Make a folder read-write for all users without using ACLs

Feb 05, '10 07:30:00AM

Contributed by: V.K.

People often want to share a folder on their startup drive (or another drive with ownership enabled) between several local users. It's easy to change permissions on the whole folder, but any newly created files inside that folder will only be writable by the user that created them.

A standard way of dealing with this issue is by using inherited ACLs as described in this hint. However, that method has a couple of drawbacks. Namely, some applications like Open Office don't understand ACLs. Other applications use temporary files when saving files that can wash out the ACLs, depending on particular setup. That includes, for example, Photoshop which strips off ACLs on re-saves. Lastly, inherited ACLs are only applied to newly created files and files copied to the shared folder. They are not applied to files moved to the shared folder. The proposed method of sharing a folder has no such deficiencies. It works in 10.5 and 10.6.

The trick is to mount a local folder on the same computer via NFS.

Here's how:

  1. Make a folder somewhere that you want to share between several users. It should be somewhere out of the way, because it will not be accessed directly but rather through the mount point.
  2. Make another folder which which will be the mount point for the NFS share. Let's say the original shared folder is tucked away in /var/root/share1 and the mount point is /users/shared/mnt.
  3. Using your favorite command line editor, create a file named exports in /etc (you need to do it as a root, so use sudo) with the following content:
    /var/root/share1 -mapall=501 localhost
    -mapall=501 means that all users accessing this share via NFS will be mapped to user ID 501 -- that's what will allow all of them to read and write everything in that folder. The UID in the command should be the same as the owner of the folder /var/root/share1. To make sure this is true, run this command in Terminal: sudo chown 501 /var/root/share1.
  4. Open the file /etc/auto_master (again using sudo) and add the following line to it:
    /-        shared_folder
  5. Create a file named shared_folder in /etc (sudo again), with the following content:
    /users/shared/mnt  localhost:/private/var/root/share1
  6. Restart your Mac.
After the restart, you're done. Go to /users/shared, and you'll see a mounted volume there at mnt. All users will be able to write to everything inside this folder.

If you want to restrict access to only some users, change the location of the mount point and put it in some folder that only particular users have access to. If you are running 10.5, you can skip steps four and five, and after you restart the computer, you can use Directory Utility to create an auto-mounted NFS share instead of using autofs.

This doesn't seem to work in 10.6 -- NFS automounting has been moved to Disk Utility in 10.6. But trying to use it to create an NFS auto-mount of a folder on localhost results in the mount point becoming a regular alias pointing to the original shared folder. As a result, the special UID mapping is lost.

Lastly, note that since the mounted NFS share will be treated as a separate drive, the usual Finder rules will apply to it: dragging files to it from the main drive will copy those files; Command-drag something if you want to move it instead of copying it.

[robg adds: I haven't tested this one, but it sounds like an interesting alternative to ACLs.]

Comments (16)

Mac OS X Hints