File sharing & groups: System Group ?

Discussion in 'Mac OS X Server, Xserve, and Networking' started by cloudTiger, Feb 25, 2012.

  1. cloudTiger macrumors newbie

    Joined:
    Jun 27, 2011
    Location:
    South Carolina
    #1
    I'm setting up a Mac Mini Server for the first time, and can not seem to find a good explanation of what exactly the "System Group" is or does.

    in context: When I create a new share point for file sharing, and go into edit the share point settings, I see:

    1. my user account w/ read and write access (owner)
    2. Spotlight w/ custom access
    3. 'System Group (primary group)' with read-only access
    4. Everybody else

    The System Group bothers me in that I don't have a good understanding of what all comprises that group? Is it a special access for system processes to be able to see the files, such as making the files accessible to Time Machine other system process?

    What are the risks of leaving the System Group with read only access -or- conversely, what are implications of giving System Group no access to a share point?

    The machine is going to be file share and wiki server for a small workgroup, but there will be certain shares with confidential information I would like to ensure remains restricted to authorized users only.

    Thanks!
     
  2. Madd the Sane macrumors 6502a

    Madd the Sane

    Joined:
    Nov 8, 2010
    Location:
    Utah
    #2
    I think the system group is group 0, AKA the wheel group.
     
  3. Mattie Num Nums macrumors 68030

    Mattie Num Nums

    Joined:
    Mar 5, 2009
    Location:
    USA
    #3
    Be careful with permissions if you don't know what you are doing.

    System is essentially the Finder's name for root. It can get a little confusing because the Wheel group in Unix is a little different than that of OSX. Wheel is essentially an admin with non destructible OS privileges.

    Again be careful, you should see System R+W, Admin R+W, Everyone R, and sometimes (Me). You change the system access or everyone and you can potentially lock out a folder.
     

Share This Page