Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

10.5: Enable default permissions on shared folders Network
So I updated our little network to 10.5, and the ability to share volumes and foelders is just great. However, I had a problem with how to enable a given group's read - write - delete - execute access to a given shared volumes: for all files that exist in that folder today, and for all files that might be created in the future. There are some hints on this problem, including cron jobs and default permission flags (umask), but none of them really worked out, especially in 10.5.

The answer lies in the advanced Access Control Entries (ACE) handling of file permissions. This involves Terminal, but Michael Watson has coded a front end for this. I asked him, and he will update the code for Leopard as soon as he finds a minute. Thus, we have to use the Terminal for now.

First make sure that you have ACE enabled on your shared volume (it should be). Fire up a Terminal and type:
fsaclctl -p /path/to/your/shared/folder -e
Have all users be part of a group. You can use the plus sign in System Preferences » Accounts to add a Group (click the New Account pop-up and choose Group) and to assign members to it. Then add the permission ACE tags from the Terminal: You can modify the original permissions to more specific situations, but for me, the the only important thing was that the group would have access to all files, and that I wouldn't have to take care of it any more. You can do more specifc permission patterns (see man chmod), and you can have a more detailed look at the permissions with ls -le. The files will have a + at the end of their Permission flags (e.g. drwx------+).

NOTE: Adobe Photoshop Files do not respect ACLs (they are still in the '90s). All other Adobe products and other programs (e.g. TextEdit, Pages, Numbers, iTunes and so on) seem to work just fine. A small workaround for the Photoshop bug is to duplicate the file via the Finder, delete the old, and rename the copy back to the original.
    •    
  • Currently 3.00 / 5
  You rated: 4 / 5 (11 votes cast)
 
[59,517 views]  

10.5: Enable default permissions on shared folders | 10 comments | Create New Account
Click here to return to the '10.5: Enable default permissions on shared folders' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.5: Enable default permissions on shared folders
Authored by: ronbellie on Nov 16, '07 11:44:21AM

The tech guy at my school uses a Windows Server 2003 for the school network. About half of the 20 teachers on the network use Macs. In a public shared folder on the network, when a Mac user makes a new folder, permissions to the group are not propogated, so others in the group cannot open the folder. (Permissions to the new folder are set just to the user's permissions and not that of the group. Whereas when using a Windows PC, the permissions of the new folder is set to that of the whole group.) It's a hassle for Mac users. He says this is a limitation of the Mac. He says there's no way around this. I can't believe then tens of thousands of other schools that run a Windows Server network have this problem. Macs account for a large percentage of computers on these networks. Are there any solutions to this problem of propogating permissions on this kind of network when using a Mac?



[ Reply to This | # ]
10.5: Enable default permissions on shared folders
Authored by: davester on Nov 16, '07 02:18:40PM

Try the hint labeled "10.4: Set umask independently for Finder.app" [as I can't get the html link reference working].



[ Reply to This | # ]
10.5: Enable default permissions on shared folders
Authored by: axelfoo on Nov 24, '07 10:13:17AM

Hi, This is exactly the fix I was looking for - I too want the contents of whatever is added to the shared folder to adopt the permission settings of the folder. However, when I run the chmod +a line, I get an error that says:
chmod: Unable to translate '.....' to a UID/GID.

What I did:
sudo fsaclctl -p /Users/Shared -e
I created a group called AlMa in the accounts system preferences.
Then I logged out and back in did the chmod line:
chmod +a "AlMa,add_file,search,delete,add_subdirectory,delete_child,file_inherit,directory_inherit,read,write,delete,append,execute" /Users/Shared

I would like to share the contents of the Shared folder. Is that not possible. I will try this for each folder within the Shared folder.

-Alex



[ Reply to This | # ]
10.5: Enable default permissions on shared folders
Authored by: axelfoo on Nov 24, '07 10:16:51AM

Well I started over and tried to apply this trick to a folder within the shared folder /Users/Shared/Movies and I still get the error: Unable to translate 'AlMa,add_file,search,delete,...' to a UID/GID.

Any help is greatly appreciated. Thanks!



[ Reply to This | # ]
Nevermind...Duh.
Authored by: axelfoo on Nov 24, '07 10:57:32AM

I erased the "allow list" phrase with my groups name. Duh.
Thanks for the hint. Terrific!



[ Reply to This | # ]
10.5: Enable default permissions on shared folders
Authored by: DCCmikeE on Dec 07, '07 12:41:37PM

I tried to follow the examples given by sys0p and axelfoo on 11/16 and 11/24 respectively. But I am getting an error message in Terminal:
chmod: Failed to set ACL on file '/Users/Shared': Operation not permitted

So I entered: fsaclctl -p /Users/Shared -e
and it responded: fsaclctl: you must be root to enable/disable acls

This was after entering into Terminal: fsaclctl -p /Users/Shared -e
then logging out and back in,
then entering into terminal:
chmod +a "your_group allow list,add_file,search,delete,add_subdirectory,delete_child,file_inherit,directory_inherit,read,write,delete,append,execute" /path/to/your/shared/folder
with my info replacing the place-holders.

I noticed the caveat of sys0p "First make sure that you have ACE enabled on your shared volume (it should be)."

Is that the problem?

thanks for your help.



[ Reply to This | # ]
10.5: Enable default permissions on shared folders
Authored by: jonnyboy on Jan 29, '08 06:49:13AM

hi,

thanks for posting this tip. it seems to be exactly what i want to solve my problems but i am still failing to get it to work (although learning a lot in the process!).

all i want to be able to do is have a shared itunes library that is fully editable by two users without any restrictions whatsoever. i'm doing this on a macbook so using the shared folder is my only option. i've created a group (allusers) and added both accounts and created a new Shared folder in the Users folder and successfully enabled the ACL for my group the shared folder without problems (although i had to log on a root in order to do this easily). despite this, however, itunes complains that the Shared folder is locked. in get info my "allusers" group has two entries; custom and read-only. the only feature i really want is the inheritence of permissions so i've experimented with just adding the inheritence tags to the ACL but no avail...

it's hard for me to talk about this because i lack much in depth knowledge but surely there must be a non-hideous way of creating a fully shareable itunes library on a macbook?! i am thinking my only option at the moment will be to wait for sandbox to be updated :(



[ Reply to This | # ]
10.5: Enable default permissions on shared folders
Authored by: Kan-O-Z on Jun 02, '08 12:07:58PM

Text Edit does not seem to work but some other applications like iWork does. For example after following the instructions about to set up a folder for sharing, a new file created by Text Edit does not follow the ACL permission rules but other applications like Finder and iWork does. TextEdit continues to generate files with permissions assigned to the owner so no one else can modify the files. Any ideas why Text Edit doesn't work. Is this a bug?

Kan-O-Z



[ Reply to This | # ]
10.5: Enable default permissions on shared folders
Authored by: ipguy on Mar 16, '10 07:30:42PM

this just doesn't work for me on snow leopard

i've tried setting stick bits "chmod +t /path/to/folder" which isn't working.... placing new files or folder in the sticky folder has no effect on the new file/folder, they are still not owned by user/group of the sticky folder.

and trying the above chmod does nothing either

am i missing something ?



[ Reply to This | # ]
10.5: Enable default permissions on shared folders
Authored by: Alphaman on May 09, '13 08:33:59AM

Using this ACL on Mountain Lion for a network share where Windows users are dropping files onto my Mac. Of course, the fsaclctl command isn't on ML, since ACL support is turned on by default since SL.

Works great! Thanks for sharing!



[ Reply to This | # ]