Ownership of shared folders

[ianpiper]

Hi all,

I’d appreciate some advice on a permissions/ownership question. Something strange has happened to access to folders on my server. Apologies for the length but I needed to put some file listings to illustrate.

I have a folder called “software” on a server volume. From the Unix permissions angle this has the ownership/permissions when I look on the server machine:

drwxr-xr-x    root    admin

In Workgroup Manager the software folder is a sharepoint with the permissions as above and ACLs:

domestic Full Control
company Full Control
Ian Full Control
allusers Full Control

This set of ACLs is not how I would normally do it, but I have been driven to it in testing this problem.

If I now log in to my workstation as ianp (a local user account) and attach to the software share (as network user ian) I see two entries for software in /Volumes:

lynley:/Volumes ianp$ ls -al
drwxr-xr-x    15 ianp  ianp    466 Jan  7 16:33 software
drwxr-xr-x +  15 root  admin   466 Jan  7 16:33 software-1

If I go into software I see this:

lynley:/Volumes/software ianp$ ls -al
total 3832
drwxr-xr-x   16 ianp  ianp       500 Jan  7 16:47 .
drwxrwxrwt   19 root  admin      646 Jan  7 15:50 ..
dr-xr-xr-x   30 ianp  ianp       976 Jan  7 16:32 Mac OS X
-rwxr--r--    1 ianp  ianp         0 Jan  7 16:33 temp
[and others ...]

I can write to this folder: temp is a file I touched from Terminal on my PowerBook.

If I go into software-1 I am not allowed to see anything:

lynley:/Volumes/software-1 ianp$ ls -al
ls: .: Permission denied

I don’t know what software-1 is for – any ideas?

Although the above is confusing I can live with it. The real problem is that if I go into software/Mac OS X, I apparently have permissions:

lynley:/Volumes/software/Mac OS X ianp$ ls -al
total 11768
dr-xr-xr-x    30 ianp  ianp      976 Jan  7 16:32 .
drwxr-xr-x    16 ianp  ianp      500 Jan  7 16:47 ..
-r--r--r--     1 ianp  ianp    12292 Dec 25 00:29 .DS_Store
drwxrwxrwx    25 ianp  ianp      806 Dec 24 20:43 Apple software
drwxrwxrwx     4 ianp  ianp      264 Nov 20  2003 Bluetooth extras
drwxrwxrwx    12 ianp  ianp      364 Dec 24 21:25 Development drwxrwxrwx    32 ianp  ianp     1044 Dec 24 21:28 Development2 drwxrwxrwx     5 ianp  ianp      264 Dec  1 23:44 Drivers for peripherals

but I can’t write to this folder at all.

I thought that ACLs override Posix permissions so in theory any user should be able to write to this folder regardless of the Posix settings, and I expected that ACLs would propagate to descendant folders.

Can anyone suggest what I am doing wrong? Any wisdom appreciated.

On a wider front, if I am setting up shared folders and volumes on a network server and I am doing it while logged in on the server, what Unix ownership and permissions should I use for these folders and volumes? I thought it should not matter given ACLs overriding Posix permissions, but maybe there is a good way to avoid the problem I have here by adopting a suitable ownership/permissions policies.

I have read the Mac OS X documentation on the Apple site, BTW and it is not really clear.

Ian.

[Author]

Posts