Solved

Snow Leopard OSX Server ACLs Query

Posted on 2010-09-21
5
599 Views
Last Modified: 2012-05-10
Hi Guys,

I need some assistance with an ACL setup for a particular folder.

The current Setup includes an Existing Folder with Existing files.

Scenario:

All users within a group (Group A) should be able to access all files currently within this folder (Read and Execute). They should not be able to write to these files or delete them etc.

I also want the ability for users to be able to create a file within this folder that they will own. There will be no permissions available on this new (user) file for any other (non-admin users).

Is this scenario possible? If so, what permissions should I be setting on the folder and having the files inherit to meet this requirement?

Thanks in advance for your assistance!
0
Comment
Question by:maccadu
  • 2
  • 2
5 Comments
 
LVL 9

Assisted Solution

by:heteronymous
heteronymous earned 125 total points
ID: 33730651
Not readily doable as you've laid out, because you both want Group A to be able to create (a) file(s) and yet as you've stated, NOT have write access to files within the sharepoint.

You want them to have write access but not have write access.

Far better to separate out into distinct sharepoints the two areas. One where Group A has write access and the other where they do not.

Otherwise, it's easy enough to specify via a custom ACL where a group has read & traverse permissions while not enabling write or delete permissions.

I suggest the following tutorials on ACLs - keeping in mind for the first one that you should always take any discussion board/site with a truckload of salt, including Apple's, but this is a distinct exception.

ACLs tutorials


http://discussions.apple.com/thread.jspa?messageID=648307

http://alt.pluralsight.com/wiki/default.aspx/Keith.GuideBook/WhatIsAnAccessControlList.html

http://arstechnica.com/apple/reviews/2005/04/macosx-10-4.ars/8
0
 
LVL 6

Accepted Solution

by:
hboris earned 125 total points
ID: 33743816
What you need is sticky bit. This prevents users to change and delete files they do not own. chmod +t file. This is the same behaviour that is on /Users/Shared folder on every Mac shipped.

Boris Herman, ACSA
0
 
LVL 9

Expert Comment

by:heteronymous
ID: 33744363
Sticky bit might do it, but hard to know from the workflow as-described.

It's also good practice to also avoid collisions/overlap between POSIX & ACL users & groups permissions.
0
 
LVL 6

Expert Comment

by:hboris
ID: 33744628
Mixing ACLs and POSIX permissions can be tricky but it is far from impossible. Just make sure you don't set overlapping rights on either of them. Unfortunately ACLs do not support sticky bit or the behaviour it provides.

Boris Herman, ACSA
0
 

Author Closing Comment

by:maccadu
ID: 33766261
Thanks Guys. Split the points, as the solutions provided by both were of assistance.
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
El Capitan mail account woes 2 43
Edit (Cut/Trim & save to file) .mov file 4 49
Shutdown all of many Sierra applications... 4 26
app store blank on mac 3 43
There is a security feature on iOS devices that is nearly impenetrable when it has been activated.  This article will provide some possible solutions as well as necessary steps to take to ensure you do not end up with a locked device.
iCloud Drive was introduced after iOS 8 was launched last year. This drive is Apple’s online storage device that lets users sync their files and access them from all their Apple devices.   There is a lot of data that is not automatically backed up…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question