10.5: Enable default permissions on shared folders

Nov 16, '07 07:30:08AM

Contributed by: sys0p

So I updated our little network to 10.5, and the ability to share volumes and foelders is just great. However, I had a problem with how to enable a given group's read - write - delete - execute access to a given shared volumes: for all files that exist in that folder today, and for all files that might be created in the future. There are some hints on this problem, including cron jobs and default permission flags (umask), but none of them really worked out, especially in 10.5.

The answer lies in the advanced Access Control Entries (ACE) handling of file permissions. This involves Terminal, but Michael Watson has coded a front end for this. I asked him, and he will update the code for Leopard as soon as he finds a minute. Thus, we have to use the Terminal for now.

First make sure that you have ACE enabled on your shared volume (it should be). Fire up a Terminal and type:

fsaclctl -p /path/to/your/shared/folder -e
Have all users be part of a group. You can use the plus sign in System Preferences » Accounts to add a Group (click the New Account pop-up and choose Group) and to assign members to it. Then add the permission ACE tags from the Terminal:
chmod +a "your_group allow list,add_file,search,delete,add_subdirectory,delete_child,file_inherit,directory_inherit,read,write,delete,append,execute" /path/to/your/shared/folder
You can modify the original permissions to more specific situations, but for me, the the only important thing was that the group would have access to all files, and that I wouldn't have to take care of it any more. You can do more specifc permission patterns (see man chmod), and you can have a more detailed look at the permissions with ls -le. The files will have a + at the end of their Permission flags (e.g. drwx------+).

NOTE: Adobe Photoshop Files do not respect ACLs (they are still in the '90s). All other Adobe products and other programs (e.g. TextEdit, Pages, Numbers, iTunes and so on) seem to work just fine. A small workaround for the Photoshop bug is to duplicate the file via the Finder, delete the old, and rename the copy back to the original.

Comments (10)


Mac OS X Hints
http://hints.macworld.com/article.php?story=20071103075157767