Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 10.4.2 Nested Folder Permissions

10.4 uses something called memberd to cache group membership. It sometimes doesn't immediately recognize changes to groups. In fact, it can take hours for the group membership cache to be updated. You can try doing a "memberd -r" and see if it helps. You can also tweak the memberd.conf file in /etc. The times listed there are in seconds. You can make them shorter if you'd like.

Aaron

On Aug 26, 2005, at 6:06 PM, David B. Hunter wrote:

Question regarding folder access based on group membership:

I have three 10.4.2 servers with ACLs turned on.

1. auth -  OD Master
2. ns1 - DNS/DHCP, OD Replica
3. homes - home directoires, directory attached non-replica

I have a folder mounted at login for my users called "Classroom". Inside I have several folders nested for individual classes. A students group has R/O access to the folder and staff can R/W. I also have nested departmental folders that students selectively have access to based on the class they are taking and the group they are assigned to...

Classroom -> English-Dept -> Yearbook
Classroom -> English-Dept -> Yearbook-Editors

I have two groups of the same name applied each to Yearbook and Yearbook-Editors folders to allow access in addition to appropriate POSIX permissions.

the Yearbook and Yearbook-Editors groups have R/W privileges to Yearbook folder.

The Yearbook group has Write ONLY privileges to Yearbook-Editors folder and the Yearbook-Editors group has Read/Write privileges to Yearbook-Editors.

My problem is...when I add users to the various groups, they do not immediately have access to the folders. In fact, I have to reboot the home directory server in order for their group membership and subsequent access privileges to be recognized allowing (or dis- allowing as the case may be) access to the folders.

I have tried this with the homes server both standalone and as a replica. Same results. I've also tried adding users to the groups and doing a "lookupd -flushcache" on the homedir server -- no luck. Users logout, reboot and re-logon, no luck!

Any ideas on what is going on? Or of a command I can issue in the CLI to "refresh" the servers folder privileges based on the group memberships in the directory without a reboot?

Thanks for any advice!

David B. Hunter
Networking Specialist
South Bend Community School Corporation
South Bend, IN
email@hidden

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/arosenbl% 40mac.com

This email sent to email@hidden


_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden

This email sent to email@hidden
References: 
 >Fwd: 10.4.2 Nested Folder Permissions (From: "David B. Hunter" <email@hidden>)



Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.