Multiple users privileges and inheriting it in folders

[The Crimson Badger]

Hi Guys,

I'm a bit new here. Just recently came across a slight issue. I've set up MacOS X Server (Sierra) with 2 partitions. One for os and software second for data. Data have one shared folder for 5 users. Now tried everything but overtime somebody create or change any of the files in subfolders it becomes automatically available to him only blocking access for everybody else. Only system administrator (my account) can change it back to normal but small editing happens and bang, back to old problem. Tried SMB and ASL but nothing works. What's weird it even remove access from finder for my administrator account. However I can add it and change it in get info window for specific folder. Any help please.

 

[BrianBaughn]

I don't know how much you know about file and folder permissions but it's a lot more involved than what's shown at the interface level. A good place to start reading about it is in this chapter from an older Mac OS X Support Essentials book from Peachpit.

 

[belvdr]

This is all speaking from a Linux perspective, in hopes it can guide you in OS X.

I would recommend a default ACL, which will apply certain permissions to any new object added to a directory:

setfacl -m d:g::rwX /directory

This will apply only the executable bit to new directories. Files will not be executable. Any existing files will not be modified.

 

[The Crimson Badger]

Seems like it will be working solution. However how can apply it to the existing folders and files?
[doublepost=1487698337][/doublepost]

I don't know how much you know about file and folder permissions but it's a lot more involved than what's shown at the interface level. A good place to start reading about it is in this chapter from an older Mac OS X Support Essentials book from Peachpit.

seems like a lot of knowledge, I knew a lot of it but still cannot solve inheritance. any advice please?

 

[BrianBaughn]

If you could figure out a way to have a permissions-changing script run when the folder contents get modified then you might have a solution.

 

[The Crimson Badger]

If you could figure out a way to have a permissions-changing script run when the folder contents get modified then you might have a solution.

Ok so I need to have a separate script for that? isn't it supposed to be to happen automaticlly when I create anything in parent folder? shouldn't child objects inherit permission as a hard rule?

 

[belvdr]

To apply to existing files:

setfacl -R -m g::rwX /directory

However, I found the below URL which discusses the OS X alternative:

https://discussions.apple.com/thread/4805409?start=0&tstart=0

chmod -R +a "group:GroupName allow read,write,append,delete,readattr,writeattr,readextattr,writeextattr" /Path-To-Shared-Directory

That should apply the default ACL.

 

[The Crimson Badger]

To apply to existing files:

setfacl -R -m g::rwX /directory

However, I found the below URL which discusses the OS X alternative:

https://discussions.apple.com/thread/4805409?start=0&tstart=0

chmod -R +a "group:GroupName allow read,write,append,delete,readattr,writeattr,readextattr,writeextattr" /Path-To-Shared-Directory

That should apply the default ACL.

Would it keep it like that whenever new folder is added or changed? Or still script required

 

[belvdr]

With the +a, it should keep it like that. I have not tested this though, as I don't have a server running OS X.