Re: Permissions confusions

<ianpiper@xxxxxxxxx> wrote:

Hi all,

Does anyone know about management of ownership on Mac OS X Server
managed network shares?

I have discovered some oddities on one of my shares. I have a number
of users who are members of a group (company_users) that has read-
write access to this share, and in priniciple this should apply to all
child files, folders and descendants (That's what it says in WGM
anyway). However, I have noticed that some of these folders are not
writeable by people who are members of this group. When I look at the
effective permissions, sure enough the user has no write permission.
So I looked at the folders in Terminal to see what ownership they
really have and there turn out to be two different sets of owner/group
there. The folders the users are able to write say "unknown/unknown"
and the ones that the users cannot write say "root/admin".

So I'm a bit confused. First, I can't understand why some of these
folders and files are owned by root. There is no obvious pattern to
this, and I don't tend to work as root on this filesystem anyway.
Second, how do I find out who really is the owner and group listed as
"unknown/unknown"? Third, is there a reasonably safe way to sort out
these ownerships down through the folder structure (I was thinking
about a recursive chown but am alive to the hazards and anyway can't
figure out who to chown to)?

Any guidance, or pointers to places where I can learn more about this
would be much appreciated.

Thanks,


Ian.
--

Apologies for the vagueness of this reply, but as I've only had to deal
with this once a while back, I'd have to have Server Admin in front of
me to give you the precise steps. Anyway, as far as I can recall, to
straighten out the ownerships you have to do the following:

1) Make sure ACLs are turned off.
2) Reboot the server (this is important, and fooled us: just because
Server Admin says ACLs are off, they actually stay resident until a
reboot).
3) Ensure the permissions are set properly on the main share.
4) At the bottom right of that pane is an Actions button: you should see
"Propagate permissions" as one of the options. Do it: it may take a
while.
5) Reboot the server again (this may be voodoo or may actually be
necessary).

Hope this helps,

Paul.

--
Paul Mackenzie Smith, Bristol, UK
iMac G5 (iSight) 1.9, OS X 10.4.9, 1.5Gb
To reply, take the pith out of blueyonder.
.

Relevant Pages

  • Re: For the experts only!
    ... Move join.txt to the _private folder (which by default has write permissions) and change your form properties to ... The server host says the problem is ... | all .htaccess files in all folders and reload the site up ... |>| I have reset the permissions on the admin program of FP ...
    (microsoft.public.frontpage.client)
  • Re: Trouble configuring Outlook
    ... If you're using Exchange, permissions are granted at the server level. ... > individual folders and subfolders; ...
    (microsoft.public.outlook.installation)
  • Access denied
    ... I've got a client with a server running SBS3K on it with 5 clients running ... permissions set to a folders containing those files and all was good. ...
    (microsoft.public.windows.server.sbs)
  • RE: Force Permission / Ownership Changes
    ... You tried to take ownership of the folders but the access was ... by anyone with the permission to grant permissions, ... Does the issue happen to all the folders you move from the old SBS? ...
    (microsoft.public.windows.server.sbs)
  • Re: Users accessing C$
    ... > folders, root folder, user profiles, and folders that they need to write to ... > or run applications from they need no permissions on other folders. ... The following are the default permissions for the root directory on ... >> I've recently discovered one user saving files while in a Terminal Server ...
    (microsoft.public.win2000.security)