We have had a very similar (if not the same) problem ever since we upgraded our server to Windows 2008 R2. (WinServer 2003 was fine.) However, the main symptom we encountered, is somewhat different:
We work in a mixed Mac / PC environment. Desktop operators work on Mac only, whereas our backend services are Windows based. Also some manual operations are done on Windows 7.
We call our problem "Ghost Folders". These are folders, that are inaccessible even for Windows Administrator account. Windows displays no privileges for anyone! Even admin user cannot see folder permissions or owner - nor can ownership be taken by Administrator. Total lockdown.
Such folders are created under following circumstances:
- A windows share is mounted on Mac by
SMB://<IP-address>
notation.
- Mac or Windows user attempts to move or delete a folder with some files inside.
- Mac Finder gives error "No access" or "Insufficient privileges", as does Windows.
- Windows Server shows the folder as with no permission for anyone. This folder will disappear by itself some time later (!!) Time span can be anything from a few
minutes to several hours.
- On Mac, the UNIX '
ls -la
' command shows
the folder permissions as normal. However 'ls -la
' for the folder contents lists nothing. Not even the "." or ".." for 'current' and 'upper-level' folders.
This scenario can be repeated at will - Deletion can be attempted either on Mac or Windows.
Similar behavior is also seen when attempting to save (overwrite) a file from a Mac application. This will give permissions error - and the original file disappears from the server. This suggests a successful deletion of the original file, but failed write of the new content.
This scenario will only take place if at least one Mac has the share mounted and any folder of the share is open in Finder. A share that is not accessed by any Mac does not produce this problem.
We have sketchy evidence that the initial deletion attempt (when unsuccesful) will actually (or partially) delete the folder from the Windows file system. We have seen deletion apparently to succeed on Windows Explorer. However, the Mac SMB connection appears to somehow, as if "re-create a shadow" of the folder - or "deny" the deletion after the fact, bringing the folder back to Windows file system, but with null permissions.
We would appreciate if someone checks for this behavior on their systems, if you see the same chain of events as we do. It may help us all to more accurately pinpoint the source of this elusive problem.
Any input will be greatly appreciated.
It sounds like you are using a non-server Mac to act as a server. Is this correct? If so I highly advise you to upgrade to some version of OS X Server.
If I am correct, your issue is caused by using standard Mac (or POSIX) permissions to handle your file share. This is the only option you have for a standard Mac when sharing files. This causes permissions issues, whether you are using AFP or SMB protocols (though SMB is worse in this respect).
If you can upgrade to OS X Server, you will want to first clean up permissions on the folder you wish to share (thus fixing any existing issues). Then create users & groups to model your organization structure. From there you will create a new file share using the Server app. Don't change any of the default permissions it gives. Instead click the "+" button to add a new Access Control Entry. This is a special type of permission that OS X Server can grant, and it resolves all of the permissions issues a standard Mac will give you in such a setup.
Peachpit Press offers a great write-up of all of this in their OS X Server manuals as well, though I couldn't find anything to link to directly. I hope this helps.
Best Answer
This is something we had issues with today at work.
It goes like this:
Have a folder (Folder 1) and create another folder in this folder (Folder 2). Copy a file (such as an image) into Folder 2. Now you won't be able to rename Folder 1 without Finder asking for admin password, and entering that gives the same dialog as the second posted above by Ash. Moving (or deleting) the file that was added to Folder 2 out from that folder makes it possible to rename Folder 1 again. Seems like a bug to me. It has been reported to Apple.