Mailing Lists: Apple Mailing Lists
 Image of Mac OS face in stamp
AFP not respecting permissions
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AFP not respecting permissions

I'm having serious trouble with afp sharing an xsan volume and respecting POSIX permissions (ACLs not enable due to corruption bug), most of which is detailed on the server list:
http://lists.apple.com/archives/Macos-x-server/2008/Jun/msg00461.html

First go around was an upgrade of the server. Basically, the only way I could make afp minimially usable was to add the following into the sharepoint plists:
<key>afp_use_parent_owner</key>
<array>
<string>1</string>
</array>
<key>afp_use_parent_privs</key>
<array>
<string>1</string>
</array>

Second go around this morning, I did a clean install, upgraded to 10.5.4, installed xsan 1.4, upgraded to 1.4.2, then set up sharepoint. Still don't have any GUI options to enable inherit parent permissions. Only way is to edit the plist or sharing -e IS_Drive -i 11 - basically the same thing.

Still having the same problem: files do not inherit the parent's permissions, which in this case happens to be the root of the sharepoint which has permissions of 770 admin:is group.

files:IS_Drive admin$ ls -al | grep test
-rwxrwx---   1 sduncan   COXNEWSCNI\is      10 Jul  3 05:49 test2.txt
-rwxrwx---   1 sduncan   COXNEWSCNI\is      16 Jul  3 05:50 test3.txt
-rwxrwx---   1 sduncan   COXNEWSCNI\is     318 Jul  2 08:50 test4.rtf
-rwxrwx---   1 sduncan   COXNEWSCNI\is     318 Jul  2 08:51 test5.rtf
-rwxrwx---   1 sduncan   COXNEWSCNI\is     348 Jul  3 05:49 test6.rtf
-rwxrwx---   1 sduncan   COXNEWSCNI\is     318 Jul  2 10:24 test7.rtf

 - edit test2.txt and save via afp

files:IS_Drive admin$ ls -al | grep test
-rwx------   1 sduncan   COXNEWSCNI\is    4096 Jul  3 06:46 ._test2.txt
-rwx------   1 sduncan   COXNEWSCNI\is      17 Jul  3 06:46 test2.txt
-rwxrwx---   1 sduncan   COXNEWSCNI\is      16 Jul  3 05:50 test3.txt
-rwxrwx---   1 sduncan   COXNEWSCNI\is     318 Jul  2 08:50 test4.rtf
-rwxrwx---   1 sduncan   COXNEWSCNI\is     318 Jul  2 08:51 test5.rtf
-rwxrwx---   1 sduncan   COXNEWSCNI\is     348 Jul  3 05:49 test6.rtf
-rwxrwx---   1 sduncan   COXNEWSCNI\is     318 Jul  2 10:24 test7.rtf

- now no one else in the group can read or write to the file. But the owner can fully edit/delete the file.

Also, if I restart afp via serveradmin or reboot, the files then become 644 rather than 700 when being touched by the user. With the accompanying vague errors in the afp access log file:
IP 169.137.168.86 - - [03/Jul/2008:05:55:58 -0500] "OpenFork FileRaidDU.txt" -5018 0 0
IP 169.137.168.86 - - [03/Jul/2008:05:55:58 -0500] "OpenFork FileRaidDU.txt" -5018 0 0
IP 169.137.168.86 - - [03/Jul/2008:05:56:03 -0500] "CreateDir (A Document Being Saved By TextEdit 6)" 0 0 0
IP 169.137.168.86 - - [03/Jul/2008:05:56:05 -0500] "Delete (A Document Being Saved By TextEdit 6)" -5007 0 0
I have to unshare, reshare & reset sharing -i 11 for every sharepoint, to allow the user to edit/delete the file.
When afp is giving 700 permissions, there are no -5018 or -5007 errors.

So aside from the obvious cry for help or insight, my question is does any one else have 10.5.3/4 server, Xsan 1.4.2, POSIX permissions only, and AD working so that it respects parent permissions.

TIA,

Stu Duncan
IS Manager
Cox North Carolina Publications, Inc.
work: (252) 329-9628
cell: (252) 561-5865
email@hidden
http://www.reflector.com




_______________________________________________
Do not post admin requests to the list. They will be ignored.
Xsan-Users mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden






















Visit the Apple Store online or at retail locations.

1-800-MY-APPLE


Contact Apple | Terms of Use | Privacy Policy


Copyright © 2011 Apple Inc. All rights reserved.