1

I bought a Mac Mini (OSX High Sierra), also with the intention to use it as a file server. I am very surprised that this seems to be an issue.

I am using Samba share that is also supposed to work for Windows.

I created 2 users on the Mac Mini --> User1 and User2.

When I now share a folder "User1-share" from the User1 account and give rw permissions to both users for this share, then these permissions do not seem to be inherited. This means that if I create a file or folder in the shared folder via network with User2 from another mac, then User1 does not have permissions to write to this file.

This seems to have never really worked based on this article the problem exists since 2012?

Permissions for new files in shared directory

Is this a common problem and can't be solved. I hoped that maybe someone came around this already and knows the solution?

I am sure there is more info required to track down the issue and I am happy to provide it.

Thanks in advance for any help,

Chris

Chris
  • 21
  • That sounds like samba is not properly respecting the ACL. I found a suggestion here to add nt acl support = no to the [Global] section of /etc/smb.conf, but I'm not sure that's still relevant in currentish versions of samba. – Gordon Davisson Dec 15 '14 – Ruskes Oct 25 '18 at 20:58
  • http://web.stanford.edu/group/macosxsig/blog/2010/01/acls_not_being_properly_honore.html – Ruskes Oct 25 '18 at 20:58
  • Wow, the stanford link is from 2008 and talks about Snow Leopard. In High Sierra it seems that /etc/smb.conf does not exist anymore. This might be related but different in High Sierra. In the meantime I also switched off SMB and created a share with AFP only. It caused the same issues. Amazing! – Chris Oct 25 '18 at 21:05
  • just using the link you provided in first place and that is what was there. So now you say it is not SMB after all ? – Ruskes Oct 25 '18 at 21:15
  • I am trying to find out what's wrong. I can't believe that this is a problem in a modern OSX, but it seems it is. Does filesharing work on your Mac, Buscar? – Chris Oct 25 '18 at 21:30
  • Yes it does but I do not have your setup, I have shared folder on iCloud with two users from my Mac, and using the AFP. – Ruskes Oct 25 '18 at 21:40
  • Ah ok, so you are sharing locally, not via network. So one of your user‘s iCloud syncs the changes to your other iCloud devices. – Chris Oct 25 '18 at 21:56
  • AFIK iCloud is network, I think your set up is local sharing. In my case both users are on same Mac, and they share a folder in iCloud. – Ruskes Oct 25 '18 at 22:21
  • Other users can access shared folders on this computer, and administrators all volumes, at afp://192.168.x.xx – Ruskes Oct 25 '18 at 22:23
  • I am sorry, I am not getting it. iCloud is not network, it‘s a syncing Service that keeps data on different computers the same. And when users share a folder on the same computer, then I thought that could be called local. When you say that you have people accessing your computer via afp though, then that’s the interesting part. Are both users that have access administrators?because in my scenario they are just standard users. – Chris Oct 26 '18 at 02:20

1 Answers1

1

Buscar, thanks a lot and you were right with the ACL issue. I would like to "vote up" your answer, but I can't do that if it's just a comment? At least I didn't figure out how.

In any case: I would recommend to look into this explanation and way forward: https://gist.github.com/nelstrom/4988643

What needs to be done is this:
In OSX High Sierra:

  • Create a Share, e.g. /Users/admin/share.
  • Create a Group, e.g. "sharegroup", and share /Users/admin/share to that groupo and give read&write permissions.
  • Add users to the group, that are supposed to have access to the folder

  • run the following command from the github link above:

    chmod -R +a "group:sharegroup allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit" /Users/admin/share

And after this small command, I could use the mac Mini as a "normal" file server. Several users could access the shared folder(s).

I did not (have to) run the other command that was stated in the github link: 

 chown -R demo:sharegroup /Users/admin/share

I wasn't sure what it does.

If someone else should read this post and should (same as I) have an issue in understanding what ACL's are and what this setting change means, I personally found this forum thread helpful (but take care since the "chmod command" is faulty, when being copied and pasted):

https://discussions.apple.com/thread/7566517?page=2

dandan78
  • 165
  • 1
  • 1
  • 8
Chris
  • 21