[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: not so simple Tiger AFP share permissions??

Subject: Re: not so simple Tiger AFP share permissions??
From: Blake Garner <email@hidden>
Date: Thu, 1 Sep 2005 09:59:36 -0700
Delivered-to: email@hidden
Delivered-to: email@hidden
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=WzZvkMSucH/5d/0rUQX5A+4fsd7sbr1g61FU0jMvHtrS8Bd7UO996oYCT8vnw3QBwxvBbapdztVXMKpuBmm+/TWhgWZMsg3PZ+B0qS5dNXi7W3/hadTjidaT2bWEr9+PbDyClgNGXp49cm2Oi2GZbc9TBXggdK92zzrmF4hP9yE=

Ok,
so yes the Access control lists are enabled on the volume. 

The permissions on the root of the share are drwxr-x---
If I change the permissions to drwxr-x--x I can mount the share on the client. 
But the permissions are d--x--x--x  on the client. Which leads me to
believe that when I login with that account I'm being identified as
"everyone" instead of a member of the active directory group
"privategroup".

The problem seems like the server is not working with the group I
assigned as expected.
I tried the memberd -r command and that also had no effect.  The group
shows up properly in workgroup manager and I verified that the account
I'm testing with is in the correct group.

Blake-

On 8/31/05, Blake Garner <email@hidden> wrote:
> I'm looking to setup what I consider a simple restricted file share...
> 
> For example let's take afp://servername/sharename
> and the group DOMAIN\privategroup from our AD environment.
> 
> In workgroup manager I have set the owner of the share to
> administrator with read & write control.
> The group is set to privategroup with readonly access
> everybody is set to no access, as I would like to hide this share from
> users not in the privategroup.
> 
> Using the effective permissions inspector everything looks as expected.
> Users in the DOMAIN\privategroup are showing full read access.
> Users not in the DOMAIN\privategroup are showing only Read Attributes,
> Read Permissions
> 
> However when a user who's account is in the DOMAIN\privategroup logs
> in to the server they don't see the share at all.
> The only thing that changes that is the everyone permission.
> 
> The test client is a 10.4.2 system that isn't connected to the
> directory. I have cruised the documentation for ACL & ACE's but this
> setup is so basic that it seems to me that I wouldn't need them. The
> AD setup on this server is function properly from all other aspects.
> 
> Suggestions? Anybody have this type of setup working?
> 
> Thanks,
> Blakke-
>
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden

This email sent to email@hidden

Next by Date: Re: SSH Authentication
Next by thread: Re: SSH Authentication
Index(es):
- Date
- Thread

Home