Go Back   MacRumors Forums > Apple Systems and Services > OS X > Mac OS X Server, Xserve, and Networking

Reply
 
Thread Tools Search this Thread Display Modes
Old Jul 9, 2009, 10:54 AM   #1
2fs2ns
macrumors newbie
 
Join Date: Oct 2007
Mac Share Permissions Help!

We've got an XServe setup for our mac file shares. The security is integrated with our Active Directory (windows) servers. We created a security group in Active Directory for all of the users that need access to those file shares.

In the workgroup manager on the server, the security group is setup on that file share with Read/Write permissions, and Everyone is setup with Read/Write permissions.

However when we save a file into that share from a PC, the Everyone permission is set to None, so some of the mac's over there cannot access the files she saves.

Is there a way in the workgroup manager to reset that Everyone permission setting to Read/Write instead of None?
2fs2ns is offline   0 Reply With Quote
Old Jul 9, 2009, 11:06 AM   #2
yellow
Moderator
 
yellow's Avatar
 
Join Date: Oct 2003
Location: Portland, OR
Which version of Mac OS X Server are you running? Must be 10.4.x, since Sharing was moved to Server Admin in 10.5.

In WorkGroup manager you can propagate permissions to children from the gear menu at the bottom right.

So, can I assume that this AD group is in the ACL for the share? You might want to consider "Full Control" for the group's permissions, rather than R/W and leave the Everyone POSIX permissions are None. If you've bothered to create a security group in AD with specified users for the share, setting Everyone to R/W pretty much throws your security out the window.
yellow is offline   0 Reply With Quote
Old Jul 9, 2009, 11:18 AM   #3
2fs2ns
Thread Starter
macrumors newbie
 
Join Date: Oct 2007
Max OS X Server
10.4.11

Just a little background...I'm a Windows/PC guy, the Mac guru got let go and this was all dropped in my lap. Doing my best to figure it out...

In the Workgroup manager, when I click the share point, I can see the Access permissions on the right side of the screen.

The first box is Owner - currently that is set to admin, with permissions of Read/Write.
The second box is Group, that is set to domain\serveraccessgroup, with permissions of Read/Write.
The third item is Everyone, with permissions of Read/Write.

The Access Control List below is empty.

Also, when I propagate permissions on the folders, it fixes the Everyone permission from None to Read/Write, allowing the mac users to see her files.
They are all members of that security group though. Does the Everyone permission group override the group permission level?


Last edited by 2fs2ns; Jul 9, 2009 at 11:29 AM. Reason: Merged Contiguous Posts
2fs2ns is offline   0 Reply With Quote
Old Jul 9, 2009, 11:26 AM   #4
yellow
Moderator
 
yellow's Avatar
 
Join Date: Oct 2003
Location: Portland, OR
Yeah, that's all POSIX stuff and really not helpful to you.
I suggest creating a local user & group, just to fill in those fields and have a static user/group for read/write.
Add your AD group to the POSIX group and it'll make your life easier.

Set Everyone to no access for safety.

Now in the Access Control List field, click the Users & Groups button, at the top of the slide window, there's a little world symbol that shows you what type of Directory it's attached to, probably the local default. Clicking on that should show your AD directory (if configured correctly). Switch to that and then find your "Security Group" in the AD groups (the tab with multiple people on it).
Drag & Drop that to the ACL field. Change the Permission field to "Full Control".
hit the Save button at the bottom of the Window.
Now hit the Gear icon at the bottom and choose "Propagate Permissions.."

Now the corrected POSIX ugo permissions, and ACL will be applied to the share and it's contents. Now all you have to manage is the users in the AD group and it'll always be correct on the Mac share without you constantly having to fiddle with permissions on the share.
yellow is offline   0 Reply With Quote
Old Jul 9, 2009, 11:49 AM   #5
Les Kern
macrumors 68030
 
Les Kern's Avatar
 
Join Date: Apr 2002
Location: Alabama
Quote:
Originally Posted by yellow View Post
Yeah, that's all POSIX stuff and really not helpful to you.
I suggest creating a local user & group, just to fill in those fields and have a static user/group for read/write.
Add your AD group to the POSIX group and it'll make your life easier.

Set Everyone to no access for safety.

Now in the Access Control List field, click the Users & Groups button, at the top of the slide window, there's a little world symbol that shows you what type of Directory it's attached to, probably the local default. Clicking on that should show your AD directory (if configured correctly). Switch to that and then find your "Security Group" in the AD groups (the tab with multiple people on it).
Drag & Drop that to the ACL field. Change the Permission field to "Full Control".
hit the Save button at the bottom of the Window.
Now hit the Gear icon at the bottom and choose "Propagate Permissions.."

Now the corrected POSIX ugo permissions, and ACL will be applied to the share and it's contents. Now all you have to manage is the users in the AD group and it'll always be correct on the Mac share without you constantly having to fiddle with permissions on the share.
PERFECTLY stated. I would merely add that it's really a good rule to always use ACL's and leave POSIX behind.
Les Kern is offline   0 Reply With Quote
Old Jul 9, 2009, 12:00 PM   #6
2fs2ns
Thread Starter
macrumors newbie
 
Join Date: Oct 2007
I tried to drag/drop the AD security group into the ACL window, and it doesn't go.

Here are some of the other security settings...maybe they have something to do with that?





PS: Thanks for the help!

Last edited by yellow; Jul 9, 2009 at 12:09 PM. Reason: Merged Contiguous Posts
2fs2ns is offline   0 Reply With Quote
Old Jul 9, 2009, 12:18 PM   #7
yellow
Moderator
 
yellow's Avatar
 
Join Date: Oct 2003
Location: Portland, OR
No, the protocols don't matter for the moment and don't have any bearing on the permissions.

You need to make sure you're authenticated as a admin in WorkGroup Manager. And you're dragging and dropping from the Users & Groups window connected to the AD domain, right?

If you click on the General tab, "Share this item and it's contents" is checked, as is "Enable Access Control Lists on the Volume" (which is likely grayed out), right?
Attached Thumbnails
Click image for larger version

Name:	WGM.Example.png
Views:	20
Size:	174.3 KB
ID:	181881  
yellow is offline   0 Reply With Quote
Old Jul 9, 2009, 12:23 PM   #8
2fs2ns
Thread Starter
macrumors newbie
 
Join Date: Oct 2007
Yeah, I'm logging into the workgroup manager as the admin. And yes, I'm dragging the group out of the AD list of groups. I even tried some user accounts, and they won't drop in either.
2fs2ns is offline   0 Reply With Quote
Old Jul 9, 2009, 12:26 PM   #9
yellow
Moderator
 
yellow's Avatar
 
Join Date: Oct 2003
Location: Portland, OR
Quote:
Originally Posted by 2fs2ns View Post
Yeah, I'm logging into the workgroup manager as the admin. And yes, I'm dragging the group out of the AD list of groups. I even tried some user accounts, and they won't drop in either.
Sorry I added this late to the last post.

Quote:
Originally Posted by yellow View Post
If you click on the General tab, "Share this item and it's contents" is checked, as is "Enable Access Control Lists on the Volume" (which is likely grayed out), right?
yellow is offline   0 Reply With Quote

Reply
MacRumors Forums > Apple Systems and Services > OS X > Mac OS X Server, Xserve, and Networking

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
What should native mac app permissions be? rammer549 OS X 10.8 Mountain Lion 4 Oct 24, 2013 03:39 AM
My iMac osx 10.8.4 wont share files with anything?? mac or non mac (WD LIVE) joejust iMac 0 Sep 10, 2013 09:19 PM
Difference between Back to My Mac and regular sharing/permissions estockme OS X 1 May 26, 2013 12:26 PM
Mac Permissions ChompShadow iMac 1 Mar 6, 2013 04:00 AM
Mac osx folder permissions horizon22 Mac OS X 10.7 Lion 0 Jan 15, 2013 10:20 AM

Forum Jump

All times are GMT -5. The time now is 03:28 PM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC