• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
RE: ACL Inheritance?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: ACL Inheritance?

  • Subject: RE: ACL Inheritance?
  • From: "Benjamin Huntsman" <email@hidden>
  • Date: Tue, 24 Feb 2009 07:47:13 -0800
  • Thread-topic: ACL Inheritance?
Thanks to all who replied!
Beau Hunter of this list pointed out the tip that you can use the flags +ai to chmod.  With that in mind, here's how I fixed the issue:

1. set the ACL on the folder using WGM
2. cd /Volumes/<share>/
3. ls -le
4. visually filter out the ACE that we need
5. cd <folder>
6. chmod -R +ai "<ACE HERE>" .

Best I can figure, there's a major bug in WGM.  It may be fixed in Server 10.5, but we're still on 10.4.  Whenever we tried to propagate the inheritance of the ACL, WGM would correctly propagate it in sequence to about half of the subfolders, leaving the remaing half untouched.  The command line never fails...


Thanks again!

-Ben



-----Original Message-----
From: James Peach [mailto:email@hidden]
Sent: Mon 2/23/2009 9:12 PM
To: Benjamin Huntsman
Cc: email@hidden
Subject: Re: ACL Inheritance?

2009/2/20 Benjamin Huntsman <email@hidden>:
> Hi all!
>
> This may not be the right list, but perhaps someone could point me in the right direction regarding ACL's on Mac OS X...
>
> I've got an XServe running 10.4, with an attached Xserve RAID.  The raid array is running XSan, and mounted as a single volume under /Volumes.  The Xserve is joined to an Active Directory domain, which it uses for authentication.
>
> The folders at the root of the XSan volume are configured as SMB shares, so that Windows clients can access them.
>
> So here's the catch... we want to have a certain group in the Active Directory domain control access to one of the folders on the Xsan volume.  When the server was set up, they were using UNIX permissions (user, group, others) to configure access, which became problematic as more and more users were added to the system.  Switching to ACL's after the fact though, hasn't worked very well.
>
> The Active Directory group is added in Workgroup Manager to the folder, and set to propagate, but it doesn't do so to all subfolders, especially those that were present before the change.  I set up a test volume on a dmg to experiment via the command line, and found that if you set an ACL with inheritance on a folder that ALREADY contains a subfolder, the subfolder won't automatically inherit the ACL from it's parent, but all subsequently created folders or files will.
>
> So my question is, is there a way, via the command line or otherwise, to essentially tell a folder or file to "re-inherit" it's ACL list from it's parent?

Somewhere in the ServerAdmin permissions editor there is a checkbox
that makes it reflow the inherited ACL throughout the share point. It
might be Leopard-only, I can't remember off the top of my head.

--
James Peach | email@hidden


 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
References: 
 >ACL Inheritance? (From: "Benjamin Huntsman" <email@hidden>)
 >Re: ACL Inheritance? (From: James Peach <email@hidden>)

  • Prev by Date: Info request on crashing thread on Crashreport
  • Next by Date: Launching a GUI using execl()
  • Previous by thread: Re: ACL Inheritance?
  • Next by thread: GCC stack size
  • Index(es):
    • Date
    • Thread