fixing ACLs on OS X Server

If you’ve experienced issues copying/renaming files and folders OS X server from your desktop, especially over SMB - it’s most likely a permissions issue.

Generally most people use groups to manage permissions on their fileshare, but sometimes a new file/folder created by a user does not inherit those group permissions.

IE: Joe and Brett both belong to the “managers” group. The managers group has “read/write” access for the shared folder. Everything works fine. However, Joe uploads a bunch of files and folders from his desktop to the fileshare - and Brett can’t access them. Or Brett can access them, but can’t edit, or add additional files/folders to the subfolders that Joe uploaded.

This is due to group persmissions not being propegated properly. If you’ve tried propegating permissions and the ACL from the Server gui and failed, try this.

$ sudo chmod -R +a "group:managers allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit" /_FILESHARE/SHARED_FOLDER/

this will propegate group permissions (to the group “managers”) on all existing files/folders on the shared folder. New folders/files will inherit permissions from the parent folder. So when Brett uploads a set of files/folders from his desktop the “managers” group will be given read/write access to those files.

Show Comments