You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

macOS Mojave with server 5.7.1file sharing Group permissions problem :-(

hi

i have macOS Mojave with server 5.7.1 on Mac pro(Late 2013).

I'm running an updated server for the latest version.

To my question I did not find an answer through Google ...


I do several tests before moving the server to work.

The test on the server is performed from several computers, mainly from operating system 10.12.


I set up 3 users (A + B + C) and 2 groups (E + F) to check permissions Unfortunately permissions do not work properly.

And there seems to be a problem with the ACL and the permissions do not pass automatically.

The entrance was examined in two situations: AFP + SMB.


for example:

When User A logs on to the server and builds a folder / file, checking permissions on the file from the server is saved to User A and not to the Group Name (Group E).

Group: wheel - Permission: read only

All: everyone - permission: read only.


When user B enters the server and builds a folder / file, checking permissions on the file from the server is saved to user name B and not to the group name (group E).

Group: wheel - Permission: read only

All: everyone - permission: read only.



Arrange permissions through: System Prepernces / File Sharing and manual permissions changes: Apple Premissions to Enclosed Items.

Everything works out ... until the next user change.


I would be happy for help an experienced server user


Best regards

Benny

MacBook Air, macOS Sierra (10.12.6), Macintosh Plus,PB 400Hhz black, PB 867, iMac G3, OSX Server5

Posted on Oct 8, 2018 9:18 AM

Reply
Question marked as Top-ranking reply

Posted on Oct 9, 2018 6:01 AM

After searching Google I found:

That version 5.4 had a "storage" tab that could be modified to ACL permissions. Unfortunately in version 5.7.1 the tab no longer exists.


version 5.7.1:

User uploaded file


version 5.4(pict from google 5.3.55):

User uploaded file


If there is a "server specialist"?

I would be happy to help


Best regards

Benny

118 replies

Nov 16, 2018 9:08 PM in response to Benny2g

I ran into this tonight as well. I upgraded our server at my office from High Sierra to Mojave and was stunned to discover that any and all ACL options or permissions inheritance are completely gone.


Without ACLs or more specifically inherited permissions, that makes MacOS COMPLETELY unusable as a file server in any fashion whatsoever. Furthermore, the "macOS Server Service Migration Guide v1.2" referenced above contains no mention of this removal at all, anywhere.


I spent a few hours this evening migrating our server from HS to Mojave. Now I have to go back again tomorrow evening and un-do it all and go back to High Sierra. UGGH! I am very much hating Apple right now. How in the world can they expect anyone share files in a group environment without inherited permissions or explicit permissions?

Nov 21, 2018 9:10 PM in response to andyrings

Yes, This is indeed an issue that needs to be resolved. I Support a small Design company that is a majority mac. Several users working in shared storage from a mac mini with a promise pegasus drive shared out. It will continue to run High Sierra for the foreseeable future, because of the loss of ACL based permissions administration. Further more the replacement device will most likely be MS server as NAS based storage has not performed well in the environment thus far.


So sad that niche foothold that was here, and the ability to get work done easily has evaporated all the while trying to cater to the "Pro" user.


I stated user because apparently apple is un-interested in supporting multiple users working in a shared workgroup environment

Dec 5, 2018 8:21 AM in response to Sad_MAC_user

I also run a small design company and are in the same position.


What Apple is doing with their so called ‘os upgrades’ simply doesn’t make sense.


It’s basically telling us that ‘Mac computers should only be used by sole traders running one-man offices’


If you have more than one staff, there’s no way to operate your business in a Mac environment with the latest OS.


I miss the time when I was a student, and Apple catered for the enterprise market. I looked forward to one day having my office where I would run it on xserve, Xsan and Mac OS server.


Sadly, somewhere along the way, profit margins of selling smart phones became too great for Apple.


Apple

got so distracted by smart phones that they forgot, first and foremost, Apple is a computer business. It’s sad but they have lost their way and this haven’t made any progress on the computer front (especially for pro users).


Apple, please don’t lose sight of the importance of your computer business- It is the core that your business laid it’s foudstikns upon. Your founder intended to make great computers for the masses.


One day, when we all move on from smart phones, you don’t want to regret having lost the market on premium computers. Your Pro and Enterprise customers are waiting for you to do the right thing by them and their loyalty.x

Dec 22, 2018 7:07 PM in response to Benny2g

ACLs are working in Mojave, for AFP. Try it.


I noticed that my test Mojave server (well not "Server" that software isn't so great now, by server I mean just file sharing turned on) was not honoring ACLs. After some troubleshooting I wondered if it was an SMB issue, because SMB has so many. So I tired connecting via AFP. Guess what? Can't share via AFP on an AFPS volume, even though Apple allows the configuration. Sigh.


So I configured an external HFS+ Journaled volume and enabled a file share with the same permissions. This time I was able to connect via AFP and confirm that my ACLs were honored.


For all of you that think AFP is a useless protocol and that current SMB is safer, you are almost correct. That is, unless you need to provide network shares to Adobe users. Adobe continues to skirt around support for network volumes. Well, sharing to Adobe is even worse if you use SMB. All the security locks take too long for Adobe and it frequently times out. Along with causing access issues. All of these issues go away when using AFP.


So there ya go. Stick with AFP until Apple gets SMB working properly. And not like an OS 10.1 machine where Steve Jobs said this exact issue was a "feature" of Unix and not a bug of MacOS.

Jan 2, 2019 1:47 PM in response to Ryan Burkholder

Hi Ryan,


I'm connecting via SMB.


Strange is that with pages files for example the .pages suffix appears, when it didn't appear before. Also a space appears before the dot, the avatar returns to the default pages avatar and not the preview. The message I get is the file format is invalid.


I have to redo the "permission to subfolders" process to put everything back in order.


Jan 2, 2019 1:58 PM in response to Ryan Burkholder

I wonder if the real issue is which way the disk that's being shared is formatted - APFS vs HFS+. If the folder you are sharing lives on an external drive, you have the choice of how to format that drive. But if it lives on your boot drive, you are forced to stick with HFS+.


try moving your shared folder to an external HFS+ volume and share it from there. Please post the results - a lot of us are struggling with this.


thank.


Jan 8, 2019 8:21 AM in response to dalenorman2005

Ok, so I moved all the files to an external drive fomatted as HFS+.


No change, regularly, I have to revalidate folder permissions because some files appear as Invalid format to the other users, the original user (last one who made changes) can open the file perfectly.


So it's apparently not an issue with afps but with the security protocol with which macos Mojave manages permissions.


How do I get back to High Sierra??? :-(


macOS Mojave with server 5.7.1file sharing Group permissions problem :-(

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.