Trouble getting a good permissions set up from pc to Mac.

[Peeetski]

Hi all,

I’ve been writing files from my pc to my Mac recently and I’m having trouble figuring out the best user setup.

I don’t want the pc to have full access to the Mac so I created a new user for sharing on the Mac. The problem though is that any new file (from the pc) is written with that user being the only one who can access the file. And so I’m having to tediously unlock every new file from the pc.

Can anyone think of a better approach for this?

Thanks,
Pete

 

[hobowankenobi]

Are you referring to file sharing over a network?

Sounds like inheritance is not correct. You might look at a specific folder being created on the Mac, and be sure the user you want has full RW access to that folder and all enclosed items.

One of the challenging issues has been that traditionally Macs were using POSIX permissions, and Win uses ACLs. Macs have supported ACLs for many years now, but Apple does not make it obvious which type of permission is in use. In fact, in some versions of the OS, ACLs can be invisible.

Once you have the correct ACLs set on the object (folder) on the Mac, the permissions issue should be resolved.

Long, but good overview here.

Last time I checked, this app still worked. Lets you easily see ACLs...and modify them for folks not comfortable with CLI. No longer updated....and is now free. Check the BUY page for the free (required) serial number.

 

[Peeetski]

Are you referring to file sharing over a network?

Hey thanks for the reply, I'm pretty new to this stuff so I probably left out a lot of useful info.
I'm sharing across a network, with SMB. The account I have created has Read & Write access to a share folder, but when any file is created from the PC it only has permissions for that user (and not my admin user on the mac).

This is what I'm getting on the new files, it doesn't contain my admin user.

Honestly I'm a bit surprised I've got this far though
Thanks for the info, I'll check those links out now.
Pete

 

[hobowankenobi]

You might try adding the Administrator group to the shared folder...and then any admin user should have full RW access.

Assuming you are comfortable with that.

 

[Peeetski]

They do at the moment, and it seems to make no difference. Any new files or folders don't inherit the folder permissions. I've been looking into the links you posted and it seems setting the folder to ACL permissions could fix the issue.
I'll have a try with terminal and see how I go.

 

[Peeetski]

Hmm, still having trouble with this. I feel I've set the ACL correctly.

This is what I was trying - chmod +a "UserName allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextat tr,writeextattr,readsecurity,file_inherit,directory_inherit" Directory

I'm having no luck... Any ideas?
THanks
Pete

 

[Peeetski]

Hey I think I have it! Someone from Apple discussions had a nice breakdown of changing the ACLs in terminal.
https://discussions.apple.com/thread/2160031?answerId=2160031021#2160031021
(The post by Gerrit).
Thanks for pointing me in the right direction @hobowankenobi!

 

[hobowankenobi]

Glad to hear you are making progress.

A few more things to consider:

Where is the shared folder? If it is in a user directory...that is a complication. Apple users a a hidden ACL (deny-everyone) as a default user space setting, preventing everyone except the user to see into home folders.

They also use security measures to deny access and/or the ability to execute or delete in other areas. One place meant to be available to all is the Users/Shared directory. No ACLs set there by default last I checked, and RW for everyone. I would consider putting the shared folder inside that (or create a new one) and try sharing from that location, so you don't have to worry about the parent/enclosing folder permissions. You could still set permissions on the shared folder to limit access if you want.

Not the only way to solve it, but might be the easiest.

I just ran PropEdit on my 10.13 machine, and it seems to behave fine, showing all the POSIX and ACLs, and allowing easy changes.

Here is the home folder for a user named student (with the invisible default deny ACL):

 

[Peeetski]

Hey thanks,
I had trouble downloading propedit, it seems the link to the actual download is now dead. But it seems to be working okay. The folder is inside my user directory though, so that might have made it all a little trickier. I usually work that way because I'm just working solo. Do you think I should just start projects from The root of the HD next time?
Thanks,
Pete

 

[hobowankenobi]

Root of the drive should work OK. No default ACLs that I am aware of, so nothing to remove. To make all platforms happy, typically one would set both the POSIX and ACLs the same.