You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

macOS Mojave with server 5.7.1file sharing Group permissions problem :-(

hi

i have macOS Mojave with server 5.7.1 on Mac pro(Late 2013).

I'm running an updated server for the latest version.

To my question I did not find an answer through Google ...


I do several tests before moving the server to work.

The test on the server is performed from several computers, mainly from operating system 10.12.


I set up 3 users (A + B + C) and 2 groups (E + F) to check permissions Unfortunately permissions do not work properly.

And there seems to be a problem with the ACL and the permissions do not pass automatically.

The entrance was examined in two situations: AFP + SMB.


for example:

When User A logs on to the server and builds a folder / file, checking permissions on the file from the server is saved to User A and not to the Group Name (Group E).

Group: wheel - Permission: read only

All: everyone - permission: read only.


When user B enters the server and builds a folder / file, checking permissions on the file from the server is saved to user name B and not to the group name (group E).

Group: wheel - Permission: read only

All: everyone - permission: read only.



Arrange permissions through: System Prepernces / File Sharing and manual permissions changes: Apple Premissions to Enclosed Items.

Everything works out ... until the next user change.


I would be happy for help an experienced server user


Best regards

Benny

MacBook Air, macOS Sierra (10.12.6), Macintosh Plus,PB 400Hhz black, PB 867, iMac G3, OSX Server5

Posted on Oct 8, 2018 9:18 AM

Reply
Question marked as Top-ranking reply

Posted on Oct 9, 2018 6:01 AM

After searching Google I found:

That version 5.4 had a "storage" tab that could be modified to ACL permissions. Unfortunately in version 5.7.1 the tab no longer exists.


version 5.7.1:

User uploaded file


version 5.4(pict from google 5.3.55):

User uploaded file


If there is a "server specialist"?

I would be happy to help


Best regards

Benny

118 replies

Jan 15, 2019 7:35 PM in response to zygoatt

Hey guys I found this related information from high sierra server that helped me and it appears to work for keeping inherited permissions.


Firstly enable ACL permissions for SMB shares with the following command.



Sharing modification via terminal to engage ACLs



sudo defaults write /Library/Preferences/SystemConfiguration/com.apple.smb.server AclsEnabled -bool YES


Then set up inheritance permissions on the parent holder with the following command. This should recursively go through your share and apply the relevant permissions.



sudo chmod -R +a "group:REPLACE_WITH_YOURGROUP_NAME:allow readattr,writeattr,readextattr,writeextattr,readsecurity,list,search,add_file,add_subdirectory,delete_child,file_inherit,directory_inherit" REPLACE_WITH_PATH_TO_PARENT_SHARED_FOLDER

Jan 17, 2019 12:36 PM in response to Mark Dannau

Hey Mark, run the first terminal command only once, but the second command you need to repeat for each group you want to maintain inherited permissions. So if you have Workgroup and Designgroup, You need to run

sudo chmod -R +a "group:Workgroup:allow readattr,writeattr,readextattr,writeextattr,readsecurity,list,search,add_file,add_subdirectory,delete_child,file_inherit,directory_inherit" REPLACE_WITH_PATH_TO_PARENT_SHARED_FOLDER


then

sudo chmod -R +a "group:Designgroup:allow readattr,writeattr,readextattr,writeextattr,readsecurity,list,search,add_file,add_subdirectory,delete_child,file_inherit,directory_inherit" REPLACE_WITH_PATH_TO_PARENT_SHARED_FOLDER


Then both groups with have read write privileges that will be inherited by any file added or modified within the folder of choice. I recommend having these folders at the root of your share drive, so that the permissions aren't nested inside another folder with its own permissions.

Jan 18, 2019 12:30 PM in response to jlantrip

Hi jlantrip,

I did the first command, entered correct password, then

sudo chmod -R +a "group:Programme\ ext:allow readattr,writeattr,readextattr,writeextattr,readsecurity,list,search,add_file,

add_subdirectory,delete_child,file_inherit,directory_/Volumes/Shared\ Folders/Programmes\ ext

"Programmes ext" being the shared folder,

and it just hangs on >

Am I doing something wrong?

Jan 18, 2019 1:32 PM in response to Mark Dannau

Mark it’s likely an issue with the group

name. You probably have a short name for that group like programmeext rather than including the space. I noticed an issue a couple times with the command not finding the proper group ID related to the name until I got the short name right.


also so I didn’t see the second quotation mark in your command can you verify that you have it there?



Jan 20, 2019 4:49 PM in response to Benny2g

I had problems executing your great suggestion - bash on my install of Mojave didn't seem to like the way you used spaces. So I'm posting a correction for those who must experiment but aren't command line users. You must supply your own MyGroupName and your own /path/to/shared/folder:


sudo chmod -R +a "group:MyGroupName allow readattr,writeattr,readextattr,writeextattr,readsecurity,list,search,add_file,add_subdirectory,delete_child,file_inherit,directory_inherit" /path/to/shared/folder

Jan 21, 2019 5:35 AM in response to jlantrip

Hello jlantrip,

This is the result I got today with what seems to be a "lesson" of how to enter the command line correctly... ;-)

serveur-korke:~ korke$ sudo chmod -R +a "group:programmesext allow readattr,writeattr,readextattr,writeextattr,readsecurity,list,search,add_file,add_subdirectory,delete_child,file_inherit,directory_inherit"/Volumes/Shared\ Folders/Programmes\ ext

usage: chmod [-fhv] [-R [-H | -L | -P]] [-a | +a | =a [i][# [ n]]] mode|entry file ...

chmod [-fhv] [-R [-H | -L | -P]] [-E | -C | -N | -i | -I] file ...

serveur-korke:~ korke$




Jan 22, 2019 8:34 PM in response to ahawkes

Hey Guys. I think I figured out a problem with this discussion. Apple's comment tool is changing the syntax and dropping part of the end of an argument because I'm not very experienced with it, so everyone is trying to copy and paste but they're missing parts so the command fails. I'm trying to figure out the formatting into showing it correctly. THERE ARE NO CARRIAGE RETURNS IN THIS COMMAND:


sudo chmod -R +a "group:YourGroupHere allow readattr,writeattr,readextattr,writeextattr,readsecurity,list,search,add_file,add_subdirectory,delete_child,file_inherit,directory_inherit" /path/to/shared/folder


I'll dissect the command here:


sudo <- which means to run the chmod as root - this is what makes it prompt you for an admin password

chmod <- this is the main command for changing file permissions in a unix environment

-R <- this is an argument for the chmod command that tells it to effect files recursively through subfolders

+a <- I believe this effectively tells chmod to include ACLs too (this is an oversimplification)

" <- quote marks surround the entire set of "settings" that you want chmod to apply to each file and folder

group:MyGroupName <- is the group you're granting permissions for, formatted properly for chmod

allow <- you want to grant the group the following permissions for each file and folder (as opposed to deny)

readattr through directory_inherit <- these are all the specific permissions you want to grant. No spaces, spelling is important

" <- close the quote, then a space, then

/path/to/shared/folder <- this is the directory you want to apply the settings to.


NOTE that most of the problems I've seen in replies are syntax errors caused by the helpful posters' comments being manipulated. Sorry about that, but it won't let me go back and edit. :( Quote marks are important. Spaces are important. LACK of spaces are important. Unfortunately, this forum doesn't seem to allow me to paste a command as a single line.


There is NOT a carriage return after the word "allow" but there is a space. There is also a space after the last quote mark.


Any spaces in the directory path MUST be represented by a backslash and a space. In unix, spaces separate lots of things like commands and arguments. If you leave the space, the unix command will believe that the path ends at the space. The backslash means "take the next character as a character at face value." So in this example, we humans see the path as


/Volumes/Promise Pegasus/Current Jobs


BUT it must be formatted unix friendly so we use


/Volumes/Promise\ Pegasus/Current\ Jobs


So here's my example with the group called designers and a directory called Current Jobs. This is all one line.


sudo chmod -R +a "group:designers allow readattr,writeattr,readextattr,writeextattr,readsecurity,list,search,add_file,add_subdirectory,delete_child,file_inherit,directory_inherit" /Volumes/Promise\ Pegasus/Current\ Jobs


I hope this helps. And thanks again Benny2g for the real work!



Jan 22, 2019 8:52 PM in response to ahawkes

YES! It worked! The formatting was maintained and the example shows up perfectly! Here it is again:


So here's my example with the group called designers and a directory on an external RAID called Current Jobs. This is all one line:


sudo chmod -R +a "group:designers allow readattr,writeattr,readextattr,writeextattr,readsecurity,list,search,add_file,add_subdirectory,delete_child,file_inherit,directory_inherit" /Volumes/Promise\ Pegasus/Current\ Jobs


As a note to those who were trying to help but whose syntax was corrupted, I highlited my command text and clicked the button <> at the bottom of the edit pane. Apparently, that's how you format a Unix command.

macOS Mojave with server 5.7.1file sharing Group permissions problem :-(

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.