the files i cant read, specifically S-1-5-88-3-33216 . So on a lark i decided to look it up and found this article which says that this was a problem with share permissions in osx 10.8 !

mac osx - OSX 10.8.3 creating/editing files on Windows 7 share creates weird blocking account - Server Fault


Ok well that looks almost identical to my problem. So i start playing around with permissions and lo and behold, if i remove the Folder -> Share -> everyone -> Full control (from just the share permissions, not the security tab) it appears that this problem is solved! or at least worked around.


So the solution seems to be to remove the full control on the everyone group on the windows share dialog. I am going to test with the user and make sure, but i cant make the broken file anymore. The everyone FULL CONTROL on the security tab seems to not matter, as with it set the files are not broken.

Currently working settings:

User uploaded fileUser uploaded file


edit: reported here as well: editing files on Server 2008 messes up permissions


if you search for that sid you can find a lot of confused people who discovered this many years ago. I guess it still hasnt been addressed.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

10.13.3 smb permissions inheritance lost

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up