I'd appreciate some advice on a permissions/ownership question. Something strange has happened to access to folders on my server. Apologies for the length but I needed to put some file listings to illustrate.
I have a folder called "software" on a server volume. From the Unix permissions angle this has the ownership/permissions when I look on the server machine:
drwxr-xr-x root admin
In Workgroup Manager the software folder is a sharepoint with the permissions as above and ACLs:
domestic Full Control
company Full Control
Ian Full Control
allusers Full Control
This set of ACLs is not how I would normally do it, but I have been driven to it in testing this problem.
If I now log in to my workstation as ianp (a local user account) and attach to the software share (as network user ian) I see two entries for software in /Volumes:
lynley:/Volumes ianp$ ls -al drwxr-xr-x 15 ianp ianp 466 Jan 7 16:33 software drwxr-xr-x + 15 root admin 466 Jan 7 16:33 software-1
If I go into software I see this:
lynley:/Volumes/software ianp$ ls -al total 3832 drwxr-xr-x 16 ianp ianp 500 Jan 7 16:47 . drwxrwxrwt 19 root admin 646 Jan 7 15:50 .. dr-xr-xr-x 30 ianp ianp 976 Jan 7 16:32 Mac OS X -rwxr--r-- 1 ianp ianp 0 Jan 7 16:33 temp [and others ...]
I can write to this folder: temp is a file I touched from Terminal on my PowerBook.
If I go into software-1 I am not allowed to see anything:
lynley:/Volumes/software-1 ianp$ ls -al ls: .: Permission denied
I don't know what software-1 is for - any ideas?
Although the above is confusing I can live with it. The real problem is that if I go into software/Mac OS X, I apparently have permissions:
lynley:/Volumes/software/Mac OS X ianp$ ls -al total 11768 dr-xr-xr-x 30 ianp ianp 976 Jan 7 16:32 . drwxr-xr-x 16 ianp ianp 500 Jan 7 16:47 .. -r--r--r-- 1 ianp ianp 12292 Dec 25 00:29 .DS_Store drwxrwxrwx 25 ianp ianp 806 Dec 24 20:43 Apple software drwxrwxrwx 4 ianp ianp 264 Nov 20 2003 Bluetooth extras drwxrwxrwx 12 ianp ianp 364 Dec 24 21:25 Development drwxrwxrwx 32 ianp ianp 1044 Dec 24 21:28 Development2 drwxrwxrwx 5 ianp ianp 264 Dec 1 23:44 Drivers for peripherals
but I can't write to this folder at all.
I thought that ACLs override Posix permissions so in theory any user should be able to write to this folder regardless of the Posix settings, and I expected that ACLs would propagate to descendant folders.
Can anyone suggest what I am doing wrong? Any wisdom appreciated.
On a wider front, if I am setting up shared folders and volumes on a network server and I am doing it while logged in on the server, what Unix ownership and permissions should I use for these folders and volumes? I thought it should not matter given ACLs overriding Posix permissions, but maybe there is a good way to avoid the problem I have here by adopting a suitable ownership/permissions policies.
I have read the Mac OS X documentation on the Apple site, BTW and it is not really clear.
Ian.