Skip to main content

Hello,
I was wondering if someone could shed some expertise on a problem I'm experiencing.
We are running an SMB and AFP volume share from a 10.7.4 machine.
The machine is bound to our AD and requires users to authenticate before they have access to it.
We have the necessary AD groups added to allow for this to happen (domainusers)

The problem is that any new folders created by users that have authed successfully do not inherit the permissions of the share - they lock themselves to the user and no one else can get in.
This happens when you connect from both mac and PC and also using SMB or AFP on a mac.
If you propagate the share permissions to the folders it fixes it until a new folder is created.

Here are some pictures of the settings:
apple i on same folder for AFP and SMB respectively;
https://dl.dropbox.com/u/343606/network%20share%20issue/AFP.png
https://dl.dropbox.com/u/343606/network%20share%20issue/SMB.png

Settings of share point with our groups
https://dl.dropbox.com/u/343606/network%20share%20issue/Transfer%20share%20point%20settings.png

ls -als list of SMB and AFP for the network share, respectively:
https://dl.dropbox.com/u/343606/network%20share%20issue/SMB%20and%20AFP%20next%20to%20each%20other.png

Ive restarted the server, the service, recreated the share, delete the items but its still doing it and I cant for the life of me work out why the ACL's arent being adhered to as such - this is what I can understand considering that the permission groups are actually showing.
Excuse any errors in terminology I'm learning all this as I go along.

Maybe we could remove the need for ACL's and still make sure that users have to log into the share with their network credentials?

If Ive missed anything please dont hesitate to ask.

Regards,
Robert

You may be interested in the "-le" option for ls, which displays information about ACLs. Doing an ls -le can give you more specific information about a directory's permissions than the "Get Info" window does.

I quickly replicated what you described, adding permissions to a folder from the Get Info window, and got the same result re: inheritance. You should be able to solve this by modifying the inheritance on the ACLs using "chmod." Look at chmod's man page for more info on how to use it to affect ACLs.

Also, are you running 10.7 server or client? I believe that shares created through the Server app on 10.7 server do not have this same issue and the inheritance attributes are pre-configured the way you'd like them to be.

Hope this helps!

Hi jagress,
Thanks for replying.
We are running 10.7.4 Server - build 11E53
I have just updated this to 10.7.5
I will have a look at the le switch

Would using the chmod only affect on the fly folder permissions rather than it being a constant being defined by the server share point settings?

Thanks

I'm not sure I understand what you're asking. The root of the share is essentially a folder, so any permissions you apply to that folder apply to the root of the share. Does that help?

did this issue get resolved? @rodderz

Terms & ConditionsCookie settingsAccessibility statement