ACLs not cascading on Mac OS X

P

pritimit

Registered
Following is the scenario:

Steps(Mac Os X Server 10.4.3):
1. Enable ACLs on a volume.
2. Create a sharepoint
3. Create 2 users U1 and U2 and add to group GRPA.
4. Define ACL for sharepoint by giving GRPA 'Read and Write' and apply to "This Folder. Child Folders. Child Files. All Descendants."

Scenario 1(Windows Clients):
1. Mount sharepoint using U1.
2. Create a folder and file in it.
3. From another machine mount sharepoint using U2.
4. Folder and file created by U1 are accessible for both read and write.

Scenario 2(Mac OS X Clients):
1. Mount sharepoint using U1.
2. Create a folder and file in it.
3. From another machine mount sharepoint using U2.
4. Folder and file created by U1 are accessible only with read permission - UNEXPECTED BEHAVIOR

ACls work correctly for Windows but not for Mac!!!

It seems a similar issue was reported for Windows but has been fixed in 10.4.3. Refer http://www.macwindows.com/tiger.html#072005a

Am I missing some configuration setting for Mac or is this an issue of Mac?
 
On our server, I have Share Point Protocol set to Share using AFP and allow AFP guest access. Might this help?


pritimit said:
Following is the scenario:

Steps(Mac Os X Server 10.4.3):
1. Enable ACLs on a volume.
2. Create a sharepoint
3. Create 2 users U1 and U2 and add to group GRPA.
4. Define ACL for sharepoint by giving GRPA 'Read and Write' and apply to "This Folder. Child Folders. Child Files. All Descendants."

Scenario 1(Windows Clients):
1. Mount sharepoint using U1.
2. Create a folder and file in it.
3. From another machine mount sharepoint using U2.
4. Folder and file created by U1 are accessible for both read and write.

Scenario 2(Mac OS X Clients):
1. Mount sharepoint using U1.
2. Create a folder and file in it.
3. From another machine mount sharepoint using U2.
4. Folder and file created by U1 are accessible only with read permission - UNEXPECTED BEHAVIOR

ACls work correctly for Windows but not for Mac!!!

It seems a similar issue was reported for Windows but has been fixed in 10.4.3. Refer http://www.macwindows.com/tiger.html#072005a

Am I missing some configuration setting for Mac or is this an issue of Mac?
Click to expand...
 
My mistake. Forgot to mention. Yes I did set the protocol to Share using AFP and Allow AFP Guest Access for Mac Clients and Share using SMB and allow SMB Guest Acess for Windows Clients. (In fact without doing that Mac Clients would not have been able to mount the sharepoint).

In fact for scenario2 I tried with both Mac OS X Server 10.4.3 and Mac OS X Panther 10.3.9 as clients but get the issue in both case.
 
hmmm ... so maybe use Full Control or Custom Control in ACL rather than just Read/Write. Read/Write should do it but ... if it's not working then another option? I used Full Control (not sure of the exact terms now since I'm at home) but I know that folders created do inherit parent folder permissions.
 
Thanks for immediate response :)
But I tried with Full Control but still getting same problem :(

Additionally here's what else I observed:
1. If I use SMB protocol from MAC clients to connect to the file server then this problem doesnt occur. It occurs only if AFP protocol is used.

2. Another detail that needs to be highlighted is that for the sharepoint alon with the ACL I have set the Access values for Standard Permissions as:
Owner U1 Read&Write
Group GRPA Read&Write
Everyone None
Although I think that this should not matter as a combination of this + ACl permission should work (and in fact does work for SMB).

3. Also when I check the permissions using Effective Permission Inspector on Mac OS X Server it shows expected behavior i.e U2 is shown to have read and write access on folder created by U1 but when I mount using AFP U2 does not have access.
 
Same problem over here!
Share with ACL cannot be accessed over AFP; no problem when using SMB.

We have this on our 2 Xserves that we use as fileserver :-(

If someone finds a solution, please share.


HB
 
You must log in or register to reply here.
Back
Top