macOS Mojave with server 5.7.1file sharing Group permissions problem :-(

@MarkDannau:

You might have already checked this, but you have to specify AFP for each share in System Preferences > Sharing (select share) then click Options.

And I've seen that check come unchecked unintentionally more than once. I want to say it might have been an update that did it to me, but I can't be sure.

And hopefully you already know that you CANNOT share a folder using AFP if the folder is sitting on an APFS disk. Apple does not allow it.

Most of what Server.app had provided is deprecated and now gone, or has been migrated into the base macOS system and tools.

This particular file-sharing feature migrated into macOS with High Sierra.

Here, migrating to a NAS box might be an option, depending on local requirements and considerations.

Prepare for changes to macOS Server 5.7.1 - Apple Support

https://developer.apple.com/support/macos-server/macOS-Server-Service-Migration- Guide.pdf

The chmod and chown commands are the usual commands, at the command line. Often sudo chmod -r and sudo chown -r, to override and to propagate the changes.

In the GUI, the Get Info tool can be used to reset ownerships and protections.

Downside: mistakes here that are propagated to multiple files and directories and to unintended targets are difficult to recover from.

This wasn't an issue for most of my clients as I force all to use AFP to connect to a server. This is because Adobe apps don't play nice with SMB shares but are fine with AFP shares. Still gotta use an HFS+ volume, no AFPS.

Did you force the AFP connection via the connect to server function? You can't just click on the server in the Finder window sidebar. If you want to make sure the MacOS isn't tricking you into connecting via SMB, disable SMB on the server during testing.

Mark it’s likely an issue with the group

name. You probably have a short name for that group like programmeext rather than including the space. I noticed an issue a couple times with the command not finding the proper group ID related to the name until I got the short name right.

also so I didn’t see the second quotation mark in your command can you verify that you have it there?

Thanks to those who mentioned - TinkerTool System. I checked out and it looks like it will fill the need for my server folder permissions and propagation management. Sorry to have to go to 3rd party to manage this but in talking with an apple tech it seems most folks are going to cloud based file sharing so apple does not care about its server service much anymore.

TinkerTool System does work, I have a couple Mojave servers working like it was 10.12 again.

It's not that adding the small expense of TTS in place of buying Server from Apple is a big deal (if you don't mind buying software outside of the Apple App Store). It's that there is no guarantee that Apple won't drop file sharing all together at some point in the future. Especially given the actions taken with Server. Continuing to operate an Apple based server system seems to be a risky venture moving forward.

I'm curious as to the future of file sharing capabilities of the MacOS in the near future. Wondering if anyone here has any insight.

Did you grant TT full disk access?

I would first run First Aid on the volume. I would then check to see if the file got locked somehow by just using Finder, Get Info. After that things get a bit more involved:

https://superuser.com/questions/279235/why-does-chown-report-operation-not-permitted-on-os-x

Can you force your clients to connect via AFP and see if that helps? Use the "Connect to Server" option and format the server address with afp://(your server address).

Are you using OD or local sharing accounts?

Yes, This is indeed an issue that needs to be resolved. I Support a small Design company that is a majority mac. Several users working in shared storage from a mac mini with a promise pegasus drive shared out. It will continue to run High Sierra for the foreseeable future, because of the loss of ACL based permissions administration. Further more the replacement device will most likely be MS server as NAS based storage has not performed well in the environment thus far.

So sad that niche foothold that was here, and the ability to get work done easily has evaporated all the while trying to cater to the "Pro" user.

I stated user because apparently apple is un-interested in supporting multiple users working in a shared workgroup environment

I think TinkerTool has a GUI to adjust ACL permissions and enable inheritance. Does that replace the missing Server functionality? I am suffering the same problem (permissions not inherited; new files created by network users are read-only to other users). I have not yet tried TinkerTool but plan to next week.