Need help configuring permissions on file server.

Discussion in 'Mac OS X Server, Xserve, and Networking' started by alexreich, Sep 12, 2011.

  1. alexreich macrumors 6502a

    alexreich

    Joined:
    Jan 26, 2011
    #1
    Hey guys, Alex here, and I've got a bit of a problem and need a solution. Hopefully y'all can help me out.

    I recently set up my PowerMac G4 as a FTP server, and I'm loving it. Everything was smooth and worked great, as I was the only one connecting via FTP via my Mac Mini (it was easy because I really didn't have to do anything but check off 'FTP Access', find the IP of my server, then open up Terminal and connect via ftp).

    But now, as I've told friends about my setup, I have one friend who would like to connect to it remotely and store some files. I have no problem with that, so I've created him a standard account login to the server. But before I tell him an IP and port to connect to, I would like to make some things inaccessible to his account so he can't screw anything up, and would only be able to access his home directory (Users/xxxxxx). I really don't understand the whole permissions part of Unix/Mac OS. Earlier I tried to set every folder on the HD except the Users folder to permissions: 750. That locked me out of my system, and required me to do as dvd says in his post on this thread http://bit.ly/ouhR40, then boot my off Tiger installation DVD and repair permissions. No worries, as I lost nothing, but I still would like to set up my server as I have described.

    How can I set file permissions to where the standard user can only see his home directory (Users/xxxxxx)?

    The only things I want him to be able to access/read-write to are his personal directory, and another drive in my server (which needs no configuration as permissions are fine as-is).

    Thanks in advance, you rock!
    -Alex :apple:
     
  2. DESNOS, Sep 12, 2011
    Last edited: Sep 12, 2011

    DESNOS macrumors 6502

    Joined:
    Aug 24, 2011
    #2
    Forget my previous post. In the finder, go into "more info" for each file on the root of your drive, add his username, and set permissions accordingly.
     
  3. alexreich thread starter macrumors 6502a

    alexreich

    Joined:
    Jan 26, 2011
    #3
    So where would I put his username? Next to Group?

    Example:

    Owner: xxxxxxxxx
    Access: Read/Write

    Group: (his username)
    Access: No access

    Others: Read Only

    ^^^^Would that be correct?
     
  4. DESNOS, Sep 12, 2011
    Last edited: Sep 12, 2011

    DESNOS macrumors 6502

    Joined:
    Aug 24, 2011
    #4
    Actually, you can't even do it from the GUI for some reason. It seems you can't say "No access" to specific user names from finder. Here's the simple command-line solution:

    Code:
    sudo chmod +a "[I]username[/I] deny read,write,execute,delete" /*; sudo chmod -a "[I]username[/I] deny list,add_file,search,delete" /Users
    replace the 2 "username"s with his username and while he'll still be able to see the files and folders on the root drive, he won't have access to them. Hope this solved the problem for you.

    EDIT: Just to be clear, this modifies the ACLs on the root drive so that the user can't read write or search/execute any files or folders on the root drive, then removes that restriction from the Users folder only so he still has access to his home directory.

    EDIT2: Just to be extra clear, he won't be able to login with Mac OS, only FTP, since this also blocks off anything in the System folder. Keep in mind that other users won't change in any way. Such is the beauty of ACLs. :)
     

Share This Page