Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Configuring Share Point ACLs...

B

Boarder981

macrumors newbie
Original poster
Mar 14, 2008
5
0
Ok, please tell me if I'm crazy, or perhaps even stupid ... :(

So I've been supporting Macs in a large enterprise environment for some time. I'm ACHDS certified (10.4) and just recently got my ACTC certification (10.4). I got a copy of Tiger server, setup a small internal network with a few Macs, read the entire Mac OS X Server Essentials book by Peachpit Press and did all the activities, so at least I know all this stuff *in theory*.

Anyway, I'm setting up a basic file sharing server (AFP & SMB) at work using OS X Server 10.4.11 and seem to be having some problems with ACLs. For the groups I have setup with read/write permissions, they seem to be fine. They can download files from the server and modify/delete the files without any problems once on the local machine.

However, groups with read-only access can download files from the server, but get an admin authentication prompt when trying to modify or delete the files. Isn't there a way to configure it so that when a user downloads the file, the ownership changes to them?

Anyway, I know this may not be a very detailed description (not at work right now, don't have the server in front of me), but wondering if there are any quick tips to look out for when configuring ACLs in OS X Server. I have already propogated permissions and inheritance is enabled, so I'm not sure what's happening.

Any input would be appreciated.
 
Les Kern

Les Kern

macrumors 68040
Apr 26, 2002
3,063
76
Alabama
You may not have ACL set up. Make sure at the server admin you have enabled ACL's, then make it "look" like the attached pic. Be sure to propagate afterwards to change what's already there. From then on all items will be able to be modded by all users in the group regardless of what an individual file is set at. ACL's are GOD.
Good luck
 
B

Boarder981

macrumors newbie
Original poster
Mar 14, 2008
5
0
Thanks for the image, looks the same on my server. I even went back and re-read parts of my OS X Server Essentials book because I thought I was going nuts.

Like I said, the groups with read&write permissions don't have any trouble, but the groups with read-only permissions need to authenticate as admin when trying to delete files/folders that were downloaded from the server. I'll have to test some more this week at work, then post some more details.
 
Les Kern

Les Kern

macrumors 68040
Apr 26, 2002
3,063
76
Alabama
Boarder981 said:
Thanks for the image, looks the same on my server. I even went back and re-read parts of my OS X Server Essentials book because I thought I was going nuts.

Like I said, the groups with read&write permissions don't have any trouble, but the groups with read-only permissions need to authenticate as admin when trying to delete files/folders that were downloaded from the server. I'll have to test some more this week at work, then post some more details.
Click to expand...

But that sound right to me??
 
P

pezza

macrumors member
Sep 20, 2007
33
0
Les Kern said:
But that sound right to me??
Click to expand...

It does sound right, but I'm guessing that the OP wants the connected read only users to be able to delete the files from their desktop after reading them without administrator involvement?

Can ACL's be set this granular, I haven't got a system handy to test, if not perhaps if acl's aren't set and the regular permissions are enforced this error/feature will be resolved. I haven't come across this before so it must be something to do with setup.

regards
 
Les Kern

Les Kern

macrumors 68040
Apr 26, 2002
3,063
76
Alabama
pezza said:
It does sound right, but I'm guessing that the OP wants the connected read only users to be able to delete the files from their desktop after reading them without administrator involvement?

Can ACL's be set this granular, I haven't got a system handy to test, if not perhaps if acl's aren't set and the regular permissions are enforced this error/feature will be resolved. I haven't come across this before so it must be something to do with setup.

regards
Click to expand...

Indeed. I haven't been able to replicate but I will try again today. Kind of a nice diversion from my regular duties, and it might come in handy. :)
 
B

Boarder981

macrumors newbie
Original poster
Mar 14, 2008
5
0
<<It does sound right, but I'm guessing that the OP wants the connected read only users to be able to delete the files from their desktop after reading them without administrator involvement?>>

Yes, that's exactly right, sorry I should have specified. I would like users with read-only access to be able to download files from the server and not require admin authentication to delete the files. Basically I want the user to become the owner of the copy of the file they download. Not sure if this is possible ... ?

By the way, thanks for your help guys ... I really appreciate it!
 
wrldwzrd89

wrldwzrd89

macrumors G5
Jun 6, 2003
12,110
77
Solon, OH
Actually, UNIX permissions support this feature with the sticky bit. I'm not sure if you can set something equivalent to the sticky bit on an ACL entry, though.
 
B

Boarder981

macrumors newbie
Original poster
Mar 14, 2008
5
0
Well, the server seems to be working as intended now. Users in the read-only group can download files to their HD and then delete them without authenticating as admin. Folders, on the other hand, still require admin rights to trash, but this is to be expected.

I'm not even sure what I did to fix it, to be honest. In fact, the server was rebooted so I think this may have been it :eek:

Anyway, thanks for all the help!
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom