Permissions not translating to Windows Sharing?? -- should be read-only but isn't. :(

[djbeta]

Hi everyone,

I'd really appreciate help with this because as is, Windows users that connect to my Mac OS X Server (10.4) can delete entire directories in a folder that should be read-only.

Basically, the folder structure is this:

username is "rtdb"
when the user logs in and mounts "rtdb"
permissions on "rtdb" (the top level), are read-only to everyone
and the owner is "system"
then the first level of folder has similar permissions for the Application_Material and SKI_Recruitment folders.. for some reason,
A Windows user, connecting with "rtdb" credentials, was just able to go
into the SKI_Recruitment folder and delete a folder within it.
They are unable to rename or create folders in it, but was able to delete
an entire folder..

Mac users that mount "rtdb" can not delete folders within SKI_Recruitment
nor do anything other than read.

Can someone please look at the attachment and tell me why this happened and suggest how to fix it so that "rtdb" user connected via Windows can truly only read within the SKI_Recruitment folder?

Many thanks in advance.

 

[eric2006]

Are you certain that the subdirectories are inheriting the parent permissions? Also, here are some documents that may help you:

http://docs.info.apple.com/article.html?path=ServerAdmin/10.4/en/c3wn39.html
http://docs.info.apple.com/article.html?artnum=302469
http://search.info.apple.com/?q=smb+permissions&type=&search=Search&lr=lang_en&search=Go

 

[Giaguara]

How have you set the ACLs on the area it can access?
(Inherited..?)

 

[djbeta]

I *think* the permissions were set with the finder.. sorry, I don't know what an access control list is.. ( i just googled ACL )

A company tech that has remote access to the server set the permissions for me..

I don't want the folders inside the top level folders to be read-only.. i want them to be read-writeable to "rtdb" so that the "rtdb" user can manage what's in those level 2 folders..

however, I don't want them to be able to delete the level 2 folders
nor rename them..

read-only read-only read-write
to rtdb to rtdb to rtdb

top level ------ level 1 -------------- level 2

rtdb ------ Application_Material ----- folder A
------------------------------------------- folder B
------------------------------------------- folder C

It was my understanding that with the above, a user
logged in as rtdb would not be able to create folders,
rename folders, or delete folders IN Application_Material,
but would be able to create, rename, delete within folders A, B, C

With the permissions in the original attachment, Mac users
have the above behavior but PC users can delete Folders A, B, or C
what's weird is that the PC users can not rename or create folders
in Application_Material they can only delete Folders A,B, C

I need folders A, B, C to be read-writeable so that my users can manage
what's inside them

I'll look at the links that were posted..

Thanks!
any further thoughts ??