PDA

View Full Version : ACL Question




GregInChrist
Oct 8, 2012, 01:54 PM
I have been trying to get the permissions panned out for the systems I administer. I know I really need a guide to best practices from the ground up.

1.
I am wondering if anyone might know of a good resource blog, article book...

2.
Also a big question that I have not been able to find through google is...

I seem to be close with my ACL entries, however I still have to go back in and propagate the ACLs from the sharepoint.

I think the problem is the sharepoint permissions are correct, but users are adding files/folders that have bad permissions on them.

I don't know which way to pursue...
I have heard about two different things that seem like they might point to the answer. First something about inherit permissions only works when there is some kind of flag telling the item to inherit. Secondly umasks, that define permissions on creation of files.

I am thinking maybe I should bind user stations to my server to control the umask on client machines from a central location(otherwise administration seems like it might turn in to a real chore having to go work on each client).

Does it seem like I am heading in the right direction?

Thanks a million!

May God bless you unto salvation through faith in the work of Christ on the cross, Jesus is the only way!



GregInChrist
Oct 9, 2012, 09:57 AM
After doing more reading, it seems I might be able to refine my question to specifically...

How can I force files that are copied from a users station to a share point inherit the permissions of the folder it is being placed in?

jared_kipe
Oct 9, 2012, 10:45 AM
I have been trying to get the permissions panned out for the systems I administer. I know I really need a guide to best practices from the ground up.

1.
I am wondering if anyone might know of a good resource blog, article book...

2.
Also a big question that I have not been able to find through google is...

I seem to be close with my ACL entries, however I still have to go back in and propagate the ACLs from the sharepoint.

I think the problem is the sharepoint permissions are correct, but users are adding files/folders that have bad permissions on them.

I don't know which way to pursue...
I have heard about two different things that seem like they might point to the answer. First something about inherit permissions only works when there is some kind of flag telling the item to inherit. Secondly umasks, that define permissions on creation of files.

I am thinking maybe I should bind user stations to my server to control the umask on client machines from a central location(otherwise administration seems like it might turn in to a real chore having to go work on each client).

Does it seem like I am heading in the right direction?

Thanks a million!

...

I'm going to assume that you're using a Mac Server with AFP. If this is the case then ACL's should always get placed on files/folders that are put in a folder with an ACL on it that gives that user permission to place it there. Since ACL's take priority over POSIX permissions, you don't really need to worry about the actual permissions that get applied.

IF you really do need to worry about them, umask may not be what you're looking for, since it won't apply to network users unless you do specific things to get them to. You can apply the sticky bit to a folder to have the folder's group propagate to new files.