how do i get permissions to behave the way i want…

[divinevelocity]

preferably through a gui?

[mods if this is in the wrong forum and should be in q&a, please feel free to spank and move]

1st. My set-up…
I am not using Mac OS X Server. I wish I was. I am using Mac OS X 10.3.
My machine is a 500 MHz G4 Tower (upgraded to 800 MHz – not a single problem). 1 GB RAM. 2 Internal drives – 80GB, and 120 GB.

2nd. My set-up +
The problem is related to (but still a Mac OS X problem) a RAID tower purchased from firewiredirect.com. We are not using it as a RAID, but rather as a housing for 8 separate 160GB HDs (connected through Firewire 400).

The problem details:

We have a very small workforce (thus no X Server) (5 people). The boss wants these drives and the files contained there-in to be owned by him (and set to read, write and execute). Then, we have one other login for the staff. I have that login “underling” part of the staff group, to which the drives’ group ownership belongs. The top 4 drives (I guess geography is irrelevant) they need access to, the bottom 4 they need zero access to (1st 4 drives, read,write,execute; last 4, no access). And the everyone ownership is no access on all 8.

I am terminal dumb. But I am willing and can be walked through. I set this up with [b:dfb7ff109f]SharePoints[/b:dfb7ff109f] (having read that Mac OS X can do just about everything Server can – just with other methods) and [b:dfb7ff109f]Batchmod[/b:dfb7ff109f]. I started off with just SharePoints because I thought it would do everything like back in the Mac OS 9 days. Well, go it all set up, but found multiple folders in the first 4 drives that couldn’t be access by the staff. So, I went back and Batchmodded the root levels of the drives with the following permissions and checked ‘Apply ownerships and privledges’ to enclosed files and folders. The permissions were

owner – boss – RWX
group – staff – RWX (1st 4), — (2nd 4)
Everyone – —

All seemed fine at first, but now has blown up on me and is as screwy as ever. Some folders even the owner is locked out of, others have read only permission. Others seem to have inherited “underlings” as the owner (I have it set not to do this in SharePoints). One new development today: moving an item or group of items from one folder to another on the same drive [i:dfb7ff109f]copies[/i:dfb7ff109f] instead of moves.

The boss is needless to say ticked (I did this all a week ago, and it was working the afternoon before he left on vacation; his arrival was most bitter). This could be my job, so any and all help would be appreciated.

Thanks,
dv

[samv]

A permissions issue exists with Mac OS 10.x Public folders. A user who creates a new item (file or folder) owns the item and automatically has Read & Write privileges. Each Mac OS 10 user also belongs to a local group – other users in that Group gain Read & Write access to the file or folder. Others users (Everyone else) can’t modify or delete files/directories – they only have read access. Users who access the Public folder as Guest get Read Only access. In most situations this is what we want – it makes for a very secure operating system.

For our staff, wishing to share files and folders in a peer-to-peer manner, this not what we want applied to files and folders in the Public folder. Staff find they can’t modify or delete files in Public folders owned/created by someone else. To solve this problem I added the following job to the system (root) crontab file (/etc/crontab)

# Make files in Public folders read/write for all
*/1 * * * * root /bin/chmod -R a+rw /Users/*/Public
Note: Each space in the line above is actually a tab.

What does this do? Every minute, on the minute, this system (root) cron job makes all files and directories in users Public folder read/write for all (User, Group and Others).

Obviously this compromises the strong security provided in a standard Mac OS 10.3 installation. For most environments I believe this security is over zealous. One of the key features that made sharing files on earlier versions of the Mac OS (Mac OS 7, 8 and 9) is now a major headache. The average user will struggle with the the prermission issues in a standard Mac OS 10 setup. What I’d really like to see is a preference in the Sharing system preference/pane to provide read/write access to all files and directories in a users Public folder – much like a similar ‘inherit permissions’ feature available for Mac OS 10.3 Server share points.

(Aussie spelling)

[Author]

Posts