I've recently set up a new server environment in our small graphic design / video production studio.
The setup involves a Macpro running mountain lion server, with 56tb Raid 6 Proavio unit attached via SAS. The macpro has Small Tree gigabit ethernet cards allowing 12 workstations to be connected at any one time, allowing all users to access the same storage pool (the proavio raid). In terms of performance, the setup works fine. We've had 4 users editing full Hd compressed video across the ethernet network.
The problem i'm having is that in the OSX server prefs for the shared storage, I need to set the permissions to "ignore permissions on this volume" for users to be able to read / write to the drive.
I don't have a strong IT background (i'm a designer) but I have the feeling that the setup is incorrect in some way.
In addition to this bug, i'd also like to set up the system so that only the administrator of the server can delete files from the shared storage (password required). The reason being that we work with freelancers and interns who are not always safety savvy….!
Any light that can be shed on this by you brilliant people would be much appreciated.
Thanks,
J.
Best Answer
You seem to have two opposing goals. You would like that users can freely share and modify each others files, but preventing them from deleting them by mistake.
The probably best way to achieve this is to user ACLs (Access Control Lists). ACLs allow for additional, more fine-grained permissions, see http://support.apple.com/kb/PH8010 for some official Apple docs. In this case you would have to turn off the ignore permissions on this volume setting.
Unfortunately this is rather technical, and probably requires you to at least initially set it up with the Terminal.app, although some of this can also be done in the Server.app, but it will allow you to set up so that everybody can read and write to a directory and it's files and to prevent non-admins from deleting a file. Note: it probably will not prevent someone from destroying the file reducing it's size to zero, thereby de facto deleting the file, so do not get fooled into a false sense of security.