as far as I understand Apple's approach to AFP in 10.5, POSIX
permission inheritance is not supported anymore.
One of the new features in 10.5.4 is indeed, that you can't
choose between POSIX permissions and "Inherit permissions"
when you set up an AFP sharepoint.
With Xsan 1.4.2 systems (running on Leopard), I use ACLs
instead, yet, not on the root level of the volume. Works fine.
With Xsan 2 systems you need to make sure to use 2.1, but this
seems to work too (I mean to use ACLs). At least I have a customer,
whose Xsan 2 volume broke with ACLs enabled. We then upgraded
to Xsan 2.1, repaired the volume and enabled ACLs again.
It has been stable for 3 weeks now.
Everything else seems to be deprecated, as far as I understand.
Is this right? (any statement from the Apple side?)
First go around was an upgrade of the server. Basically, the only
way I could make afp minimially usable was to add the following into
the sharepoint plists:
<key>afp_use_parent_owner</key>
<array>
<string>1</string>
</array>
<key>afp_use_parent_privs</key>
<array>
<string>1</string>
</array>
Second go around this morning, I did a clean install, upgraded to
10.5.4, installed xsan 1.4, upgraded to 1.4.2, then set up
sharepoint. Still don't have any GUI options to enable inherit
parent permissions. Only way is to edit the plist or sharing -e
IS_Drive -i 11 - basically the same thing.
Still having the same problem: files do not inherit the parent's
permissions, which in this case happens to be the root of the
sharepoint which has permissions of 770 admin:is group.
- now no one else in the group can read or write to the file. But
the owner can fully edit/delete the file.
Also, if I restart afp via serveradmin or reboot, the files then
become 644 rather than 700 when being touched by the user. With the
accompanying vague errors in the afp access log file:
IP 169.137.168.86 - - [03/Jul/2008:05:55:58 -0500] "OpenFork
FileRaidDU.txt" -5018 0 0
IP 169.137.168.86 - - [03/Jul/2008:05:55:58 -0500] "OpenFork
FileRaidDU.txt" -5018 0 0
IP 169.137.168.86 - - [03/Jul/2008:05:56:03 -0500] "CreateDir (A
Document Being Saved By TextEdit 6)" 0 0 0
IP 169.137.168.86 - - [03/Jul/2008:05:56:05 -0500] "Delete (A
Document Being Saved By TextEdit 6)" -5007 0 0
I have to unshare, reshare & reset sharing -i 11 for every
sharepoint, to allow the user to edit/delete the file.
When afp is giving 700 permissions, there are no -5018 or -5007
errors.
So aside from the obvious cry for help or insight, my question is
does any one else have 10.5.3/4 server, Xsan 1.4.2, POSIX
permissions only, and AD working so that it respects parent
permissions.
TIA,
Stu Duncan
IS Manager
Cox North Carolina Publications, Inc.
work: (252) 329-9628
cell: (252) 561-5865
email@hidden
http://www.reflector.com
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Xsan-Users mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Xsan-Users mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
