Solved

Snow Leopard OSX Server ACLs Query

Posted on 2010-09-21
5
609 Views
Last Modified: 2012-05-10
Hi Guys,

I need some assistance with an ACL setup for a particular folder.

The current Setup includes an Existing Folder with Existing files.

Scenario:

All users within a group (Group A) should be able to access all files currently within this folder (Read and Execute). They should not be able to write to these files or delete them etc.

I also want the ability for users to be able to create a file within this folder that they will own. There will be no permissions available on this new (user) file for any other (non-admin users).

Is this scenario possible? If so, what permissions should I be setting on the folder and having the files inherit to meet this requirement?

Thanks in advance for your assistance!
0
Comment
Question by:maccadu
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 9

Assisted Solution

by:heteronymous
heteronymous earned 125 total points
ID: 33730651
Not readily doable as you've laid out, because you both want Group A to be able to create (a) file(s) and yet as you've stated, NOT have write access to files within the sharepoint.

You want them to have write access but not have write access.

Far better to separate out into distinct sharepoints the two areas. One where Group A has write access and the other where they do not.

Otherwise, it's easy enough to specify via a custom ACL where a group has read & traverse permissions while not enabling write or delete permissions.

I suggest the following tutorials on ACLs - keeping in mind for the first one that you should always take any discussion board/site with a truckload of salt, including Apple's, but this is a distinct exception.

ACLs tutorials


http://discussions.apple.com/thread.jspa?messageID=648307

http://alt.pluralsight.com/wiki/default.aspx/Keith.GuideBook/WhatIsAnAccessControlList.html

http://arstechnica.com/apple/reviews/2005/04/macosx-10-4.ars/8
0
 
LVL 6

Accepted Solution

by:
hboris earned 125 total points
ID: 33743816
What you need is sticky bit. This prevents users to change and delete files they do not own. chmod +t file. This is the same behaviour that is on /Users/Shared folder on every Mac shipped.

Boris Herman, ACSA
0
 
LVL 9

Expert Comment

by:heteronymous
ID: 33744363
Sticky bit might do it, but hard to know from the workflow as-described.

It's also good practice to also avoid collisions/overlap between POSIX & ACL users & groups permissions.
0
 
LVL 6

Expert Comment

by:hboris
ID: 33744628
Mixing ACLs and POSIX permissions can be tricky but it is far from impossible. Just make sure you don't set overlapping rights on either of them. Unfortunately ACLs do not support sticky bit or the behaviour it provides.

Boris Herman, ACSA
0
 

Author Closing Comment

by:maccadu
ID: 33766261
Thanks Guys. Split the points, as the solutions provided by both were of assistance.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We could spend the next millennium discussing the differences of the Mac and Windows platforms. The next century will continue to have fanatics on both side of the equation and neither side will win the war. However, that’s not why we are here. W…
Worried about if Apple can protect your documents, photos, and everything else that gets stored in iCloud? Read on to find out what Apple really uses to make things secure.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question