Solved

Snow Leopard OSX Server ACLs Query

Posted on 2010-09-21
5
602 Views
Last Modified: 2012-05-10
Hi Guys,

I need some assistance with an ACL setup for a particular folder.

The current Setup includes an Existing Folder with Existing files.

Scenario:

All users within a group (Group A) should be able to access all files currently within this folder (Read and Execute). They should not be able to write to these files or delete them etc.

I also want the ability for users to be able to create a file within this folder that they will own. There will be no permissions available on this new (user) file for any other (non-admin users).

Is this scenario possible? If so, what permissions should I be setting on the folder and having the files inherit to meet this requirement?

Thanks in advance for your assistance!
0
Comment
Question by:maccadu
  • 2
  • 2
5 Comments
 
LVL 9

Assisted Solution

by:heteronymous
heteronymous earned 125 total points
ID: 33730651
Not readily doable as you've laid out, because you both want Group A to be able to create (a) file(s) and yet as you've stated, NOT have write access to files within the sharepoint.

You want them to have write access but not have write access.

Far better to separate out into distinct sharepoints the two areas. One where Group A has write access and the other where they do not.

Otherwise, it's easy enough to specify via a custom ACL where a group has read & traverse permissions while not enabling write or delete permissions.

I suggest the following tutorials on ACLs - keeping in mind for the first one that you should always take any discussion board/site with a truckload of salt, including Apple's, but this is a distinct exception.

ACLs tutorials


http://discussions.apple.com/thread.jspa?messageID=648307

http://alt.pluralsight.com/wiki/default.aspx/Keith.GuideBook/WhatIsAnAccessControlList.html

http://arstechnica.com/apple/reviews/2005/04/macosx-10-4.ars/8
0
 
LVL 6

Accepted Solution

by:
hboris earned 125 total points
ID: 33743816
What you need is sticky bit. This prevents users to change and delete files they do not own. chmod +t file. This is the same behaviour that is on /Users/Shared folder on every Mac shipped.

Boris Herman, ACSA
0
 
LVL 9

Expert Comment

by:heteronymous
ID: 33744363
Sticky bit might do it, but hard to know from the workflow as-described.

It's also good practice to also avoid collisions/overlap between POSIX & ACL users & groups permissions.
0
 
LVL 6

Expert Comment

by:hboris
ID: 33744628
Mixing ACLs and POSIX permissions can be tricky but it is far from impossible. Just make sure you don't set overlapping rights on either of them. Unfortunately ACLs do not support sticky bit or the behaviour it provides.

Boris Herman, ACSA
0
 

Author Closing Comment

by:maccadu
ID: 33766261
Thanks Guys. Split the points, as the solutions provided by both were of assistance.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
File Sharing with Apple and Windows 7 70
Ruckus Zoneflex 7982 multiple SSIDs disconnects 11 83
Reset MacBook Air to factory settings 2 72
Outlook - Windows to Mac 7 36
Do you come here a lot? Are you lazy like me and don't want to go through the "trouble" of having to click your Dock's Safari icon and then having to click your Experts Exchange Favorites bookmark to get here? Well then this article is for you.
In this article we discuss how to recover the missing Outlook 2011 for Mac data like Emails and Contacts manually.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question