We are having a permissions issue with files transferred between our Intel and PowerPC Macs in our design department. Specifically we have two PowerPC machines - one a G4 (Quicksilver) and one a G5 (Dual 2.3ghz) - and two Intel machines - both dual core Intel Xeon. All four machines are running system 10.4.11. An important note and possibly the problem creator is that all four machines are using ADmitMac software. We do not have our home directories on the server, however. ADmitMac is installed, but not truly being used to it's full potential. All of our files are stored locally on our individual machine's hard drives. Our problem arises when we transfer files to one another via a direct network connection to each others machine. If we got to Network/My Network/"Intel User's Machine" and login using that machine's credentials, we then transfer our files directly to the desktop of the that machine. Other Mac users in the company connect to us the same way but they always put files in our Public/Drop Box as a "Guest". Either way, the permissions that were set correctly on our machine are usually changed when transferred to a machine with a different processor. I have tested this going from the G5 and the G4, multiple times, and have had no problems with the permissions changing at all. Our last few tests we did between an Intel Mac and the G5 Mac showed only a change in the "Group" permission - changing it from "everyone" to the username of the machine it was sent to. More often, however, it actually changes the "Group" and it changes the groups permissions to "read only" instead of "read & write". It does the same for "others". Our current "fix" is to simply "Get Info" on each file transferred over and correct the permissions there before opening/working with the files. Otherwise, we can usually open the files but cannot change them until the permissions are corrected. I've found some articles regarding permissions issues with 10.4 at lower levels (10.4.1, 10.4.2 etc) specifically in regards to Windows and Xserve servers, but nothing in regards to our problem specifically. Any help or insight would be greatly appreciated. Sincerest thanks! Aaron
Permissions Issue from Intel to PowerPC?
- Thread starter asp272
- Start date
ElDiabloConCaca
U.S.D.A. Prime
On these handful of computers, are the user account names the same? Are the UIDs and GIDs the same?
If not, then I'd bet that's where your permissions problems come into play. If you have a user called "graphics" on one machine with a UID of 501, and a user called "graphics" on a different machine with a UID of 502, then it would seem that that's where the problem could be.
If not, then I'd bet that's where your permissions problems come into play. If you have a user called "graphics" on one machine with a UID of 501, and a user called "graphics" on a different machine with a UID of 502, then it would seem that that's where the problem could be.
Thanks for the response ElDiablo, but you're a little over my head with UIDs and GIDs. I do know how to find out what they are, but as to whether or not they're a problem I do not know. Here's what I can tell you - All of our machines in our office (2 Intel, 1 G4 and 1 G5) have very different user account names (short names and Appletalk share names). When I checked the UID and GID for the four machines (in terminal) this is what I found - my G5 is 502 502, the G4 is 503 12, one Intel Mac is 501 501 and the other is 501 12. Could these varying UIDs and GIDs of the machines be our issue? If so, how do I resolve it? Any help would be greatly appreciated. Thanks!
ElDiabloConCaca
U.S.D.A. Prime
Actually, I think the problem stems from the fact that you have different usernames on each machine. When a file is created by someone, it is owned by that someone and everyone else would normally have "read-only" access to that file. That, in itself, is not a problem, because that's how UNIX (and, thusly, Mac OS X) is designed to work. It is a true multi-user environment, and every user account has their own files which no one else can touch.
This is why, in my opinion, it's best to have a server that takes care of this type of thing for you. A Mac OS X Server machine can create groups of users easily, and takes care of handling who can open what. Without a server to manage this, you're left doing it manually, which can quickly become a pain.
Perhaps you can try a test to see if it may help: instead of passing files back and forth and using the drop boxes, simply keep the file on one machine, set the permissions how you'd like them, then when someone on another machine would like to work on that file, connect to the machine over the network and work on the file that way. The file, through saves and opens and what-nots, should retain the permissions you set initially. It may actually be the copy-across-the-network process that's making the permissions change, so keeping the file in one place may help.
This is why, in my opinion, it's best to have a server that takes care of this type of thing for you. A Mac OS X Server machine can create groups of users easily, and takes care of handling who can open what. Without a server to manage this, you're left doing it manually, which can quickly become a pain.
Perhaps you can try a test to see if it may help: instead of passing files back and forth and using the drop boxes, simply keep the file on one machine, set the permissions how you'd like them, then when someone on another machine would like to work on that file, connect to the machine over the network and work on the file that way. The file, through saves and opens and what-nots, should retain the permissions you set initially. It may actually be the copy-across-the-network process that's making the permissions change, so keeping the file in one place may help.
Thanks again ElDiablo, I think you are exactly right. Sharing from Mac to Mac SHOULD have permissions issues unless you are logging in to another machine as that user and working with the files on that machine directly. We most definitely need a server space with an AFP share on it (like my last company had). Unfortunately I work for a very large company that is way behind the times on their IT policies, and getting a dedicated Mac server space is nowhere in sight. I'm pushing as much as I can for it, but I'm new here and they don't really care about the other Mac users that have been here for years anyway. Our saving grace is that we do have an IT guy that knows about Macs and he can be a big proponent of our cause. However, they have been using AdmitMac software for years for "Active Directory" compatibility - but it doesn't make any sense because we do not have our home directories on a server space - they are still local on our machines. In a nutshell, they can't do anything with Active Directory as far as our Macs are concerned because AdmitMac isn't being used correctly. Let me ask you this - We have an extra G4 Mac in the department we only use for a Scanner right now. Do you think it would be reliable enough to use that Mac as a server for our other three Macs in the department? Basically, all three of us log in to that G4 and work directly on files on that internal drive. As long as there is a backup drive setup, it should work OK for now correct? Let me know what you think, and thanks again for the help!
ElDiabloConCaca
U.S.D.A. Prime
Yup, that should work just fine!
I would suggest making one (or more) "common" accounts on that machine for people to log in to... for example, if you want people in the "Graphics" department to work on some PhotoShop files located on that machine, then I would create a user called "graphics" on that machine and have each person log in as "graphics" to work on those files... that way, the user "graphics" owns the files, and no matter who logs into that machine from the Graphics department, they shouldn't have any permissions issues as long as they use the "graphics" user login.
I would suggest making one (or more) "common" accounts on that machine for people to log in to... for example, if you want people in the "Graphics" department to work on some PhotoShop files located on that machine, then I would create a user called "graphics" on that machine and have each person log in as "graphics" to work on those files... that way, the user "graphics" owns the files, and no matter who logs into that machine from the Graphics department, they shouldn't have any permissions issues as long as they use the "graphics" user login.
ElDiabloConCaca
U.S.D.A. Prime
Not a problem.
Of course, this is a workaround to having a real server running Mac OS X Server. The Server flavor of Mac OS X would take care of all this permissions wonkiness, even with different user accounts working on the files. It's quite slick, and I highly recommend looking into it if/when you get the chance with this company.
Just be wary, in this kind of setup, that you don't get two people trying to edit or modify the same file at the same time... we had a "po' man's" server setup like this once, and if we weren't all in the same room so we could shout, "Don't open 123.jpg because I'm working on it!", then we could accidentally screw up some files for good.
Of course, this is a workaround to having a real server running Mac OS X Server. The Server flavor of Mac OS X would take care of all this permissions wonkiness, even with different user accounts working on the files. It's quite slick, and I highly recommend looking into it if/when you get the chance with this company.
Just be wary, in this kind of setup, that you don't get two people trying to edit or modify the same file at the same time... we had a "po' man's" server setup like this once, and if we weren't all in the same room so we could shout, "Don't open 123.jpg because I'm working on it!", then we could accidentally screw up some files for good.
The ironic thing is that when I talked to our IT guy about the possibility of getting some server space he told me that we already have numerous Xserves here at the company - all running Windows! Also, we have a 7 TB Xserve that our job management system called Marketing Pilot is running on. When I asked if we could just get 1 TB of that allocated to an AFP share, he said that Appletalk was "too chatty" and they didn't want to turn that on when the share would be on the same server as Windows shares. Do you see any merit in that claim?
ElDiabloConCaca
U.S.D.A. Prime
There is no merit to that claim, because OS X doesn't use AppleTalk natively anymore... it uses AFP ("Apple Filing Protocol") which is NOT AppleTalk and is NOT a "chatty" protocol.
While OS X can use AppleTalk to communicate with older operating systems (OS 7, 8, 9), as long as you're using OS X on all your machines, you can simply use the AFP protocol which is much improved and vastly different from AppleTalk.
I would explain to your IT guy that AFP is NOT AppleTalk.
While OS X can use AppleTalk to communicate with older operating systems (OS 7, 8, 9), as long as you're using OS X on all your machines, you can simply use the AFP protocol which is much improved and vastly different from AppleTalk.
I would explain to your IT guy that AFP is NOT AppleTalk.