OS X server 10.4.10 file permissions issues

[vampyreapoc]

We have a client that is having a really strange permissions issue. They are running OS X server 10.4.10 on an Xserve G4 SL and an Xserve RAID v1.3. Whenever a new folder is created on the share by a user, other users in the same group have read only permissions, even though in WGM the group is set to have read/write.

WGM lists the permissions correctly, but the OS(?) isn’t respecting them. Additionally, we are having problems propogating *new* permissions set on one directory to it’s sub directories. As in we cannot. The option to propogate in WGM is greyed out, and indeed *new* permissions and ACLs are not inherited by sub directories. That’s another problem to deal with, but POSIX permissions are still set correctly across all directories and their subdirectories, I have verified this by going into the sub directories manually and A) looking at the permissions settings and B) examining the effective permissions of the users – I did not try with all directories or users as there are a LOT.

Some background: Apparently these users were migrated from an older NetInfo directory. Passenger was not used, but this was before my time. I will try to get more details on this. I did notice that the group (the one having permissions problems) had each user listed twice (same user ID and all). I deleted this group and recreated it, now it is represented in WGM properly. *update* Apparently the group is showing all users listed twice again…

It’s been tossed around to chmod -R 775 those directories that are having problems. But from my understanding that will only change the permissions on the existing shares, not any new ones that are created.

This weekend we are going to create a new directory, move data from one of the old directories to this new directory, and share out this new directory. Only on one of the shares though as this could be time consuming and we aren’t even sure if this will work.

We’re pretty lost here, and the client is not happy…

[hounddogco]

I’ll add to this conversation, with a twist. Any help here would be greatly appreciated:

xServe RAID, just upgraded with new 500GB drives (one LUN only). Other LUN still has original 250’s. After waiting 2 days for new Array to finish, tried to migrate all folders over from one LUN to the other using Carbon Copy Cloner (CCC). CCC failed no matter what I did. Hand copied all folders over. Many hours later, rebooted RAID and controller. Using WorkGroup Manager (WGM), re-propagated permissions for all folders, and that worked. None of the ACLs are working. ACLs are enabled on the volume, and where working fine before the transfer.

OS X Server 10.4.11, bound to LDAP from another xServe (working correctly before transfer), users are LDAP users and they work fine for log-in. ACLs just do not work, everything else does. ACLs are enabled on the volume. When I add an user account to the ACL area, the “inheirited” option is set to NO, and I think that I have to have it set to Yes but don’t know how to change that.

OK, I goofed up. Anyone want to lend a hand? I’ll take my answer off-line, if that is easier. barry at hounddogco dot com

[vampyreapocalyps]

Thanks for the info, Josh. I wasn’t aware that you had to log in to WGM as the owner or root in order to propagate.

I forgot to add that I originally discovered the problem because I wanted to configure ACLs on the volume.

We ended up configuring a brand new server for this client anyway. And given that I did not know any of the history of the old LDAP database, we elected to painstakingly recreate it from scratch. This worked. Permissions are now correct and ACLs are propagating correctly.

Hounddogco – Sounds to me like permissions were not preserved when the data was copied over. I usually use ditto or cp when copying large amounts of data. cp -Rv -p will recursively and verbosely copy data from one location to another preserving permissions (ACLs too). man cp for more info. There are a number of switches.

[Author]

Posts