Mailing Lists: Apple Mailing Lists
 Image of Mac OS face in stamp
Re: ACL problems on Server 10.4.9
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ACL problems on Server 10.4.9


On May 20, 2008, at 4:06 PM, Jim McIntyre wrote:

Server 10.4.9, Client 10.4.11.

I'm trying to create a user that has read privileges across an entire share point that contains user home folders with the usual folder structure inside (i.e., Desktop, Documents, Library, etc). Default permissions for most of these user subfolders allow, of course, only the owner to read files or traverse directories.

I thought that creating an ACL entry for my "uber" user in the root directory of the share point would do the trick. The default permissions for new ACEs created in WGM sound exactly like what I want: full read permissions and full inheritance to all child folders and files and descendants.

After creating the ACE, the Effective Permissions Inspector in WGM only shows me the ACE permissions for the root of the share point, but not for any of the child items, which seem to be following the standard owner/group/everybody permissions. Trying to access items in the Finder while logged in as the new user produces results consistent with the "effective permissions" as shown.

However, if I propogate the ACL permissions to all child objects of the share point using WGM, the Effective Permissions inspector then shows the desired permissions as defined in the ACE, but... I still can't access folders in the Finder unless the standard permissions allow it.

FWIW, I verified the ACL permissions in Terminal and found they matched what I thought they should be.

So, my questions are:

- Is it necessary to manually propagate ACL permissions, even if the entry specifies application to all child objects?

Yes. ACLs are only propagated at file creation time by or when propagated manually. It's covered in the Apple docs and our Filesystem ACL whitepaper.



- Why would the permissions appear correct in WGM and when listed with "ls -ale", but not function consistent with that listing when the user is logged in via AFP?

AFP does funny things sometimes with permissions. Make sure that they are able to read attributes on the files.

Josh
--
Josh Wisenbaker
U, U, D, D, L, R, L, R, B, A, Start for your server
http://www.afp548.com






_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden






References: 


 >ACL problems on Server 10.4.9 (From: Jim McIntyre <email@hidden>)























Visit the Apple Store online or at retail locations.

1-800-MY-APPLE


Contact Apple | Terms of Use | Privacy Policy


Copyright © 2011 Apple Inc. All rights reserved.