Solved

Snow Leopard OSX Server ACLs Query

Posted on 2010-09-21
5
604 Views
Last Modified: 2012-05-10
Hi Guys,

I need some assistance with an ACL setup for a particular folder.

The current Setup includes an Existing Folder with Existing files.

Scenario:

All users within a group (Group A) should be able to access all files currently within this folder (Read and Execute). They should not be able to write to these files or delete them etc.

I also want the ability for users to be able to create a file within this folder that they will own. There will be no permissions available on this new (user) file for any other (non-admin users).

Is this scenario possible? If so, what permissions should I be setting on the folder and having the files inherit to meet this requirement?

Thanks in advance for your assistance!
0
Comment
Question by:maccadu
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 9

Assisted Solution

by:heteronymous
heteronymous earned 125 total points
ID: 33730651
Not readily doable as you've laid out, because you both want Group A to be able to create (a) file(s) and yet as you've stated, NOT have write access to files within the sharepoint.

You want them to have write access but not have write access.

Far better to separate out into distinct sharepoints the two areas. One where Group A has write access and the other where they do not.

Otherwise, it's easy enough to specify via a custom ACL where a group has read & traverse permissions while not enabling write or delete permissions.

I suggest the following tutorials on ACLs - keeping in mind for the first one that you should always take any discussion board/site with a truckload of salt, including Apple's, but this is a distinct exception.

ACLs tutorials


http://discussions.apple.com/thread.jspa?messageID=648307

http://alt.pluralsight.com/wiki/default.aspx/Keith.GuideBook/WhatIsAnAccessControlList.html

http://arstechnica.com/apple/reviews/2005/04/macosx-10-4.ars/8
0
 
LVL 6

Accepted Solution

by:
hboris earned 125 total points
ID: 33743816
What you need is sticky bit. This prevents users to change and delete files they do not own. chmod +t file. This is the same behaviour that is on /Users/Shared folder on every Mac shipped.

Boris Herman, ACSA
0
 
LVL 9

Expert Comment

by:heteronymous
ID: 33744363
Sticky bit might do it, but hard to know from the workflow as-described.

It's also good practice to also avoid collisions/overlap between POSIX & ACL users & groups permissions.
0
 
LVL 6

Expert Comment

by:hboris
ID: 33744628
Mixing ACLs and POSIX permissions can be tricky but it is far from impossible. Just make sure you don't set overlapping rights on either of them. Unfortunately ACLs do not support sticky bit or the behaviour it provides.

Boris Herman, ACSA
0
 

Author Closing Comment

by:maccadu
ID: 33766261
Thanks Guys. Split the points, as the solutions provided by both were of assistance.
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article we have discussed about the OS X EI Capitan and how to fix Wi-Fi issue in OS X El Capitan. We have explained how to delete system level preferences and create a new Wi-Fi location to resolve Wi-Fi issue.
In this article we discuss how to recover the missing Outlook 2011 for Mac data like Emails and Contacts manually.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question