Solved

Snow Leopard OSX Server ACLs Query

Posted on 2010-09-21
5
596 Views
Last Modified: 2012-05-10
Hi Guys,

I need some assistance with an ACL setup for a particular folder.

The current Setup includes an Existing Folder with Existing files.

Scenario:

All users within a group (Group A) should be able to access all files currently within this folder (Read and Execute). They should not be able to write to these files or delete them etc.

I also want the ability for users to be able to create a file within this folder that they will own. There will be no permissions available on this new (user) file for any other (non-admin users).

Is this scenario possible? If so, what permissions should I be setting on the folder and having the files inherit to meet this requirement?

Thanks in advance for your assistance!
0
Comment
Question by:maccadu
  • 2
  • 2
5 Comments
 
LVL 9

Assisted Solution

by:heteronymous
heteronymous earned 125 total points
ID: 33730651
Not readily doable as you've laid out, because you both want Group A to be able to create (a) file(s) and yet as you've stated, NOT have write access to files within the sharepoint.

You want them to have write access but not have write access.

Far better to separate out into distinct sharepoints the two areas. One where Group A has write access and the other where they do not.

Otherwise, it's easy enough to specify via a custom ACL where a group has read & traverse permissions while not enabling write or delete permissions.

I suggest the following tutorials on ACLs - keeping in mind for the first one that you should always take any discussion board/site with a truckload of salt, including Apple's, but this is a distinct exception.

ACLs tutorials


http://discussions.apple.com/thread.jspa?messageID=648307

http://alt.pluralsight.com/wiki/default.aspx/Keith.GuideBook/WhatIsAnAccessControlList.html

http://arstechnica.com/apple/reviews/2005/04/macosx-10-4.ars/8
0
 
LVL 6

Accepted Solution

by:
hboris earned 125 total points
ID: 33743816
What you need is sticky bit. This prevents users to change and delete files they do not own. chmod +t file. This is the same behaviour that is on /Users/Shared folder on every Mac shipped.

Boris Herman, ACSA
0
 
LVL 9

Expert Comment

by:heteronymous
ID: 33744363
Sticky bit might do it, but hard to know from the workflow as-described.

It's also good practice to also avoid collisions/overlap between POSIX & ACL users & groups permissions.
0
 
LVL 6

Expert Comment

by:hboris
ID: 33744628
Mixing ACLs and POSIX permissions can be tricky but it is far from impossible. Just make sure you don't set overlapping rights on either of them. Unfortunately ACLs do not support sticky bit or the behaviour it provides.

Boris Herman, ACSA
0
 

Author Closing Comment

by:maccadu
ID: 33766261
Thanks Guys. Split the points, as the solutions provided by both were of assistance.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A lot of new and distinct gadgets are making their appearance every other day. The latest gadget that has wooed the attention of all gadget lovers and non gadget lovers alike is the Smartwatch. This tiny gadget is capable of offering live access to …
In this article we have discussed about the OS X EI Capitan and how to fix Wi-Fi issue in OS X El Capitan. We have explained how to delete system level preferences and create a new Wi-Fi location to resolve Wi-Fi issue.
Concerto provides fully managed cloud services and the expertise to provide an easy and reliable route to the cloud. Our best-in-class solutions help you address the toughest IT challenges, find new efficiencies and deliver the best application expe…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now