Force permissions for file sharing (acl)

Similar Messages

• Permissions for file sharing to Windows users

  Greetings, I would be very pleased if someone could help me with file sharing permissions for Windows users of a Mac mini file server running Snow Leopard 10.6.1 (not server).
  I have a folder in my root directory, lets call it Project, that holds a series of 10 sub folders, say 1 through 10. Some of my users I wish to have read/write access to the whole Project directory, and, having enabled file sharing in System Preferences (and SMB for Windows), I did cmd to get info on the Project folder, ticked sharing, added the users (whose user accounts I had replicated on the Mac from their Windows machines), gave them read/write access, and then was able to map a drive to Project in their machines. All good so far, notwithstanding an hour tussle with a Vista laptop . The other user 'groups' were set the following permissions: me - read/write; Admin - read/write; Everyone - no access; which seemed sensible.
  Then, when I wanted to only share say sub folders 4, 5 and 6 with other users, who will not have access to the whole Project directory, things were not as straight forward. I followed the same procedure as above, but for the particular sub folders. However, I think they are only able to see them if I provide read or read/write access for Everyone to the parent Project directory. This of course then lets them at least see all the other folders I do not want to share with them. I don't seem to be able to remove the Everyone group from the Project directory, which occurred to me might resolve this.
  Any thoughts? Thanks.

  "On the way down, it seems to me that you still can prevent that user from using folders that he or she is not supposed to use by setting appropriate permissions."
  I don't think this is the case. If I allow someone read & write access to a folder because they need to have read & write access to two of three subfolders, I cannot deny them (at least) read access to the third folder.
  In respect of a particular folder:
  1. You can only assign read; read & write; or write (drop box) to an individual user; and
  2. You can only assign No Access to everyone.
  Do I need to use Snow Leopard Server to be able to assign No Access to a particular folder for an individual user?

• How do you change the default permissions for files?

  I have all my users saving (via AFP) to an Xserve RAID, I am using ACL to control who has access to certain area.
  This is fine when moving files in the finder, all ACL are respected, however when saving files from Photoshop it ignores the ACL's.
  So if user A saves a file they become the owner- which is fine, but the group and everyone permissions are read only, so when user B ammends the file they get a permission warning when they try to save, the work round I'm using is to trash the file just before you try to save- not ideal cos if the save fails you've lost the work.
  What I would like is for the default permission to be group "design" Read and Write and leave everyone as read only
  So when any designer goes to oversave a file in photoshop they can do.
  I needf to leave ACL's on as they are working well in every other situation, i.e I have certain folders set so once images have been added they cannot be deleted or renamed by certain users.
  It only seems to be Photoshop that gives us this problem, Quark files and other docs are able to be saved according to the ACL

  Hi
  There are some important distinctions and points to be made here.
  POSIX Permissions are always set for every file and folder. ACLs are optional for any file, folder or share point and work IN ADDITION to POSIX Permissions. SACLs (Service Access Control Lists) are optional for specific services such as AFP, FTP, SMB, Mail etc and are independent of files and folder as well of standard POSIX Permissions and file system ACLs. Allow access is cumulative and Deny access is first match.
  ACLs supersede but don’t necessarily override Standard UNIX permissions.
  The best way to use ACLs is to enable Access Control Lists on the desired volume, create the share point folder from within Workgroup Manager, define the Users and Groups and then drop the relevant User and/or Group into the ACL window and define access privileges from there. Don’t be tempted to use the Standard UNIX permissions in addition to ACLs as all sorts of problems can ensue.
  Privileges and access can quickly get confused and share points can be broken. Deny settings defined in ACL take precedence over all other privileges settings. Deny settings defined using Standard UNIX as well as ACLs can, in some cases, mean share points becoming inaccessible to all users even those with administrative privileges.
  Wherever possible try not to set access privileges using the Finder.
  For a much fuller explanation and a method for calculating umask values consult Gerrit de Witt’s series of articles:
  http://discussions.apple.com/thread.jspa?messageID=648307&#648307

• Lion administrator setting changed to read only for file sharing. Now hung machine

  I was trying to network my Mac with a WIndows 7 machine and tried to have my name in the file sharing read write instead of other users such as administrator   when I changed the administrator to read  only for file sharing rights and could not add my name as a file sharing user with read write permissions Really silly move
  I have performed a repair of disk permissions however still hung.
  Whats worse is that my time machine for the last three days has been disconnecting when backing up leaving a partially complete backup. Backup failed. I also left a apple support community message a few days ago to solve it.
  So its critical
  Timely HELP is needed.

  This same problem happened to me, all the sudden one day my mac decided to revert to the original standard root username and password which I obviously did not know. In order to change this:
  1) Activate single user mode on reboot as by pressing cmd + s as your computer starts up. Make sure you do it right away, and keep the keys pressed down.
  2) Where the cursor pops up, type exactly
  +/sbin/mount - uw/+
  3) When the next cursor pops up type exactly
  passwd
  4) Then you can type any password you want (now changing the root password to be what you want)
  Note you will not be able to see what you type, but the text is being recognized
  5)The computer asks for you to retype the password, retype it
  6) Type reboot
  Once the computer restarts you can navigate to system preferences>accounts> and then unlock the account (lock is located on the bottom left corner) using Username: root and the password you just set. Henceforth, you can appoint your account as the administrator. Hope it works!

• How do I use VPN for file sharing?

  Hi folks, hope you can help.
  I need to find a method for file sharing between my company's two offices, which are not only in different countries but also use both PCs and Macs. I think setting up a VPN is the way forward.
  My file server is a Mac Mini running the standard client version of OS 10.5.4, with a static IP, 217.xxx.xxx.xxx. I need the PCs and Macs to access its resources. It is set up to share its files using FTP, AFP and SMB. It is running the application iVPN Server, which I understand is a GUI that makes the built-in OS X VPN Server function available to the client edition of OS X.
  I am currently overseas and can connect to the Mac Mini over VPN. The problem is that I cannot seem to access the Mac Mini's files - I don't know what to do having established the VPN connection. I was half-expecting it to show up in the Finder under Shared or something.
  The Mac Mini has a local IP of 10.0.1.20, but the VPN Server is issuing an IP to all clients in the range 192.168.2.200 and beyond. Is this where I'm going wrong?
  Should the Mac Mini VPN Server also connect to itself, using VPN, as a client?
  I'm really stuck, all help is very much appreciated. Thank you!

  Thanks for prompt reply Topher..
  I am familiar with the Connect to Server window, but I am not sure which IP I should be using. Assuming no VPN connection for the moment, and assuming I'm on a remote network, I can connect to the User's documents folder on the Mac Mini already by typing afp://[username:password]@[static WAN ip]/Documents
  However, I need to ensure that SMB shares work (I know they work when I'm on the local network). So I type smb://[username:password]@[static WAN ip]/Documents but this fails to connect to the User's Documents folder.
  To make the SMB shares work I think I have to connect using VPN. So I connect to the Mac Mini via VPN, and my laptop is issued a VPN IP of 192.168.2.200. Of course my laptop also has an IP from my local network. Do I need to rearrange my network order in System Preferences?
  So I'm now connected via VPN. However to view the Mac Mini's files, surely it also needs to have an IP issued by the VPN Server? But the Mac Mini is the VPN server. So should I go into its System Preferences and set up a VPN connection to itself?
  Now back on the laptop and I want to browse User's Documents folder on the Mac Mini using SMB. I go Connect to Server, and I guess I would type smb://[username:password]@[Mac Mini's VPN IP]/Documents
  Am I on the right track? Thanks again...

• Mac 10.5.8 unable to connect to Mac 10.4 for file sharing purpose

  I'm currently using Mac 10.5.8, when i tried to connect to my friend Mac 10.4. It just show connecting status only. My friend already turn on the file sharing. Firewall turn off. Restarted and tried again also no use. His machine able to connect to my machine for file sharing. Previously we able to do file sharing for both way, but now only one way work (his can connect to mine). This problem happen since 2 weeks ago.
  I will appreciate if any Mac expect can give me some ideal how to resolve this problem.
  Thanking you in advance.

  Are you doing this local or over the net(ports opened on router/modem?)? And try connecting by menu bar, Go, Network if you are currently trying by menu bar, Go, Connect to Server. And what does System log show by Console or Terminal. This is Leopard connecting by LAN to my Tiger machine:
  AFP_VFS afpfs_mount: /Volumes/dpp, pid 6533

• Can you use Airport for internet and Gigabit Ethernet for file sharing?

  i would like to complicate my network setup by using my Airport connection to the internet for internet access and then use the Gigabit Ethernet connection between my G5 tower and the MacBook Pro for file sharing, Compressor's distributed rendering, and possibly iTunes music/video sharing for Front Row.
  is this possible? could i just run a cat 6 cable between the two and network them together? or do i need to get a Gigabit Switch?
  i suppose i could just try running the cable between them and see what happens. i don't think these new machines require cross-over cables since the ethernet ports auto-detect that now, but is a cat 5e or cat 6 cable required for Gigabit speed?
  thanks,
  scott
  PowerMac G5 2.5GHz   Mac OS X (10.4.5)  

  Yes it would work. The Ethernet network would be used for local file transfers and the Airport for internet. However you will need to make sure Ethernet is at the top of the list of network ports in the Network Preferences.

• Extreme blocks out ethernet computers for file sharing.

  Gentlefolks,
  I am very hopeful I can get a solution suggestion for my issue. I don't know networks very well.
  I get on the internet via DSL modem to a 2wire <something> that runs into a internet hub (switch it seems to be called now!) I have three Macs that are hard wired to the hub with the 2wire <something> providing addresses using DHCP. I have an Airport Extreme base station (the dome shaped guy) running connected to the hub using the LAN, not the WAN, connection on the base station.
  I use a Macbook Pro on the network fine. When I take it to wireless, it can get to the internet just fine. I can even print using Appletalk. BUT,,, I can not see any of the other computers that are on the ethernet for file sharing. If I just connect up my ethernet on the Macbook then everything works just fine. Using the wireless shuts out the other machines.
  Any suggestions?

  A switch may or may not have an uplink port. IMHO uplink ports are outdated and not really useful since most devices have auto-sensing Ethernet ports.
  A hub routes all traffic to all ports. This means that devices see a lot of traffic which is not for their use. Think of it like the old telephone party lines where you could hear anyones conversation because it was broadcast to everyone.
  A switch is an intelligent hub. It knows what devices are connected to what port and routes traffic destined for a device ONLY on the port to which that device is connected. Therefore a switch reduces the traffic on any given port. Think of it like today's (private) telephone lines where you only get the calls which are for you and you can't hear calls made to your neighbor.

• MacBook air not connecting to iMac for file sharing

  Hello, I have a 2012 MacBook Air running Mavericks.
  I am trying to connect (for file sharing) to an iMac also running Mavericks.
  File sharing is turned on on both computers.  File sharing used to work fine before the upgrade to Mavericks.
  Both computers are on the same network.  I can ping the iMac from the Macbook.  I see the iMac listed on the sidebar of my MacBook's Finder as a Shared drive.
  Both computers have iCloud turned on.
  However, when I click on the iMac in the Macbook's Filder sidebar, it shows up as "Connection Failed."  I click on "Connect As" and nothing happens--no pop up window, nothing.
  On the MacBook I am able to use Finder->Go->Connect to Server, enter my iMac's IP address and file sharing works (I can access the files).  But when I go to some other local folder and come back to the iMac server, again I cannot see the files.  Then I have again do Finder->Go->Connect to server, etc.
  (On a different MacBook Pro on the same network I had the same problem, but when I clicked on "Connect As" it asked me to choose a user id and password, and I was able to connect using my Apple ID.  However on the MacBook Air I am unable to click on "Connect As.")
  Any suggestions on how to fix this will be very much appreciated.
  Best,
  ADD in HK

  Sorry for the delayed update. This is issue is resolved by configuring my router to operate on Channel 11.
  Looks like my router could operate on Channels above 11 like 12, 13, etc, whereas Macbook Air could recognise only till Channel 11.
  Once the router was configured to use only Channel 11, my issue got resolved.

• Permissions for files saved on another machine's shared disk

  I'm having problems with permissions on files that I create on my Macbook but save on my Mini. They are all created as read only for everyone except me, which rather defeats the purpose of having the shared directory on the Mini. I want to change the default permissions, but I can't even change them on a file by file basis - it simply doesn't allow me to change "everyone" to read & write. Really, changing the default will do, but I can't find where to change that. Can anyone point me in the right direction please?

  Is it possible to reformat the disk with other filesystem, like HFS?
  The drive will always be mounted as FAT32 when inside the Time Capsule because of the method used to mount it. Click here for more information.
  (31452)

• How to set permissions for files created by Windows on OS 10.8 volume

  I am in process of upgrading from an iMac with OS 10.6 to an iMac with OS 10.8.  In my office network, I store all files on my iMac and let the Windows PCs act as workstations to read/write onto the Mac.  (It's simpler to have all files centralized in one location, and only have to be concerned about backing up one volume.)
  When I had OS 10.4 and OS 10.6 any newly created file saved by the Windows PCs onto the Mac could be opened by the Mac.
  But with OS 10.8, I can not open newly created files from Windows.  The file permissions for the newly created files from the Windows PCs are: 
       PCUser = read/write;  Everyone = no access.
  What do I need to do so that newly created files from the Windows PC (currently Windows 7) can be opened by the Mac, without having to use Get Info to reset the permissions each time?

  You could try adding this Access Control Entry (ACE) to the folders you let them save to:
  sudo chmod -R +a "accountinggroup allow delete,chown,list,search,add_file,add_subdirectory,delete_child,file_inherit,directory_inherit" /Path/to/topmost/folder
  You first need to create a group for all the sharing people you want to have access to that folder, if you don't already have one. In the example, "accountinggroup" is the group, so change that to whatever you want to use.
  The ACE allows them full access to the files in the folders. If you want to limit that, remove the option (such as delete).
  You create Groups in Users & Groups System Preference just like creating a new user. Just change the account type to Group.
  If you want a GUI to do the settings, try Sandbox.  It's got a few glitches in the Interface, but it seems to write the ACL correctly. One glitch is selecting the Group or User. I had just a list of Continuing in the popup menu. I typed in the Group name I wanted and it worked. Some errors pop up as you traverse the file hierarchy, but you can dismiss them.
  Here is an old hint, which gives a little background, and some other options: http://hints.macworld.com/article.php?story=20090219133314985
  The Server tools would allow you to set this up more easily, but if this is all you need as the server, I don't know if it is worth it.

• How to config administrator permissions in file sharing

  Hi,
  I am setting file sharing with smb.
  But when I connect as administrator account, It show me all of the volumes on system.
  I hope to just access volumes or folders I want.
  Can I configure or customize permissions for the administrator account?

  Hi ,
  try this,
  http://myjdbc.tripod.com/basic/jdbcurl.html
  Regards
  Elango.

• Broken Permissions in File Sharing

  Hello -- When I attempt to share files from my Mac Mini (running 10.6.8), the permissions set in the File Sharing settings are not enforced (permissions).
  For testing purposes, I simply created two users and gave user 1 permission to a folder share. But when user 2 authenticates, that user has full read/write permissions to the folder.
  I did a quick screen capture demonstrating this (only 1minute long video). Make sure it is full screen and in a HD setting so you can see the user names and other details.
  http://youtu.be/KbCsiYOU3Dw
  I very much want to comission my old Mac Mini to be a local file server, but if all share permissions are going to be broken, well that's pretty sad. I would use strictly AFP, but I have two clients on the network here that need SMB shares.
  Thanks!

  Anyone with a thought/idea?
  I can't believe the sharing permissions are so broken.
  Thanks!

• Why can't I connect to my shared computers for file sharing;I have 3 Macs and I can connect the other 2 but not my new Macbook air.

  I have a black Macbook 4,1 running 10.7.5, an iMac 11,3 running 10.7.5 and a new Macbook Air 6,2 running 10.9.5., I have file sharing turned on on all machines. All machines are visible and I can connect all machines except for the Macbook Air. The Macbook air can see the other 2 Macs but does not connect to either of them or even give me the option to connect as a guest or a registered user. The other Macs connect to the Macbook Air but it will not connect with them. Any help is appreciated. Thank You.

  The warranty entitles you to complimentary phone support for the first 90 days of ownership.

• Can I convert a PB 1400's PC card port to a ethernet port for file sharing?

  My plan here is to connect a PowerBook 1400cs/133 running OS 8.6 to an iBook G4 running OS 10.4 by means of an ethernet crossover cable, and move my important files (ClarisWorks 4.0 docs and games mostly) to the new computer. But the PB 1400 has no ethernet port! Is there something I can put in the PC card slot that will convert it to an ethernet port?

  jpl, Denis, here's my setup:
  The PB 1400 is connected to the iBook via a Farallon EtherWave/EtherMac Ethernet PC Card (with a blue arrow, PCMCIA 2.1, PC Card Standard). I have the Farallon software installed and the Farallon extension turned on. A "Farallon EN Card" icon appears on my desktop, and the little light on the cord where it connects to the card is green. I used to use the card to connect to the internet back in the day when the 1400 was my primary computer, so I'm confident it works.
  The PB 1400 (name: Ben's PowerBook 1400): AppleTalk, configured to connect via alternate ethernet. File sharing, on. TCP/IP, connected via AppleTalk (Mac IP). I've tried configuring that both "Using Mac IP server" and manually by entering in the iBook's IP address and router address (the 1400 is not connected to the internet). As far as I can tell, Users/Groups is configured; it has "Ben" as "user" and "Guest" as "guest user."
  The iBook (name: Ben's iBook G4) is set up basically identical to the way jpl describes his iMac above. Like his, the services panel of sharing on the iBook says "Other Macintosh users can access your computer at afp://x.x.x.6." I also manually entered the iBook's IP address, subnet mask, and router. Under my shared location, under Built-in Ethernet, TCP/IP is configured and AppleTalk is active.
  Still, file sharing is not working. When I try to access the iBook from the 1400, I go to the Chooser, click the AppleShare icon, and "Ben's iBook G4" in the file server window. When I select it and click OK, I go to a screen to enter my name (Ben) and password as a registered user. I'm not sure if the password it wants is the file sharing password I set up for the 1400 or the administrator password for the iBook, so I tried them both. I also tried connecting as a "guest." In all cases, after I hit the "Connect" button, I got the error message "The connection to this server has been unexpectedly broken."
  No luck going the opposite direction either. When I go to Go: Connect to Server: Browse on the iBook, "Ben's PowerBook 1400" appears in the Network area, but when I select it and hit the "connect" button, I get this error message: "The file server uses an incompatible version of the AFP protocol. You cannot connect to it."