Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the '10.4: Make a better Shared folder using ACLs' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.4: Make a better Shared folder using ACLs
Authored by: Derekasaurus Rex on Feb 03, '08 10:08:46PM
I used this hint as a template and got it work in 10.4.11. First I created a new folder, /Users/Shared/Everyone, that I want to be truly shared — i.e., everyone can add, edit, and delete regardless of owner or underlying file permissions.

mkdir /Users/Shared/Everyone

Then I enabled ACLs for just that folder:

sudo fsaclctl -p /Users/Shared/Everyone -e

And finally I gave each user the permissions I wanted (basically all of them):

chmod +a "SomeUser allow list,search,add_file,add_subdirectory,delete_child,file_inherit,directory_inherit" /Users/Shared/Everyone

That is, instead of using "everyone" as the original poster did, which is a group that doesn't exist on my system, I simply replaced SomeUser in the line above with a real user. I then repeated the command for all the users I wanted to grant access to /Users/Shared/Everyone. Mind you I only had a handful of users and I don't add new ones often, so I recognize that a group might make more sense for some.

The final thing to remember is that files have to be created in (or copied to) /Users/Shared/Everyone in order to be sharable. If you simply move a file there, the file will not inherit the ACLs and will not be sharable according to the rule that was added.

I also hope that I have kept security holes to a minimum by only enabling ACLs for one folder and only giving individual users acccess by name.

[ Reply to This | # ]