Default umask for OS X GUI

[coolgrafix]

How can I get the OS X GUI to make files (for whichever user is currently logged in or connected thru file sharing) which are group read/writable?

This seems to have been touched upon in other areas, but the relevant answering posts are no longer extant. =(

Any help is appreciated.

 

[gatorparrots]

More than you ever wanted to know about the default umask:
http://forums.osxfaq.com/viewtopic.php?t=3313
http://forums.osxfaq.com/viewtopic.php?t=3338
http://forums.osxfaq.com/viewtopic.php?t=1909

 

[coolgrafix]

After all my reading today (see above) I was considering providing a HOW-TO. I'd appreciate any feedback on the following draft...

HOW-TO: Make the Shared directory behave as a truly shared directory.

Many users wish to be able to collaborate with their fellow users by sharing files hosted on a central workstation or server. With Mac OS X this isn't as easy as it may sound due to multi-user permission safeguards. This HOW-TO shows how to set up a Mac OS X 10.2.3 workstation to have it's Shared folder available to any user in the "staff" group, whether they log into the machine remotely for file sharing or if they log into the machine directly. This HOW-TO assumes that the machine is a new installation and that the Shared folder is empty.

1) All users who expect to have access to /Users/Shared/ must be in the "staff" group. They will be members of this group by default if added as OS X users through the GUI.

2) /Users/Shared/ must be owned by the group "staff". To make this change, execute the following command from the Terminal:

sudo chgrp staff /Users/Shared

3) /Users/Shared/ must have Read and Write access for its group "staff". By default it has "Read only" access for its group. This change must be made from the Terminal. To make this change, execute the following command from the Terminal:

sudo chmod g+w /Users/Shared

4) /Users/Shared/ must have the "sticky bit" turned off. To make this change, execute the following command from the Terminal:

sudo chmod u-t /Users/Shared

5) Restart the machine.

6) You may wish to at this point set certain users' home directories to be /Users/Shared/ itself, thus preventing confusion when logging in through file sharing.* This can be done from the GUI with the NetInfo Manager utility, found in /Applications/Utilities/. This is not advised, as problems can arise if one of the users logged in at the workstation itself; the users would all be sharing the same home directory, preferences, etc. However, if interested, follow the following steps from NetInfo Manager:

a) If the lock icon is closed, click it and provide an administrator password.

b) You will be presented with a four-paned window: three panes across the top, and across the bottom. In the upper left-most pane, click the slash symbol ("/") if it is not already selected.

c) A list will appear in the upper middle pane. Click the "users" item from this list.

d) A list of users will appear in the upper right-most pane. Select a user to modify by clicking the user's name.

e) A list of properties and values will appear in the bottom pane. Scroll down the list until you see the "home" property. Double-click on home's value, which should be in the form "/Users/username".

f) Change this value to "/Users/Shared", omitting the quotes.

g) Save these changes by hitting Command-S, or choosing Save Changes under the Domain menu at the top of the screen.

h)You will be asked to confirm the modification. Click "Update this copy" to continue.

i) Repeat steps d - h for each user you wish to modify.

j) Click the lock to insure no further changes are made.

* NOTE: A preferred method would be to install a second hard drive, or repartition an existing one, and set up the new drive in a similar manner as /Users/Shared/. In this case, each user would keep their separate home directories. The new volume would appear in their file sharing volume selection screen.

 

[coolgrafix]

Bugger, completely left off the umask change in the /etc/rc document. Will rework that in.

 

[coolgrafix]

HOW-TO: Make the Shared directory behave as a truly shared directory.

Many users wish to be able to collaborate with their fellow users by sharing files hosted on a central workstation or server. With Mac OS X this isn't as easy as it may sound due to multi-user permission safeguards. This HOW-TO shows how to set up a Mac OS X 10.2.3 workstation to have it's Shared folder available to any user in the "staff" group, whether they log into the machine remotely for file sharing or if they log into the machine directly. This HOW-TO assumes that the machine is a new installation and that the Shared folder is empty.

1) All users who expect to have access to /Users/Shared/ must be in the "staff" group. They will be members of this group by default if added as OS X users through the GUI.

2) /Users/Shared/ must be owned by the group "staff". To make this change, execute the following command from the Terminal:

sudo chgrp staff /Users/Shared

3) /Users/Shared/ must have Read and Write access for its group "staff". By default it has "Read only" access for its group. This change must be made from the Terminal. To make this change, execute the following command from the Terminal:

sudo chmod g+w /Users/Shared

4) /Users/Shared/ must have the "sticky bit" turned off. To make this change, execute the following command from the Terminal:

sudo chmod u-t /Users/Shared

5) Each file by default needs to have group write permissions. This is not the way Mac OS X 10.2.3 ships. To change this default behavior, do the following:

a) You'll need to edit the /etc/rc file by executing the following command from the Terminal:

sudo pico /etc/rc

This will bring up the PICO text editor in your Terminal. You may need to provide an administrator password if prompted you for one.

b) Next, scroll to the bottom of the file using PICO's built-in shortcut, Control-V. The end of the document will looks something like this:

# Set language from CDIS.custom - assumes this is parse-able by sh
. /var/log/CDIS.custom
export LANGUAGE

SystemStarter -g ${VerboseFlag} ${SafeBoot}

exit 0

c) You need to add the following command after the line with "export LANGUAGE". Use the arrow keys to move as needed and hit return to insert some lines:

umask 002

The resulting file will have an ending similar to this:

# Set language from CDIS.custom - assumes this is parse-able by sh
. /var/log/CDIS.custom
export LANGUAGE

umask 002

SystemStarter -g ${VerboseFlag} ${SafeBoot}

exit 0

It's important to have the "umask" line directly before the "SystemStarter" line.

d) Now you need to save the file. Hit Control-O to save the file. You'll have to confirm the name by hitting return.

e) Next, hit Control-X to leave the program.

6) Restart the machine.

7) You may wish to at this point set certain users' home directories to be /Users/Shared/ itself, thus preventing confusion when logging in through file sharing.* This can be done from the GUI with the NetInfo Manager utility, found in /Applications/Utilities/. This is not advised, as problems can arise if one of the users logged in at the workstation itself; the users would all be sharing the same home directory, preferences, etc. However, if interested, follow the following steps from NetInfo Manager:

a) If the lock icon is closed, click it and provide an administrator password.

b) You will be presented with a four-paned window: three panes across the top, and across the bottom. In the upper left-most pane, click the slash symbol ("/") if it is not already selected.

c) A list will appear in the upper middle pane. Click the "users" item from this list.

d) A list of users will appear in the upper right-most pane. Select a user to modify by clicking the user's name.

e) A list of properties and values will appear in the bottom pane. Scroll down the list until you see the "home" property. Double-click on home's value, which should be in the form "/Users/username".

f) Change this value to "/Users/Shared", omitting the quotes.

g) Save these changes by hitting Command-S, or choosing Save Changes under the Domain menu at the top of the screen.

h)You will be asked to confirm the modification. Click "Update this copy" to continue.

i) Repeat steps d - h for each user you wish to modify.

j) Click the lock to insure no further changes are made.

* NOTE: A preferred method would be to install a second hard drive, or repartition an existing one, and set up the new drive in a similar manner as /Users/Shared/. In this case, each user would keep their separate home directories. The new volume would appear in their file sharing volume selection screen.

 

[gatorparrots]

Edit /etc/smb.conf to make /Users/Shared a Windows accessible, group-writeable public folder by adding these lines:
[public]
writeable = Yes
path = /Users/Shared
guest ok = Yes
Then restart the samba daemon to register the change:
sudo kill -HUP `ps aux | grep 'smb[d]' | awk ' { print $2 } '`

 

[coolgrafix]

Ok, life was good until you mentioned SMB. =) Now I'm lost again.

I had everything set up and working perfectly for Mac OS X to Mac OS X serving. Then I added the SMB configuration you mentioned, which I had completely overlooked.

I logged in from a Windows 95 machine and copied a file over and it worked fine, but the group permissions were set to Read Only. Gaaack!

Does SMB have it's own rc that it looks at? Is there a directive in SMB.conf that could be used?

(Pulls hair out)

Any help is appreciated.

 

[gatorparrots]

gatorparrots% cat /etc/smb.conf
; Template configuration file for smbd.
; ============================================================================
; For the format of this file and comprehensive descriptions of all the
; configuration option, please refer to the man page for smb.conf(5).
;
; The following configuration should suit most systems for basic usage and
; initial testing. It gives all clients access to their home directories and
; allows access to all printers specified in /etc/printcap.  It also provides
; a public share point for generally exporting stuff.
;
; Some things to check out:
;
[b]; 1: Make sure that the user specified in "guest account" exists. Typically
;    this will be a user that cannot log in and has minimal privileges.
;    Often the "nobody" account doesn't work (very system dependant).[/b]
;
; 2: You should consider the "security =" option. See a full description
;    in the main documentation and the smb.conf(5) manual page
;
; 3: Look at the "hosts allow" option, unless you want everyone on the internet
;    to be able to access the shares you export here.
;
; 4: If you want to support printers, add/uncomment the relevant entries.
;
[global]
client code page = 437
coding system = utf8
server string = Your computer description here
veto files = Temporary Items/Desktop */TheFindByContentFolder/TheVolumeSettingsFolder/Network */
hide files = /.*/DesktopFolderDB/TrashFor%m/resource.frk/Icon*/
hide dot files = yes
[b]guest account = unknown
encrypt passwords = yes[/b]
printing = cups
map to guest = Bad User
workgroup = WORKGROUPNAME
netbios name = COMPUTERNAME

[public]
writeable = Yes
path = /Users/Shared
guest ok = Yes

 

[coolgrafix]

Aha! Found it (how I don't know) in the Samba documentation. It's...

create mask = 0774

This will provide owner and group read/write for the files created with the SMB daemon. Yay!

Will revise my HOW-TO and post the latest draft.

 

[coolgrafix]

DRAFT
Many users wish to be able to collaborate with their fellow users by sharing files hosted on a central workstation or server. With Mac OS X this isn't as easy as it may sound due to multi-user permission safeguards. This HOW-TO shows how to set up a Mac OS X 10.2.3 workstation to have it's Shared folder available to any user in the "staff" group, whether they log into the machine remotely for file sharing or if they log into the machine directly. This HOW-TO assumes that the machine is a new installation and that the Shared folder is empty.

1. All users who expect to have access to /Users/Shared/ must be in the "staff" group. They will be members of this group by default if added as OS X users through the GUI.
   
2. /Users/Shared/ must be owned by the group "staff". To make this change, execute the following command from the Terminal:
   
   sudo chgrp staff /Users/Shared
   
3. /Users/Shared/ must have Read and Write access for its group "staff". By default it has "Read only" access for its group. This change must be made from the Terminal. To make this change, execute the following command from the Terminal:
   
   sudo chmod g+w /Users/Shared
   
4. /Users/Shared/ must have the "sticky bit" turned off. To make this change, execute the following command from the Terminal:
   
   sudo chmod u-t /Users/Shared
   
5. Each file by default needs to have group write permissions. This is not the way Mac OS X 10.2.3 ships. To change this default behavior, do the following:
   
   a) You'll need to edit the /etc/rc file by executing the following command from the Terminal:
   
   sudo pico /etc/rc
   
   b) This will bring up the PICO text editor in your Terminal. You may need to provide an administrator password if prompted for one.
   
   c) Next, scroll to the bottom of the file using PICO's built-in shortcut, Control-V. The end of the document will looks something like this:
   

         # Set language from CDIS.custom - assumes this is parse-able by sh
         . /var/log/CDIS.custom
         export LANGUAGE
   
         SystemStarter -g ${VerboseFlag} ${SafeBoot}
   
         exit 0

   d) You need to add the following command after the line with "export LANGUAGE". Use the arrow keys to move as needed and hit return to insert some lines:
   
   umask 002
   
   The resulting file will have an ending similar to this:
   

         # Set language from CDIS.custom - assumes this is parse-able by sh
         . /var/log/CDIS.custom
         export LANGUAGE
   
         umask 002
   
         SystemStarter -g ${VerboseFlag} ${SafeBoot}
   
         exit 0

   It's important to have the "umask" line directly before the "SystemStarter" line.
   
   e) Now you need to save the file. Hit Control-O to save the file. You'll have to confirm the name by hitting return.
   
   f) Next, hit Control-X to leave the program.
   
6. If you wish to share /Users/Shared with Windows users via SMB/CIFS (Windows file sharing) you'll need to set up /Users/Shared for SMB sharing and also enable group access for that share. To make this change, do the following:
   
   a) You'll need to edit /etc/smb.conf by executing the following command from the Terminal:
   
   sudo pico /etc/smb.conf
   
   b) This will bring up the PICO text editor in your Terminal. You may need to provide an administrator password if prompted for one.
   
   c) Next, scroll to the part of this file that begins with "[global]". It will look something like this:
   

       [global]
         client code page = 437
         coding system = utf8
         guest account = unknown
         encrypt passwords = yes

   d) You need to add the following command after the line with "encrypt passwords = yes". Use the arrow keys to move as needed and hit return to insert some lines:
   
   create mask = 0774
   
   The resulting change will look similar to this:
   

       [global]
         client code page = 437
         coding system = utf8
         guest account = unknown
         encrypt passwords = yes
         create mask = 0774

   e) Next, you need to set up the shared folder itself. Add the following code after the "create mask" line:
   
   [Shared]
   writeable = Yes
   path = /Users/Shared
   guest ok = Yes
   
   The resulting change will look similar to this:
   

       [global]
         client code page = 437
         coding system = utf8
         guest account = unknown
         encrypt passwords = yes
         create mask = 0774
         
       [Shared]
         writeable = Yes
         path = /Users/Shared
         guest ok = Yes

   
   Note: The name of the Windows share will be "Shared" in this case because that's how we declared it with "[Shared]".
   
   e) Optionally, you could apply a variety of settings at this point to your smb.conf file's [global] section. Here are a few to consider:
   
   

         veto files = Temporary Items/Desktop */TheFindByContentFolder/TheVolumeSettingsFolder/Network */
         hide files = /.*/DesktopFolderDB/TrashFor%m/resource.frk/Icon*/
         hide dot files = yes
         workgroup = WORKGROUP
         netbios name = NETBIOSNAME
         server string = MyServer

   Substitute your own values for WORKGROUP, NETBIOSNAME, and MyServer. See http://us1.samba.org/samba/docs/man/smb.conf.5.html for complete documentation of these directives.
   
   f) Now you need to save the file. Hit Control-O to save the file. You'll have to confirm the name by hitting return.
   
   g) Next, hit Control-X to leave the program.
   
   h) Enable Windows file sharing (if not already on) in the Sharing preference panel of System Preferences.
   
7. You may wish at this point to set certain users' home directories to be /Users/Shared/ itself, thus preventing confusion when logging in through file sharing.* This can be done from the GUI with the NetInfo Manager utility, found in /Applications/Utilities/. This is not advised, as problems can arise if one of the users logged in at the workstation itself; the users would all be sharing the same home directory, preferences, etc. However, if interested, follow the following steps from NetInfo Manager:
   
   a) If the lock icon is closed, click it and provide an administrator password.
   
   b) You will be presented with a four-paned window: three panes across the top, and across the bottom. In the upper left-most pane, click the slash symbol ("/") if it is not already selected.
   
   c) A list will appear in the upper middle pane. Click the "users" item from this list.
   
   d) A list of users will appear in the upper right-most pane. Select a user to modify by clicking the user's name.
   
   e) A list of properties and values will appear in the bottom pane. Scroll down the list until you see the "home" property. Double-click on home's value, which should be in the form "/Users/username".
   
   f) Change this value to "/Users/Shared", omitting the quotes.
   
   g) Save these changes by hitting Command-S, or choosing Save Changes under the Domain menu at the top of the screen.
   
   h) You will be asked to confirm the modification. Click "Update this copy" to continue.
   
   i) Repeat steps d - h for each user you wish to modify.
   
   j) Click the lock to insure no further changes are made.
   
   * NOTE: A preferred method would be to install a second hard drive, or repartition an existing one, and set up the new drive in a similar manner as /Users/Shared/. In this case, each user would keep their separate home directories. The new volume would appear in their file sharing volume selection screen.
   
8. Restart the machine.[/list=1]
   Comments and improvements welcomed.