Multiple users privileges and inheriting it in folders

Discussion in 'Mac OS X Server, Xserve, and Networking' started by The Crimson Badger, Feb 20, 2017.

  1. The Crimson Badger macrumors newbie

    Joined:
    Feb 20, 2017
    Location:
    Leeds, UK
    #1
    Hi Guys,

    I'm a bit new here. Just recently came across a slight issue. I've set up MacOS X Server (Sierra) with 2 partitions. One for os and software second for data. Data have one shared folder for 5 users. Now tried everything but overtime somebody create or change any of the files in subfolders it becomes automatically available to him only blocking access for everybody else. Only system administrator (my account) can change it back to normal but small editing happens and bang, back to old problem. Tried SMB and ASL but nothing works. What's weird it even remove access from finder for my administrator account. However I can add it and change it in get info window for specific folder. Any help please.
     
  2. BrianBaughn macrumors 601

    BrianBaughn

    Joined:
    Feb 13, 2011
    Location:
    Baltimore, Maryland
    #2
  3. belvdr, Feb 21, 2017
    Last edited: Feb 21, 2017

    belvdr macrumors 603

    Joined:
    Aug 15, 2005
    #3
    This is all speaking from a Linux perspective, in hopes it can guide you in OS X.

    I would recommend a default ACL, which will apply certain permissions to any new object added to a directory:

    Code:
    setfacl -m d:g::rwX /directory
    This will apply only the executable bit to new directories. Files will not be executable. Any existing files will not be modified.
     
  4. The Crimson Badger thread starter macrumors newbie

    Joined:
    Feb 20, 2017
    Location:
    Leeds, UK
    #4
    Seems like it will be working solution. However how can apply it to the existing folders and files?
    --- Post Merged, Feb 21, 2017 ---
    seems like a lot of knowledge, I knew a lot of it but still cannot solve inheritance. any advice please?
     
  5. BrianBaughn macrumors 601

    BrianBaughn

    Joined:
    Feb 13, 2011
    Location:
    Baltimore, Maryland
    #5
    If you could figure out a way to have a permissions-changing script run when the folder contents get modified then you might have a solution.
     
  6. The Crimson Badger thread starter macrumors newbie

    Joined:
    Feb 20, 2017
    Location:
    Leeds, UK
    #6
    Ok so I need to have a separate script for that? isn't it supposed to be to happen automaticlly when I create anything in parent folder? shouldn't child objects inherit permission as a hard rule?
     
  7. belvdr macrumors 603

    Joined:
    Aug 15, 2005
    #7
    To apply to existing files:

    Code:
    setfacl -R -m g::rwX /directory
    However, I found the below URL which discusses the OS X alternative:

    https://discussions.apple.com/thread/4805409?start=0&tstart=0

    Code:
    chmod -R +a "group:GroupName allow read,write,append,delete,readattr,writeattr,readextattr,writeextattr" /Path-To-Shared-Directory
    That should apply the default ACL.
     
  8. The Crimson Badger thread starter macrumors newbie

    Joined:
    Feb 20, 2017
    Location:
    Leeds, UK
    #8
    Would it keep it like that whenever new folder is added or changed? Or still script required
     
  9. belvdr macrumors 603

    Joined:
    Aug 15, 2005
    #9
    With the +a, it should keep it like that. I have not tested this though, as I don't have a server running OS X.
     

Share This Page