I'm trying to use set default permissions for directories and files but not having much joy. What I am trying to share a specific directory on a local external drive connected to the server internally. Everyone in the group has access to the drive and can view all the files.
However once a new file is created by mac08, the group permissions are not set and only that user has access to modify it.
Here is an example of two txt files. The one created by mac08 has 644 permissions and all other users like mac07 etc. can't write to the file.
I have a group called staff and have added everyone to it, but new files created don't follow.
drwxrwxrwx+ 159 root wheel 5406 22 Aug 11:08 PROJECTS
0: group:Staff allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity
New file created:
-rw-rw-rw-@ 1 root wheel 351 22 Aug 23:17 test4.rtf
0: group:Staff allow read,write,append,readattr,writeattr,readextattr,writeextattr,readsecurity
1: user:aserver allow read,write,append,readattr,writeattr,readextattr,writeextattr,readsecurity
2: user:ckadmin allow read,write,append,readattr,writeattr,readextattr,writeextattr,readsecurity
-rw-r--r--@ 1 mac08 wheel 352 22 Aug 23:26 testet11.rtf
0: group:Staff allow read,write,append,readattr,writeattr,readextattr,writeextattr
I can manually update the permissions through the Get Info window but this requires me to reset permissions every time a person saves a new file to the drive. Any idea what it could be?
Best Answer
To create a properly working Projects share do the following:
On your external disk create a folder "Projects". Share this Projects with default permissions in Server.app > File Sharing. The default permissions are 755, the default owner is the user who created the folder and his primary group (e.g. adminuser:admin):
In this folder create another folder with the name Projects. Change the permissions to 770 and the group to staff:
The permissions now look like this:
Then add an ACL for the group staff:
with the result:
The complete path to the Projects folder (containing a test folder and a test.txt file - Data is the name of my volume on the external disk) is then:
Now any subsequent file and folder of /Volumes/Data/Projects/Projects can be modified by any user in the group staff. You may tweak/tighten some of the permissions by not adding them (e.g. readextattr and writeextattr)