New files and folders missing Group "Access is Denied"

Similar Messages

• New files and folders on a Linux client mounting a Windows 2012 Server for NFS share do not inherit Owner and Group when SetGID bit set

  Problem statement
  When I mount a Windows NFS service file share using UUUA and set the Owner and Group, and set the SetGID bit on the parent folder in a hierarchy. New Files and folders inside and underneath the parent folder do not inherit the Owner and Group permissions
  of the parent.
  I am given to understand from this Microsoft KnowledgeBase article (http://support.microsoft.com/kb/951716/en-gb) the problem is due to the Windows implmentation of NFS Services not supporting the Solaris SystemV or BSD grpid "Semantics"
  However the article says the same functionality can acheived by using ACE Inheritance in conjunction with changing the Registry setting for "KeepInheritance" to enable Inheritance propagation of the Permissions by the Windows NFS Services.
  1. The Precise location of the "KeepInheritance" DWORD key appears to have "moved" in  Windows Server 2012 from a Services path to a Software path, is this documented somewhere? And after enabling it, (or creating it in the previous
  location) the feature seems non-functional. Is there a method to file a Bug with Microsoft for this Feature?
  2. All of the references on demonstrating how to set an ACE to achieve the same result "currently" either lead to broken links on Microsoft technical websites, or are not explicit they are vague or circumreferential. There are no plain Examples.
  Can an Example be provided?
  3. Is UUUA compatible with the method of setting ACE to acheive this result, or must the Linux client mount be "Mapped" using an Authentication source. And could that be with the new Flat File passwd and group files in c:\windows\system32\drivers\etc
  and is there an Example available.
  Scenario:
  Windows Server 2012 Standard
  File Server (Role)
  +- Server for NFS (Role) << -- installed
  General --
  Folder path: F:\Shares\raid-6-array
  Remote path: fs4:/raid-6-array
  Protocol: NFS
  Authentication --
  No server authentication
  +- No server authentication (AUTH_SYS)
  ++- Enable unmapped user access
  +++- Allow unmapped user access by UID/GID
  Share Permissions --
  Name: linux_nfs_client.host.edu
  Permissions: Read/Write
  Root Access: Allowed
  Encoding: ANSI
  NTFS Permissions --
  Type: Allow
  Principal: BUILTIN\Administrators
  Access: Full Control
  Applies to: This folder only
  Type: Allow
  Principal: NT AUTHORITY\SYSTEM
  Access: Full Control
  Applies to: This folder only
  -- John Willis, Facebook: John-Willis, Skype: john.willis7416

  I'm making some "major" progress on this problem.
  1. Apparently the "semantics" issue to honor SGID or grpid in NFS on the server side or the client side has been debated for some time. It also existed as of 2009 between Solaris nfs server and Linux nfs clients. The Linux community defaulted to declaring
  it a "Server" side issue to avoid "Race" conditions between simultaneous access users and the local file system daemons. The client would have to "check" for the SGID and reformulate its CREATE request to specify the Secondary group it would have to "notice"
  by which time it could have changed on the server. SUN declined to fix it.. even though there were reports it did not behave the same between nfs3 vs nfs4 daemons.. which might be because nfs4 servers have local ACL or ACE entries to process.. and a new local/nfs
  "inheritance" scheme to worry about honoring.. that could place it in conflict with remote access.. and push the responsibility "outwards" to the nfs client.. introducing a race condition, necessitating "locking" semantics.
  This article covers that discovery and no resolution - http://thr3ads.net/zfs-discuss/2009/10/569334-CR6894234-improved-sgid-directory-compatibility-with-non-Solaris-NFS-clients
  2. A much Older Microsoft Knowledge Based article had explicit examples of using Windows ACEs and Inheritance to "mitigate" the issue.. basically the nfs client "cannot" update an ACE to make it "Inheritable" [-but-] a Windows side Admin or Windows User
  [-can-] update or promote an existing ACE to "Inheritable"
  Here are the pertinent statements -
  "In Windows Services for UNIX 2.3, you can use the KeepInheritance registry value to set inheritable ACEs and to make sure that these ACEs apply to newly created files and folders on NFS shares."
  "Note About the Permissions That Are Set by NFS Clients
  The KeepInheritance option only applies ACEs that have inheritance enabled. Any permissions that are set by an NFS client will
  only apply to that file or folder, so the resulting ACEs created by an NFS client will
  not have inheritance set."
  "So
  If you want a folder's permissions to be inherited to new subfolders and files, you must set its permissions from the Windows NFS server because the permissions that are set by NFS clients only apply to the folder itself."
  http://support.microsoft.com/default.aspx?scid=kb;en-us;321049
  3. I have set up a Windows 2008r2 NFS server and mounted it with a Redhat Enteprise Linux 5 release 10 x86_64 server [Oct 31, 2013] and so far this does appear to be the case.
  4. In order to mount and then switch user to a non-root user to create subdirectories and files, I had to mount the NFS share (after enabling Anonymous AUTH_SYS mapping) this is not a good thing, but it was because I have been using UUUA - Unmapped Unix
  User Access Mapping, which makes no attempt to "map" a Unix UID/GID set by the NFS client to a Windows User account.
  To verify the Inheritance of additional ACEs on new subdirectories and files created by a non-root Unix user, on the Windows NFS server I used the right click properties, security tab context menu, then Advanced to list all the ACEs and looked at the far
  Column reflecting if it applied to [This folder only, or This folder and Subdirectories, or This folder and subdirectories and files]
  5. All new Subdirectories and files createdby the non-root user had a [Non-Inheritance] ACE created for them.
  6. I turned a [Non-Inheritance] ACE into an [Inheritance] ACE by selecting it then clicking [Edit] and using the Drop down to select [This folder, subdirs and files] then I went back to the NFS client and created more subdirs and files. Then back to the
  Windows NFS server and checked the new subdirs and folders and they did Inherit the Windows NFS server ACE! - However the UID/GID of the subdirs and folders remained unchanged, they did not reflect the new "Effective" ownership or group membership.
  7. I "believe" because I was using UUUA and working "behind" the UID/GID presentation layer for the NFS client, it did not update that presentation layer. It might do that "if" I were using a Mapping mechanism and mapped UID/GID to Windows User SIDs and
  Group SIDs. Windows 2008r2 no longer has a "simple" Mapping server, it does not accept flat text files and requires a Schema extension to Active Directory just to MAP a windows account to a UID/GID.. a lot of overhead. Windows Server 2012 accepts flat text
  files like /etc/passwd and /etc/group to perform this function and is next on my list of things to see if that will update the UID/GID based on the Windows ACE entries. Since the Local ACE take precedence "over" Inherited ACEs there could be a problem. The
  Inheritance appears to be intended [only] to retain Administrative rights over user created subdirs and files by adding an additional ACE at the time of creation.
  8. I did verify from the NFS client side in Linux that "Even though" the UID/GID seem to reflect the local non-root user should not have the ability to traverse or create new files, the "phantom" NFS Server ACEs are in place and do permit the function..
  reconciling the "view" with "reality" appears problematic, unless the User Mapping will update "effective" rights and ownership in the "view"
  -- John Willis, Facebook: John-Willis, Skype: john.willis7416

• All new files and folders show up as READ ONLY

  I am new to the iMac, and am having problems with files an folders. My account is an administrator's account, but when ever I create a new folder, or move a file into it, it shows up as READ ONLY. This is really annoying as I am moving hundreds of files from my PC to the iMac. How do I set things up so that new folders and files are not READ ONLY? Thanks!

  Creative Cloud applications unexpectedly revert to trial mode | CS6, CCM

• Uninstall the application does not delete all new files and folders.

  If the user decides to uninstall my Air app, it does not delete the created folders with files in AppData. Another problem is that if the application creates new files in the folder Program Files/AirAppFolder, then uninstall of the app are not deleted these files.
  How to solve these problems, help please?

  Hi,
  AIR shouldn't be creating additional files in your program files folder, is this something you're doing programmatically?  If so, you might want to consider using File.applicationStorageDirectory instead given permission problems you'll have on newer operating systems.
  As to uninstalling all files (even the data created in the user's storage folder) this is something you might consider using a native installer to take care of.  Since the AIR installer is unaware of this data, it won't know to delete it on uninstall.  Instead, you'll want to create a custom function in a native installer that deletes these folders/files and then sub launches the AIR install/uninstall.
  Thanks,
  Chris

• Auditing failed access to files and folders in Windows Storage Server 2008 R2

  Hello,
  I've been trying to figure out why I cannot audit the failed access to files and folders on my server.  I'm trying to replace a unix-based NAS with a Windows Storage Server 2008 R2 solution so I can use my current audit tools (the 'nix NAS
  has basically none).  I'm looking for a solution for a small remote office with 5-10 users and am looking at Windows Storage Server 2008 R2 (no props yet, but on a Buffalo appliance).  I specifically need to audit the failure of a user to access
  folders and files they are not supposed to view, but on this appliance it never shows.  I have:
  Enabled audit Object access for File system, File share and Detailed file share
  Set the security of the top-level share to everyone full control
  Used NTFS file permissions to set who can/cannot see particular folders
  On those folders (and letting those permissions flow down) I've set the auditing tab to "Fail - Everyone - Full Control - This folder, subfolders and files"
  On the audit log I only see "Audit Success" messages for items like "A network share object was checked to see whether client can be granted desired access (Event 5145) - but never a failure audit (because this user was not allowed access by NTFS permissions).
  I've done this successfully with Windows Server 2008 R2 x64 w/SP1 and am wondering if anybody has tried this with the Windows Storage Server version (with success of course).  My customer wants an inexpensive "appliance" and I thought this new
  variant of 2008 was the ticket, but I can't if it won't provide this audit.
  Any thoughts? Any of you have luck with this?  I am (due to the fact I bought this appliance out of my own pocket) using the WSS "Workgroup" flavor and am wondering if this feature has been stripped from the workgroup edition of WSS.
  TIA,
  --Jeffrey

  Hi Jeffrey,
  The steps to setup Audit on a WSS system should be the same as a standard version of Windows Server. So please redo the steps listed below to see if issue still exists:
  Enabling file auditing is a 2-step process.
  [1] Configure "audit object access" in AD Group Policy or on the server's local GPO. This setting is located under Computer Configuration-->Windows Settings-->Security Settings-->Local Policies-->Audit Policies. Enable success/failure auditing
  for "Audit object access."
  [2] Configure an audit entry on the specific folder(s) that you wish to audit. Right-click on the folder-->Properties-->Advanced. From the Auditing tab, click Add, then enter the users/groups whom you wish to audit and what actions you wish to audit
  - auditing Full Control will create an audit entry every time anyone opens/changes/closes/deletes a file, or you can just audit for Delete operations.
  A similar thread:
  http://social.technet.microsoft.com/Forums/en-US/winserverfiles/thread/da689e43-d51d-4005-bc48-26d3c387e859
  TechNet Subscriber Support in forum |If you have any feedback on our support, please contact [email protected]

• I just restored my 13" MBP i5 at the apple store to the newest version of Lion after issues with a previous Time Machine backup from Snow Leopard- this time I created a new account and just ported files and folders, and now MS Office doesn't work. Help?

  I just restored my 13" MBP i5 at the apple store to the newest version of Lion after issues with a previous Time Machine backup from Snow Leopard- this time I created a new account and just ported files and folders, and now MS Office doesn't work.
  ^^ that's the main problem. Here's the full history.
  I bought a new 13" i5 MBP, early 2011 edition. I had an old white Macbook 2.14 ghz core2duo on Snow Leopard. I attempted to port over my time machine backup, but encountered problems in that my User was inaccessible from the new computer after the import finished, and I had to go in and change the root password, etc, and for some reason or another, I couldn't install any programs at all from that administrator's account. By "couldn't" I mean I could install them, but upon installation they would never boot. So, I took it to the apple store and did a clean install from the most up to date Lion OSX. Then, I created a brand new admin account, instead of trying to import the old one, and things seemed great. Then, I just imported my old files from the TM backup, but not any system settings, permissions, or user data. Just my Docs, pics, vids, apps, and itunes stuff.
  Here's where things get weird again. I imported this stuff under the name "old", but all of these folders have a red negative sign on them, marking them as restricted. So, from my main admin account, I cannot even peruse these folders. Since I didn't import user data, I can't sign in to the "old" account to change permissions. I already tried to change the permissions from system preferences, but that didn't change anything. And now, for whatever reason, of all the apps that were imported then, MS Office is the only set of apps that does not work. When I click on it, it just says there was a problem and asks if I'd like to send a report to apple. I tried reinstalling it to no avail. I'm an English student, so i really need access to Word. Can anyone help? The Apple store is a major detour for me and would like to fix this issue myself.

  Most likely you have Office 2004 which are PPC-only applications and will not work in Lion. Upgrade to Office 2011. Other alternatives are:
  Apple's iWork suite (Pages, Numbers, and Keynote.)
  Open Office (Office 2007-like suite compatible with OS X.)
  NeoOffice (similar to Open Office.)
  LibreOffice (a new direction for the Open Office suite.)

• Windows 7 won't allow me access to some of my files and folders

  I installed a new copy of Windows 7 Professional SP1 on a new PC several months ago. I then restored my documents from a backup made on my old XP system. Ever since installation, I have had problems with Windows denying me access to some of my files
  and folders. I have full administrative rights on the machine. The various problems I've had, and steps I've taken to resolve them are:
  1. Try to open a file and get a message telling me I need permission from Steve to open this file. I am Steve.
  2.Try to open a file and get a message telling me I don't have permission to open it, but click this button to get permanent permission. I click the button, but still don't have permission.
  3. I then started opening the security settings for individual files and setting myself to have full access, and as the owner. This worked for individual files.
  4. I then tried setting the same security settings for entire folders. This didn't work and didn't improve anything.
  5. I tried setting the security settings so that Administrators owned the files/folders (I am an administrator). This also didn't achieve anything.
  6. After several months and still getting these messages, I got sick of trying to overcome them and decided to apply these security settings to my entire C: drive. I set myself to have full access and to be the owner of the C: root directory and all sub-objects.
  7. I inserted my Windows installation disk and tried to run the System Repair. It told me that System Repair was not compatible with the version of Windows I was running! WTF???
  Not only did setting permissions for the entire C: drive not help me, it has made matters a WHOLE lot worse. I now don't have permission to open almost all my files/folders. Most applications I try to run (Word, Excel, etc.) either tell me they can't open
  a file or let me open and edit it, then tell me I don't have permission to save to that location. When I press the Send/Receive button in Outlook, it now tells me I don't have permission to perform that action. I've tried going back to a restore point before
  I made this change, but that didn't change anything either.
  This problem has been driving me insane for months and now my PC is almost completely unusable and I'm considering a disk format and re-install Windows. When I initially installed it, so many problems came up in the first few weeks that I'm very reluctant
  to go through this procedure again. I spent hours and hours trawling the web looking for solutions to things that didn't work.
  Does anyone have any good news for me? Because as far as I'm concerned, Windows 7 is so far a piece of garbage.

  Hi Steve1904,
  So you have use the backup and Restore to restore your files from Windows XP to Windows 7 directly?
  This should be considered not work.
  If you would like to transfer files between Windows XP and Windows 7, you need another tool called Windows Easy Transfer.
  See the article below if you would like to upgrade from Windows XP to Windows 7:
  Upgrading from Windows XP to Windows 7
  If possible, follow the steps there, then things should be OK.
  Best regards
  Michael Shao
  TechNet Community Support

• What is the name of the folders which are your backup of Itunes library? I am recovering from a virus, have no workable desktop in Win XP, but can search and find files and folders. I would like to move these backup files to a new computer

  what is the name of the folders which are the backup of Itunes library? I am recovering from a virus, have no workable desktop in Win XP, but can search and find files and folders. I would like to move these backup files to a new computer, authorize it and sync with Iphone 3Gs and Ipod 5th gen.
  I

  I second the whole iTunes folder approach.
  If for some reason you have split the media folder from the library files then the media folder needs to restored to the same path it used to have while the library files can be copied into the music folder of your new profile.
  If in dobut, backup up the entire Documents and Settings folder before wiping the infected drive, but be selective about what you restore as many viruses drop active components capable of reinfecting the compuer in the temp folders and internet caches. It is much easier to backup more than you need than to discover after the fact that you no longer have access to some vital project you'd been storing in a folder on the desktop.
  tt2

• Remove permissions for a security group for all files and folders in a folder and all subfolders?

  I found a script that adds rights to files and folders.
  We need to grant administrators rights to a set of folders for a specific project.
  ChangePermissions.ps1
  # CACLS rights are usually
  # F = FullControl
  # C = Change
  # R = Readonly
  # W = Write
  $StartingDir=
  "C:\Users"
  $Principal="Administrators"
  $Permission="F"
  $Verify=Read-Host `n "You are about to change permissions
  on all" `
  "files starting at"$StartingDir.ToUpper() `n "for security"`
  "principal"$Principal.ToUpper() `
  "with new right of"$Permission.ToUpper()"."`n `
  "Do you want to continue? [Y,N]"
  if ($Verify -eq "Y") {
  foreach ($file in $(Get-ChildItem $StartingDir -recurse)) {
  #display filename and old permissions
  write-Host -foregroundcolor Yellow $file.FullName
  #uncomment if you want to see old permissions
  #CACLS $file.FullName
  #ADD new permission with CACLS
  CACLS $file.FullName /E /P "${Principal}:${Permission}" >$NULL
  #display new permissions
  Write-Host -foregroundcolor Green "New Permissions"
  CACLS $file.FullName
  When the project is over, we need to undo the changes and remove administrators permissions from the same group of folders.
  How do we change the script to remove administrators group members instead of adding?

  I'm not sure I understand how to use that example script to undo the changes in the script I posted..
  Is there  a way to just change a few lines in the first script so that it removes instead of adding the administrators group?
  This line appears to be the line that adds permissions:
  #ADD new permission with CACLS
  CACLS $file.FullName /E /P "${Principal}:${Permission}" >$NULL
  What would be the syntax to remove the  permissions
  $Principal="Administrators"
  $Permission="F"
   from files and folders in $StartingDir= "C:\Users"
  and everything below it?

• When transferring data from an old hard drive to a new one, is there a way to keep alias files and folders in tact?

  My mac and I rely HEAVILY on the use of alias files and folders. The simple version of my question is: When transferring data from an old hard drive to a new one, is there a way to keep alias files and folders in tact?  These are not symlinks or symbolic links, they're all alias files and folders. 
  Is there any software out there that might help me with a solution?  Are there any tricks or tips you can give me to try?

  Use either Setup Assistant at first start, or Migration Assistant on subsequent occasions and all will be transferred intact. Given your wording I presume you are Unix savvy and will appreciate the problems that duplicate userids would cause, so of you use MA for the migration, make sure the target Mac has no userid equal to that on the source and you will be fine.
  SA does not have these issues since it runs before any user account is created, so it can simply copy over everything. But MA runs after the fact and only solves the issue partially by changing the UID in the user directory, leading to permission problems.

• Transfering files and folders from an external hard drive to my new iMac Lion

  I recently bought an iMac Lion and today attempted to transfer applications folders and files from my old computer( tiger) using migration assistant.I was though only partially succesful in as much as my applications and office files were copied, but not so iTunes, iPhoto and iMovies content .I then decided to attempt transfering the files and folders using my external hard disc(La Cie).I have activated Time machine and can certainly see the two partitions i had originally set up in my old computer but cannot figure out how I can the User Files which contain the media i want.? I originally used Super Duper to do my backups but its not recognised on this new computer so i am inclined to think I need to re buy it
  Can someone please advise me? Thank you

  I have found the files and made the transference succesfully except iMovie as i except they are not compatible with Lion

• HT201250 I have done my back up using time machine, now I have a new mac and I need to access the files that I had saved from my old mac. How can I do that?

  I have done my back up using time machine, now I have a new mac and I need to access the files that I had saved from my old mac. How can I do that?

  Use Migration Assistant on your new Mac:
  Click Continue:
  On the next screen, choose your Time Machine backup disk.
  Don't bother to migrate Applications unless you know they will work on your new Mac. For example, PowerPC applications won't work. Just migrate your user account which will copy all your photos, music, movies, and other documents.
  Note: you will not be able to migrate the information to same account in which you are already logged in. Migration Assistant will tell you that and recommend what to do. It can migrate the information to a new account, but you will have to give it a name you might want to change later. One way around this is to create a temporary account, log in to it, and run Migration Assistant which will replace your normal account. Then, log out of the temporary account, log in to your usual one, verify everyting works as you expect, and delete the temporary one.
  All this can be avoided when you set up a brand new Mac by running Setup Assistant which essentially does the same thing to create your new account, but most people are too excited to do that and elect to migrate later.

• I got a new computer, and now i cannot access the local files for my website (Dreamweaver)...help?

  I got a new computer, and now i cannot access the local files for my website (Dreamweaver)...
  the new computer is a Mac.
  I see the site on my computer files, but it will not connect with Dreamweaver on this new computer.
  can anyone help with this?
  thanks,
  Margaret

  no special characters...
  see if this gives you any info...

• New files created with no group-write permission

  We have OS X set up in Standard configuration.
  We have one workgroup. When someone creates a new file in this workgroup, it is saved with permissions of "Username: Read/write", "Workgroup: read only", "Everyone: read only".
  How do I change this to something sane? (i.e. Username: Read/write, Workgroup: Read/write, Everyone: No access)
  Thanks in advance.

  +When someone creates a new file ... (it gets POSIX) permissions of "Username: Read/write", "(group): read only", "Everyone: read only".+
  This is perfectly normal.
  *Two Permission Models* First, you probably already know that Mac OS X uses two models for permissions when determining effective access for files and folders. The two models are Standard POSIX (UNIX) permissions and Access Control Lists (ACLs).
  *POSIX Permissions* POSIX permissions are very simple, and have some limitations. They consist of three "fields": an owner field, a group field, and an everyone else field. (There's also a special permissions field, but we'll skip that for this discussion.) The POSIX owner is always a user; it cannot be a group. The POSIX group represents one group, and the everyone else field covers any user who is neither the owner nor a member of the chosen POSIX group.
  POSIX uses three bits to describe the access returned for each field. There is a bit for read, one for write, and one for execute (for folders, this means traverse, or see contents). Thus, there are eight possible POSIX permission combinations:
  *POSIX Access Type ................... Binary Bit Representation ........... Decimal Bit Representation*
  No Access .......................................................... 000 ......................... 0
  Execute Only ...................................................... 001 ......................... 1
  Write Only .......................................................... 010 ......................... 2
  Read Only .......................................................... 100 ......................... 4
  Write & Execute (Drop Box folder)....................... 011 ......................... 3
  Read & Execute (Read-only folder) ..................... 101 ......................... 5
  Read & Write ...................................................... 110 ......................... 6
  Read, Write, and Execute (Read/write folder)...... 111 ......................... 7
  It's helpful to know these decimal representations, because they provide a quick shorthand for describing POSIX access. Typically, we use the decimal shorthand like this: (decimal bit representation of the POSIX special permissions field)(... of the POSIX owner field)(... for the group field)(... for the everyone field). Thus, a combination like owner read, write, and execute, group read & execute, and everyone else read & execute is 0755: Special permissions are 0 (000 binary), owner is 7 (111 binary - read, write, execute), group is 5 (101 - read and execute), and everyone is the same as group (101).
  *How POSIX Access is Determined for a Connecting User* In determining POSIX access to a file or folder, a user can only be "given" the access of POSIX owner, POSIX group, or POSIX everyone. The system first checks to see if the connecting user is the POSIX owner; if so, the user gets the permission bits assigned to the owner field. Otherwise, the user's primary group is compared to the POSIX group assigned to the file or folder; if they match, the user is given POSIX group access. If that fails, then the POSIX group is queried for a list of member users to see if the connecting user is a member of that group; if so, the user is given POSIX group access. If all three fail, then the user is given access assigned to everyone else.
  *How POSIX Permissions are Set for Newly-Created Files and Folders* When new files or folders are created within a parent, the following determines their POSIX permissions:
  1. The POSIX owner is the user who creates the file or folder.
  2. The POSIX group is set to the group of the folder's parent.
  3. POSIX permission bits (owner, group, everyone else) are set by the umask. The umask is 0022 by default, so default POSIX bits are 0755 (0644 for files) - owner read, write, group read, everyone read.
  If the POSIX permissions were the extent of the permissions model, then we would have to either modify the umask (on each client) or adjust the server's behavior via an Inherit Permissions scheme. The first option is insecure, because you cannot just modify the umask for a particular server's share point - it would apply system-wide on the client computer, even for local files. The Inherit Permissions via POSIX was the method used by Mac OS X Server 10.3 and earlier.
  Fortunately, you don't have to do either. That's where ACLs come in to play:
  *ACL Permission Model* Access Control lists are just what you'd expect: a list of entries that describe what a user or group can or cannot do. Unlike POSIX, you can have a virtually unlimited number of ACL entries (or ACEs). Each ACE can apply to just a single user or a whole group of users. ACLs support two modes of operation, Allow or Deny, along with 24 unique controls arranged in four categories:
  *Category ... Controls for Files Only ....... Folders Only .......................................................... Files & Folders*
  Read ............... read and execute .............. list and search ........................................... readsecurity, readattr, readextattr
  Write ............... write and append .............. delete_child, add_file, add_subdirectory .... delete, writeattr, writeextattr
  Administer ............................................................................... ...................................... chown & writesecurity
  Inherit ............ file_inherit ......................... directory_inherit, limit_inherit .................... only_inherit
  *How ACL Access is Determined for a Connecting User* Since each ACL entry can be either Allow or Deny, the system makes two "tallies" for the connecting user: one for applicable Allow ACEs and one for applicable Deny ACEs. An ACE applies to a connecting user only if the ACE is specifically for that user or if the user is a member of the group to which the ACE applies. The tallies are created by adding all applicable ACEs for each Allow/Deny category. Thus, the ACLs return two things: a list of deny controls and a list of allow controls.
  *How ACLs are Inherited to Newly-Created Files and Folders* When new files or folders are created within a parent, the following determines their ACL permissions:
  1. If the file_inherit control is part of any listed ACE, that ACE is applied to newly-created files therein.
  2. If the directory_inherit control is part of any listed ACE, that ACE is applied to newly-created folders.
  *How ACLs and POSIX Permissions Work Together* The access level returned from POSIX and the two ACL tallies are combined in the following way to determine the effective permissions:
  *Effective Permissions = (POSIX Access) + (ACL Allow tallies) - (ACL Deny tallies)*
  For each unique connecting user, the effective permissions will be calculated in the previous way.
  *Solving Your Problem* You can easily use effective permissions to your advantage to solve your problem. Simply enable ACLs on the volume that houses your troublesome share point, and add a new ACL entry for the desired workgroup, granting it all read, write, and inherit controls. This way, when users create new items in the share point, they automatically inherit that ACE. You'll also have to propagate permissions for all items that are already inside of the share point after you've added the ACE.
  Here's an easy way to do both with an ACE granting writers_group read/write/inheritance on some share point using chmod form the command-line:
  sudo chmod -R +a "writers_group allow readattr,readextattr,readsecurity,list,search,read,execute,\
  writeattr,writeextattr,delete,deletechild,add_file,addsubdirectory,write,append,\
  fileinherit,directoryinherit" /path/to/share_point
  Hope this helps!
  --Gerrit
  Message was edited by: Gerrit DeWitt

• Cannot see file and folders copied from other windows 8

  Hi everyone,
  The problem is the next:
  I have new PC for that i was asked to setup and install software, i perform on it clean windows 8 install, it have single HDD 1TB that was partitioned by regular windows setup option to system drive C: 100GB and all left space was partitioned as drive D:
  After setup finish i only boot to system to check that everything is OK and without to make ANY change to windows shut it down.
  I physically disconnect HDD from new PC and connect it via standard USB 3 docking device to my own PC that also run windows 8 i can see the new connected HDD with all partitions without any problem! Than i create on second partition on new drive folder and
  copy there some files, after copy finished i disconnect the drive in safe way by performing "eject" option in windows.
  i connect new drive back to new pc, boot to windows and access the second partition and it ... empty, no folder or files on drive, it also show like no space was used !!!
  MOST IMPORTANT ! - Why it don't looks like security or permission or even hardware problem - NO any major security changes was performed on my own (old) PC, but most important fact when i connect other hdd to same dock station and create folder and copy some
  files and then connect it to NEW PC - problem does not exist !!! i can see and access without any problem the folder and files on both PC's !
  I also tried:
  to reinstall windows on new pc
  to create or delete partition after setup in both PC's
  to check folder and drive permissions and adding "everyone" with "full control"
  to turn on "show hidden files and folders" and "system files" too
  to copy or create new different type files
  Interesting - if i create a folder in NEW PC i can see this folder on OLD PC and copy files to it, but whet i connect drive back to NEW PC it sometimes show the folder have those files and even use the appropriate space and programs even try to open those files
  without any security warnings but it cannot be open properly because files looks corrupted !
  Thanks for any help !

  Hi,
  According to your description, I don't think this is system problem. More like HDD or its interface problem.
  Have you tried to reconnect your new HDD to your own computer again after you copy some file to it but couldn't find anything on new computer. If there is problem in new PC, how about your own PC?
  Please have a try, If there was any progress, feel free let us know.
  Roger Lu
  TechNet Community Support