Private and Public Sharing (wrap head around)

[HackerJL]

Good day all.

I am having a hell of a time trying to get my head around this. Im hoping someone can help me.

I have 2 folders, Private and Public.

I have 3 users, lets call them Plain, Average and High

I want the public folder viewable by all 3 users, providing they have a password, nothing crazy.

I want the private folder only usable by Average and High and NOT plain.

So I setup the folders make the permission access in 10.9 server. And make the private folder's Everyone Else to deny. Makes sense in the my head.

But what happens, is Average can't see the contents of private. Says it doesn't have the permissions to do so.

Does that make any sense? I set it to have it. Why doesn't it allow Average?

 

[AmestrisXServe]

Good day all.

I am having a hell of a time trying to get my head around this. Im hoping someone can help me.

I have 2 folders, Private and Public.

I have 3 users, lets call them Plain, Average and High

I want the public folder viewable by all 3 users, providing they have a password, nothing crazy.

I want the private folder only usable by Average and High and NOT plain.

So I setup the folders make the permission access in 10.9 server. And make the private folder's Everyone Else to deny. Makes sense in the my head.

But what happens, is Average can't see the contents of private. Says it doesn't have the permissions to do so.

Does that make any sense? I set it to have it. Why doesn't it allow Average?

To be honest, the easiest way to handle this is to set authentication on each shared directory directly, adding specific users and their privileges, with public_user only being able to r/w to the public directory, and read only on private; then add the other users that you want to have r/w access to private into the ACL and POSIX entries for that directory. (Be sure to propagate the permissions to child files and child folders.)

I know how to do this with SAT, but not Server.app, so you may want to read the manual for setting permissions using the new tools.

You can also do some of the permissions setting in the Finder via 'Get Info': In the dialogue, view the pane 'Sharing and Permissions', and set them as needed per user.

 

[mvmanolov]

You can also do some of the permissions setting in the Finder via 'Get Info': In the dialogue, view the pane 'Sharing and Permissions', and set them as needed per user.

This is the method i use, i have found its easier to do it manually this way than to deal with the server app. though i really should RTFM more closely

 

[AmestrisXServe]

This is the method i use, i have found its easier to do it manually this way than to deal with the server app. though i really should RTFM more closely

I do that when I need only simple permissions (read-only, r/w, no access), and when I don't want to set auto-propagation. As I said, I don't know Server.app, I know Apple SAT, and it has good flexibility with setting both ACL and POSIX permissions, including custom settings, and propagation settings.

That last bit is important, as you can set a directory to r/w, and files inside to read-only, allowing new file creation, but not allowing overwriting.

I have noticed a quirk by which, user-based permissions usually take precedence over group-based permissions, but that is probably no longer true.

Establishing group-based permissions, and encapsulating users in groups, is the wiser way to do this, as you can easily add new users to groups, changing permissions for a broad spectrum of directories and files in one stroke, rather than manually adding users to each directory, or file.

I don't know if the OP expects to need many users, or few, but instead of making three users, it would be better to make three groups, and assign individual users to those groups, if you expect a wide number of users, as this allows easy disabling (or changing) of account access privileges.

 

[mvmanolov]

I do that when I need only simple permissions (read-only, r/w, no access), and when I don't want to set auto-propagation. As I said, I don't know Server.app, I know Apple SAT, and it has good flexibility with setting both ACL and POSIX permissions, including custom settings, and propagation settings.

That last bit is important, as you can set a directory to r/w, and files inside to read-only, allowing new file creation, but not allowing overwriting.

I have noticed a quirk by which, user-based permissions usually take precedence over group-based permissions, but that is probably no longer true.

Establishing group-based permissions, and encapsulating users in groups, is the wiser way to do this, as you can easily add new users to groups, changing permissions for a broad spectrum of directories and files in one stroke, rather than manually adding users to each directory, or file.

I don't know if the OP expects to need many users, or few, but instead of making three users, it would be better to make three groups, and assign individual users to those groups, if you expect a wide number of users, as this allows easy disabling (or changing) of account access privileges.

Setting ACL in server app is a bit less straight forward, as it it buried in directory tree in storage so you'd have to go there to change it rather than the file sharing tab. As for POSIX i am not sure you even have the option in the interface.