macOS Mojave with server 5.7.1file sharing Group permissions problem :-(

Can someone report back whether 10.14.3 fixed the inheritance problem?

Mark, ahawkes thanks for putting that work in for the clarity there, My sharepoints are still holding up with that fix as well.

You deserve an award for this. Thank you very much, this solution worked great!

Thanks Ahawkes, your terminal solution solved the problem for me.

You just have to setup your share points that way initially.

Ahawkes,

Please elaborate.

For what it's worth, I have OS 10.12 and server running in a Parallels VM. Works with connecting a USB3 RAID, all permissions work fine via OD.

Thanks! perfekt help

Thanks ahawkes! perfekt help

Yes! It worked!

I don't believe it. Now we're on 10.14.4 and Server 5.8 and the problem is still not fixed by Apple! Is this a quality product?

Great solution Kinneytr. I did check the settings on an earlier version of macOS and Server and these also had 'SMB-NT' and 'MS-CHAP2' so I added these as well at step 10.

I thought all of mine were resolved but now seeing that a share is visible via SMB but not via AFP

Hi

Thanks to everyone for searching. I also tried with 2 shared folders: 1st on the Mac Mini (APFS) and 2nd on external drive (HFS+). Still have permission problems.

I tried both with SMB and AFP and I still have the problem.

Can you help me?

I thought I'd tell the whole story on my setup so my success may make more sense:

NOTE: You CANNOT use AFP to share a folder on an APFS formatted drive. My externals are all Mac OS Extended (Journaled) format. I do not share any folders on a startup disk.

I have a client that is a small advertising agency with 8 employees. 5 designers and 3 admins. They all use Apple computers connecting exclusively with AFP, except the accountant who uses a Windows 10 PC. Their old server was a 2009 MacPro running Sierra and Mac OS Server the old fashioned "still works" way. The Mac Pro had two 4TB drives in an Apple RAID inside the machine for storage, and an external USB Archive drive for archives, attached via a USB PCI card. The backup drives are external USB drives as well utilized in a rotating offsite backup. The shares were four folders on the internal raid and one folder on the external Archive drive. The account I use to administer the server is long name Administrator short name administrator.

They just got a new 2018 Mac Mini for a server and an external USB-C Pegasus RAID for main storage. Here's the outline of what I did to set this up as a new server (real names changed to protect the innocent). I didn't migrate any settings from the previous server because setting up 8 users and 5 shares from scratch was easy. I'm going to ignore the backups in this discussion, but don't worry. They're there. :)

1. I copied all of their main data from the 4TB internal RAID into four folders on the pegasus.
2. I attached the Archive drive to the mini.
3. I installed Server 5.7.1
4. I used Server to create 8 users and two groups: agencystaff and agencyadmin
5. I added all of the users to the group agencystaff but only the three admins to agencyadmin
6. I went to System Preferences > Sharing and turned on file sharing.
7. I clicked Options... and turned on AFP and SMB.
8. Under Windows File Sharing, I unchecked any user who would never connect using SMB. This required their passwords.
9. I used the free utility "BatChmod" on each of the respective folders to remove any legacy permissions: On each respective folder, I set Owner to administrator with RWX all checked, Group to agencystaff (or agencyadmin on that share) with RWX checked, then Everyone to RWX all UNchecked. I checked "Change ownership and privs", Unlock, Clear ACLs and Apply to enclosed. I hit apply and waited. This drilled down the entire folder structure changing each file's permissions and cleared out old users and groups from the old server setup.
10. Back in Sharing, I added each of the 5 folders to the Shared Folders panel in turn.
11. I gave administrator Read & Write to all shares. I gave Everyone No Access to all shares.
12. I added the group agencystaff with Read & Write to 4 of the 5 shares
13. I added the group agencyadmin to the admin share
14. In my subsequent testing, permissions were not being inherited on new folders. Kristy would create a folder that Ashley could not write to or delete from. And vice versa, etc. This is where all of the cursing and screaming happened. For quite some time. So I researched and eventually arrived at this discussion.
15. I added what I learned in this forum post to my experience with the Unix command-line to properly use chmod to set up each shared folder with its respective inherited permissions like these examples:

sudo chmod -R +a "group:agencystaff allow readattr,writeattr,readextattr,writeextattr,readsecurity,list,search,add_file,add_subdirectory,delete_child,file_inherit,directory_inherit" /Volumes/Promise\ Pegasus/Design\ Jobs

sudo chmod -R +a "group:agencyadmin allow readattr,writeattr,readextattr,writeextattr,readsecurity,list,search,add_file,add_subdirectory,delete_child,file_inherit,directory_inherit" /Volumes/Promise\ Pegasus/Admin

Each one took a few minutes to complete. After that, all of my testing worked perfectly. I was able to mount the appropriate drives using afp:// on each user's computer. I created multiple folders on the shares with multiple users on multiple computers and they were all able to properly read and write and delete new and old data.

And more importantly, NO ONE called me the next morning. I had successfully replaced the old server at the same IP address with the exact same share names and permissions, and the end-user couldn't tell the difference except it was faster. All of their aliases worked. All of the "recent documents" opened. All of the InDesign files opened without complaining that image links were broken. Success!

/whew