Re: File Sharing (again - sorry, Pd)

Jaimie Vandenbergh <jaimie@xxxxxxxxxxxxxxxxxxxxx> wrote:

On Tue, 26 May 2009 21:55:51 GMT, Martin S Taylor
<mst@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:

Jaimie Vandenbergh wrote
That sounds likely. How do I find what the umask is set to, and how do I
change it?

InTerminal, type umask. It'll come back with your current umask,
probably 0222, whereas what you want is 0022.

Both my umask and valentina's are 0022. But if I want her to have write
access, shouldn't it be 0002?

Whoops. Sorry, I was mixing my things (command line umask vs NSumask,
which doesn't include the leading special octal). You want 002, as you
thought.

But FFS, do I have to do all this just to get someone to edit a file on my
disk? Is there something corrupt on my disk? Is it this difficult for
everyone or is it just me and Pd?

Everyone. Apple made a bizarre decision to make people's user:group
membership username:username, ie individual groups per user, when in
Tiger they used to be the far more sensible username:staff or some
other such shared group. So you have that to fight against too.

It is more subtle than that, and you're mixing up versions.

Back in the good old days (Jaguar and earlier), Mac OS X user accounts
were created in the "staff" group.

In either Panther or Tiger, Apple changed the system so that newly
created accounts were set up with their own unique group, which has the
same name and gid as the user.

This only applies to newly created accounts - an account migrated or
upgraded from an older system version retained the old group assignment
(staff).

Leopard has reverted back to the old system. Newly created accounts in
Leopard are in the staff group again, but accounts migrated or upgraded
from Tiger will retain their previous group assignment.

Martin might be able to solve the problem by recreating the user
accounts so the new ones are both in the same group (staff), or by
changing the group assignment for the existing accounts and doing a bulk
chgrp to keep everything in sync.

I'll have more to say on this thread when I have time to do a detailed
post.

The quick version:

The reason that the file permissions are "resetting" each time the
document is saved by Valentina is that the application in question
(Numbers) is creating a new document for each save operation, and it
isn't replicating the permissions from the original document. The
default permissions are being used.

Assuming everyone involved is running 10.5, the best way to solve this
problem will involve the use of ACLs (Access Control Lists) and a
specially configured folder which is set up so that all files created in
that folder inherit the ACLs from the folder. You can set up arbitrary
permissions for any number of users or groups, so the folder can be
configured to automatically assign the correct permissions so that both
users have read/write access to all files in that folder.

I've done this with a folder on Mac OS X Server and it seems to work
well.

Unfortunately Finder's permissions user interface is rather primitive
and only gives access to the Unix permissions and the simplest uses of
ACLs. Another tool will be needed to set up this up, and the only ones I
know about offhand are the Server Admin utility for Mac OS X Server
(which won't work for configuring permissions on a client edition of Mac
OS X), or the chmod command line tool (with some complex arguments for
managing ACLs).

Anyone know of a fully featured GUI tool which can display and modify
all the available ACL attributes?

--
David Empson
dempson@xxxxxxxxxxxxx
.

Relevant Pages

  • Re: is it necessary for new users to be local admins?
    ... HOW TO Create and Configure User Accounts in Windows XP ... HOW TO Set, View, Change, or Remove File and Folder Permissions ... limited accounts, you can fix it to allow limited users to access the ...
    (microsoft.public.windowsxp.configuration_manage)
  • Re: Limited users and Internet access
    ... It's not sharing, it's permissions. ... Set, View, Change, or Remove File and Folder Permissions in Windows ... The problem lies in how they've written their supporting software. ... >>> Administrative accounts! ...
    (microsoft.public.windowsxp.general)
  • Re: Now no access to two folders
    ... access to two of the user accounts on the laptop. ... My (admin) My Documents ... I've shared the My Documents folder in these two ... You can try playing with permissions, ...
    (microsoft.public.windowsxp.network_web)
  • Re: WebDAV security on IIS problems
    ... folder to two accounts - one with read access and the other with full. ... This Virtual Directory point to a a share on FILE1. ... Directory Browsing, Read, Write and Excute permissions on the folder. ...
    (microsoft.public.inetserver.iis.security)
  • Re: [SLE] How can I do this?
    ... > gets the persmissions consistent with my umask of 022. ... > inherit the permissions of the directory, ... folder that everyone can read but only restricted can write. ... This is then a single NFS and/or Samba share. ...
    (SuSE)