Go Back   MacRumors Forums > Apple Systems and Services > OS X > Mac OS X Server, Xserve, and Networking

Thread Tools Search this Thread Display Modes
Prev Previous Post   Next Post Next
Old Dec 18, 2012, 08:13 PM   #1
macrumors 603
Join Date: Aug 2001
Location: The Cool Part of CA, USA
10.6 Server: My ACLs seem to be broken

I've got a small office file server (a Mini server running 10.6.8 server, configuration imported from a 10.5 XServe) that I'm having some really, really weird permissions issues with.

One of the directories on a share on the server is supposed to be read/write-able by a bookkeeping user group, but not readable by the broader general staff user group (this is a custom staff group, not the system default one). I did this by creating an ACL for the folder (via the browser in Server Admin) with Full Control permission for the desired group, and then below it the staff group with deny Full Control, then set inherit to everything below.

That worked fine for literally years.

Then, suddenly, a few days ago, people could no longer modify or delete folders that they created within that folder. When I checked the permissions on created folders, they were somehow getting created without "delete" allowed, which made no sense, but I assumed that something had gone wonky and tried doing every combination of reboots, re-setting permissions, re-propagating them, etc I could think of.

Finally I re-created a fresh user group for the Bookkeepers (new GID, short and long name), deleted the old one entirely, used the command line and sudo to purge the ACL from the top-level folder entirely, and re-added the desired permissions.

Still no luck--now I can create new folders, but cannot rename or move a folder I have just created, although I can delete it. The "Effective Permissions" browser in Server Admin shows my user as having full permissions for the folder in question to do everything, I've logged out and back on to make sure it's not a cache issue, and I've run out of ideas short of an OS reinstall.

The command line says I have the following permissions, which as far as I can tell are identical to directories I can edit the name of and move:
inherited allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,writesecurity,chown,file_inherit,directory_inherit
versus this for a folder I CAN edit:
inherited allow list,add_file,search,delete,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,writesecurity,chown,file_inherit,directory_inherit
...the notable difference in there being lack of "delete" permissions on the problem directories. Which is bizarre, because that group is set to "full control", and I CAN delete it--just not move or rename. (Perhaps that's the "delete_child" of the parent directory allowing me to do that?)

Is there something I'm missing here? What the heck is going on?
Makosuke is offline   0 Reply With Quote

MacRumors Forums > Apple Systems and Services > OS X > Mac OS X Server, Xserve, and Networking

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Mac mini server 2010 broken, needs repair rosindabow Mac mini 1 Mar 12, 2014 11:43 AM
Inverter broken or LCD screen broken ? Macbook white A1181 Snappaz MacBook 7 Oct 5, 2012 08:18 AM
Using MBA as a server (10.8 Server - not a music server) percival504 MacBook Air 1 Aug 16, 2012 01:44 AM
Post a picture of your broken/partially broken apple product Revomonster Picture Gallery 6 Aug 6, 2012 01:28 PM

Forum Jump

All times are GMT -5. The time now is 08:56 PM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2015, MacRumors.com, LLC