You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

macOS Mojave with server 5.7.1file sharing Group permissions problem :-(

hi

i have macOS Mojave with server 5.7.1 on Mac pro(Late 2013).

I'm running an updated server for the latest version.

To my question I did not find an answer through Google ...


I do several tests before moving the server to work.

The test on the server is performed from several computers, mainly from operating system 10.12.


I set up 3 users (A + B + C) and 2 groups (E + F) to check permissions Unfortunately permissions do not work properly.

And there seems to be a problem with the ACL and the permissions do not pass automatically.

The entrance was examined in two situations: AFP + SMB.


for example:

When User A logs on to the server and builds a folder / file, checking permissions on the file from the server is saved to User A and not to the Group Name (Group E).

Group: wheel - Permission: read only

All: everyone - permission: read only.


When user B enters the server and builds a folder / file, checking permissions on the file from the server is saved to user name B and not to the group name (group E).

Group: wheel - Permission: read only

All: everyone - permission: read only.



Arrange permissions through: System Prepernces / File Sharing and manual permissions changes: Apple Premissions to Enclosed Items.

Everything works out ... until the next user change.


I would be happy for help an experienced server user


Best regards

Benny

MacBook Air, macOS Sierra (10.12.6), Macintosh Plus,PB 400Hhz black, PB 867, iMac G3, OSX Server5

Posted on Oct 8, 2018 9:18 AM

Reply
Question marked as Top-ranking reply

Posted on Oct 9, 2018 6:01 AM

After searching Google I found:

That version 5.4 had a "storage" tab that could be modified to ACL permissions. Unfortunately in version 5.7.1 the tab no longer exists.


version 5.7.1:

User uploaded file


version 5.4(pict from google 5.3.55):

User uploaded file


If there is a "server specialist"?

I would be happy to help


Best regards

Benny

118 replies

Jan 24, 2019 7:58 AM in response to ahawkes

ahawkes, thanks for the nice job you did on this and the very clear explanations.


I've tried your command and am getting the resposne herafter, but the issue is still there. Folder "Programe ext" is on an external HFS+ formatted drive directly connected to the Macmini. "pool" is a group composed of 8 users with read/write permissions.


Last login: Thu Jan 24 12:47:06 on ttys000

serveur-korke:~ korke$ sudo chmod -R +a "group:pool allow readattr,writeattr,readextattr,writeextattr,readsecurity,list,search,add_file,add_subdirectory,delete_child,file_inherit,directory_inherit"/Volumes/Shared\ Folders/Programmes\ ext

Password:

usage: chmod [-fhv] [-R [-H | -L | -P]] [-a | +a | =a [i][# [ n]]] mode|entry file ...

chmod [-fhv] [-R [-H | -L | -P]] [-E | -C | -N | -i | -I] file ...

serveur-korke:~ korke$


Jan 24, 2019 12:02 PM in response to Mark Dannau

Mark,


Looks like you may have used the "incorrect" example to build your command, or your command is being altered here too. But either way, it's not working because of incorrect syntax. When working in this forum, don't forget to select any commands in your comment and click the <> button below to format it correctly. Here's your command, though you MUST change the path to the Programmes ext because I can't see its entire path in your post. Note that you can drag the folder itself into terminal and terminal will drop in the full path to the folder. Just don't forget the space between directory_inherit" and the start of the path. I think that's what you missed before.


sudo chmod -R +a "group:pool allow readattr,writeattr,readextattr,writeextattr,readsecurity,list,search,add_file,add_subdirectory,delete_child,file_inherit,directory_inherit" /Volumes/MyExternalDrive/Folders/Programmes\ ext



Feb 11, 2019 5:42 PM in response to jcgomez95

We use the command to configure the SHARE (a.k.a. shared folder) so that everything inside that share will always inherit the permissions you set for that share.


If we did not do this, a user (Susan) could create a folder inside the share that another user (Tom) could not open. But because we did this, all users can access all files and folders, regardless of who created it.

Mar 3, 2019 4:35 PM in response to Benny2g

Reading through this, it looks like the command line suggestions are very tricky. I manage many macOS file server, many in mixed Windows/macOS environments. After Server 5.4 dropped, we searched around quite a bit to find something that would work long term for our clients.


So far, the file sharing post-5.4 seems to work fine, except for ACLs. The default inheritance functionality makes file sharing useless for any more than one user.


We have had success with using TinkerTools System 6 for fixing that ACL inheritance issue.


https://www.bresink.com/osx/TinkerToolSys6.html


There are a ton of other features of this program that I am sure sysadmins will appreciate. (I am not associated with TinkerTool, lol).


On a side note, I just checked to see which Samba version Windows 10 uses to communicate with a 10.14 share, and it seems to be 3.0.2 (vs 3.0 in 10.12). This tells me that Apple is doing *some* software dev on file sharing, at least for now, even though it was basically broken after 5.4.

Mar 26, 2019 7:09 AM in response to Benny2g

I agree with the comments in this forum.. We are a school district that has been running a mac server for years and now the new mac sever 5.7.1 is worthless.. Don't see software update caching and ACL is gone. I don't understand what apple is thinking? Now we have to use 3rd party software to manage ACL that was working just fine before. I have been a mac guy since the Apple lle and I am sorely disappointed...

Mar 26, 2019 10:43 AM in response to dalenorman2005

I don't think that's what we're looking for. That looks more like a replacement for the "propagate permissions" tool in Server. While it's nice to see that, I don't think it solves our problem. However, ddssg1 provided a suggestion that I tested... TinkerTool System ($14) has a section that includes the ability to set up inheritance on shares in 10.14 Mojave.

Mar 30, 2019 6:49 AM in response to ahawkes

Thanks to those who mentioned - TinkerTool System. I checked out and it looks like it will fill the need for my server folder permissions and propagation management. Sorry to have to go to 3rd party to manage this but in talking with an apple tech it seems most folks are going to cloud based file sharing so apple does not care about its server service much anymore.

Mar 30, 2019 11:28 AM in response to Ryan Burkholder

Apple's focus is no longer the server, as everyone is really going to store in the cloud. But if you still want to stay with local data server and have problems only with legacy ACLs it is easy to solution or purchase the TinkerTool or apply the command via Terminal that will definitely solve.


sudo chmod -R +a "group:stagio allow readattr,writeattr,readextattr,writeextattr,readsecurity,list,search,add_file,add_subdirectory,delete_child,file_inherit,directory_inherit"

Mar 30, 2019 12:40 PM in response to andrefromflorianopolis

Saying Apple's focus is no longer on server because everyone is going to the cloud seems speculative to me. Just had a post deleted for that kind of speculation. Guess it's all in what you say.


Half of my client base could never use the "cloud" for anything but administrative work and some basic media sharing. That's not speculation, but fact. I've been running Apple servers since AppleShare IP. The Apple base was always media and content creators in my region. Big files.


Freenas doesn't seem to have a problem using Unix as a file server OS. Provides a good OS alternative to MacOS and cheaper hardware. The current version of Freenas will run as far back as a 2009 Mac mini. That's a current OS on that old mini.

Apr 11, 2019 4:14 PM in response to Benny2g

Wow. Just had this happen to me with my first client moving to a new Mac Mini on OS X 10.14.4.

Noticed some folders permissions were wrong or locking users out. took awhile to figure out how badly Apple stripped the Server app.


I eventually tried using the Get Info window on the shared folders and adjusting permissions there. I then tried the "Gear" button and clicked on "Apply to enclosed items...". As soon as I saw the progress bar pop up and disappear in less than a second, I knew it didn't work. After multiple attempts I called Apple Support. After explaining and then bumped up in support, then waiting for that person to confer with others, they had the audacity to say,

"That is expected behavior, you need to change the permissions on each folder."

I said, really, all 10,000 folders? Yes was the answer. I hung up at that point and started on the command line solution. Found it last night and then found this today.


I did run the command line last night and so far all the users today have had no issues.


Will have to get Tinkertool and play with that to see if it has any advantages.


Thanks to all of you for banging on this issue. I just cannot wrap my head around the fact that Apple is just letting Server die on the vine.


Has anyone found a better Server that support SMB and AFP? I assume AFP is needed for the Search to work and index files.

Not to mention more reliable file saves, naming and all the other SMB issues.

Apr 23, 2019 10:12 AM in response to carlsb

First of all, I'd suggest that you put your data into a folder on that disk instead of sharing the entire volume. That will give you more flexibility in the future and also avoid the .Spotlight-V100 error.


And if I understand correctly, you did the chmod command THEN set up sharing in the Sharing Preference Pane?


I think you should set up the sharing FIRST, then do the chmod -R +a command to modify those sharing settings.


Hopefully it really is that simple...


Apr 23, 2019 10:24 AM in response to Benny2g

TinkerTool System does work, I have a couple Mojave servers working like it was 10.12 again.


It's not that adding the small expense of TTS in place of buying Server from Apple is a big deal (if you don't mind buying software outside of the Apple App Store). It's that there is no guarantee that Apple won't drop file sharing all together at some point in the future. Especially given the actions taken with Server. Continuing to operate an Apple based server system seems to be a risky venture moving forward.


I'm curious as to the future of file sharing capabilities of the MacOS in the near future. Wondering if anyone here has any insight.

macOS Mojave with server 5.7.1file sharing Group permissions problem :-(

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.