• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: ACL Inheritance?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ACL Inheritance?

  • Subject: Re: ACL Inheritance?
  • From: Terry Lambert <email@hidden>
  • Date: Fri, 20 Feb 2009 21:37:27 -0800
On Feb 20, 2009, at 3:32 PM, Benjamin Huntsman wrote: 
Hi all!

This may not be the right list, but perhaps someone could point me in the right direction regarding ACL's on Mac OS X...

I've got an XServe running 10.4, with an attached Xserve RAID. The raid array is running XSan, and mounted as a single volume under / Volumes. The Xserve is joined to an Active Directory domain, which it uses for authentication.

The folders at the root of the XSan volume are configured as SMB shares, so that Windows clients can access them.

So here's the catch... we want to have a certain group in the Active Directory domain control access to one of the folders on the Xsan volume. When the server was set up, they were using UNIX permissions (user, group, others) to configure access, which became problematic as more and more users were added to the system. Switching to ACL's after the fact though, hasn't worked very well.

The Active Directory group is added in Workgroup Manager to the folder, and set to propagate, but it doesn't do so to all subfolders, especially those that were present before the change. I set up a test volume on a dmg to experiment via the command line, and found that if you set an ACL with inheritance on a folder that ALREADY contains a subfolder, the subfolder won't automatically inherit the ACL from it's parent, but all subsequently created folders or files will.

So my question is, is there a way, via the command line or otherwise, to essentially tell a folder or file to "re-inherit" it's ACL list from it's parent?

I can do 'chmod -R +a "<acl>" folder', but that's not what we're after... 

The answer is "no".

Inheritance happens at create time. Even if you rename something into a directory, it won't do it (since the file is not being created).

You can archive and restore it, and the restor will create the file/ directory. This assumes that the archiving program desn't know about ACLs (and save off the old ones without inherited values, and restore them - without inherited values.

-- Terry
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden






References: 


 >ACL Inheritance? (From: "Benjamin Huntsman" <email@hidden>)






    

  • Prev by Date:
Re: GCC stack size

    • 

  • Next by Date:
Re: GCC stack size

    • 

  • Previous by thread:
ACL Inheritance?

    • 

  • Next by thread:
Re: ACL Inheritance?

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •