Mac server permissions inheritance

Posted on 2012-03-21
Last Modified: 2012-06-27
I have inherited a Mac server 10.7.3 which was put in place around Christmas. Everything with Mac clients connecting was working fine and no issues accessing files/folders. A few weeks ago 2 new Mac's with 10.7.3 were introduced into the network and since then we have started having permissions issues. There are 5 other Mac still accessing the server with either 10.5 or 10.6 as the OS. This is on a Windows network and I have not added directory lookup on the Mac server for Active Directory as it was not set up before. All user accounts on workstations are also created on the server with matching login credentials. If user A creates a file and saves it to the network share and user B attempts to open it they get access denied. Checking permissions on the file and it shows Read Only. I can apply the correct permissions and it will work. I have gone through the Server App and applied the correct permissions on the Share Point and from Finder checked the shared folder and its permissions where they display correctly. I have even applied said permissions to all containing folders.
I am a Windows person first so I think I could easily correct the issue by reapplying the permissions or setting inheritance correctly. I am new to Mac's and searching the internet has turned up little by way of resolving the issue. Any insight would be greatly appreciated.
Question by:CNEAdmin
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
LVL 13

Accepted Solution

maximus5328 earned 500 total points
ID: 37757440

Author Comment

ID: 37763452
Permission screen shotThe information provided was helpful but as you can tell from the attached image the permission editing is not available for all groups, specifically staff/administrator. I created the group RMA-Creative and can see the permission levels you were mentioning. Even after creating that group and adding the users to the group then creating a folder on the server it did not inherit the permisssions. What I am not sure of is why the group staff does not have the granular permissions available. Should I remove the staff list and only use the newly created group RMA-Creative since there seems to be some oddities with the staff group?
LVL 13

Expert Comment

ID: 37763554
"What I am not sure of is why the group staff does not have the granular permissions available." - administrator, staff and Others are POSIX permissions (aka "traditional Unix permissions") that do not support inheritance.

"Even after creating that group and adding the users to the group then creating a folder on the server it did not inherit the permissions." - Inherited permissions should apply to newly created items but not to existing ones. You should propagate permissions once after changing them on a parent folder.

"Should I remove the staff list and only use the newly created group RMA-Creative since there seems to be some oddities with the staff group?" - you can't and you shouldn't.
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.


Author Comment

ID: 37765292
If the built-in groups do not support inheritance do you have any idea why the permissions are not being propagated. I have forced the permissions several times from the parent share to all items contained. If I have done this once then any new files/folders should be receiving the inherited permissions. The issue is that they are not a new file/folder is only allowing the creator read/write access. The new files have to have permissions assigned after creation. There have also been instances where an existing file has been modified and saved only to have its original permissions of read/write for staff be changed to read only and then permissions have to be updated again. I think I have covered all the permissions entries yet the inheritance is not propagating to new files.
LVL 13

Expert Comment

ID: 37765997
Can you submit a screenshot of permissions on a child folder? I am assuming that the permissions on your first screenshot still active on the parent.

Author Comment

ID: 37771325
Users indicate that after creating the new user group that they are not experiencing issues. I am in their office today and will perform some further tests. I will upload the picture if the issue is not resolved. Maximus5328 I appreciate your input as the viewing of granular permissions led me to what may be a resolution.

Author Closing Comment

ID: 37781471
The image was very valuable in leading me to see what I was missing

Featured Post

[Webinar] Learn How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them. Thursday, July 13, 2017 10:00 A.M. PDT

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you come here a lot? Are you lazy like me and don't want to go through the "trouble" of having to click your Dock's Safari icon and then having to click your Experts Exchange Favorites bookmark to get here? Well then this article is for you.
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question