How to force specific permissions on a shared folder on macOS

[TheRiddler1982]

Hi all,

I have already read this forum post which describes a similar problem but I couldn't get the command to work. So I try a new thread.

Here's my story:

I have a Brother printer which is able to safe scans to a Samba v1 share. I have configured a shared only user named "brother" in macOS (Ventura) and setup everything in the web interface of the printer and indeed, the scans appear in the shared folder. However, the file created by the printer only gets u+rw permissions:

sven@Svens-Mac-mini Drucker % ls -l
total 2048
-rw-------  1 brother      wheel  999836 Feb 23 21:28 20230223_212738_MFC-J5730DW_001247.pdf
drwxr-xr-x  2 sven  wheel      64 Feb 23 21:31 test
sven@Svens-Mac-mini Drucker %

This is strange as the umask is set to 022 and it properly works when creating a file (test) from macOS Finder directly on the share.

Next, I check the ACLs (but I am not an expert either):

drwxrwx---+ 5 sven  wheel  160 Feb 23 21:31 Drucker
 0: user:monika allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity
 1: user:brother allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity
 2: user:sven allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity
drwxrwxrwx@ 2 sven  wheel   64 Feb 14 15:39 SC Info
sven@Svens-Mac-mini Shared %

So, I have no idea what is wrong.

How do I have to set the ACLs to FORCE every file to get a 755 or even 777 permission? If this is not possible: is there a way to trigger a hook script after each change on that specific folder?


Thanks,
Sven

 

[satcomer]

All you have to do is highlight the shared folder, do a command button push+I and do get Info on the folder and change it's permission from there really easily!

 

[hobowankenobi]

ACLs in user home folders are tricky, especially because they are invisble to the GUI, and because home folders (and their contents) are not supposed to be shared by design, and as I recall their is a deny ACL, as well as inheritence challenges.

Rather than fighting the default security, you might consider one of two options where you should be able to share nearly pain-free with other accounts by creating/moving your folders (and contents) here:

1. ~/Public

2. /Users/Shared

As I recall, the Shared folder will by default let all users access the contents inside it, but ownship stays with the original user/creator...so other users have read/write access, but can't move or delete.

Test all functions with both and see if either works without the pain and tweaks.