OS X AFP shares and access

Posted by gbrandt on Server Fault See other posts from Server Fault or by gbrandt
Published on 2009-07-13T16:40:17Z Indexed on 2010/04/16 21:23 UTC
Read the original article Hit count: 512

Filed under:
|
|

I am running 10.5.6 Client as a mini server and am having problems with AFP shares. All clients are OS X 10.5.7

I have created three users for 'File Sharing' only on the 'server'. I have created groups and placed these users into specific groups. I have created ACL's to give each group access to certain shares.

Two of those users can read and write to any share, one user cannot write to the shares, with different results:

  • when copying a directory, only the directory is created, no files inside are copied, the OS does not give any errors
  • when copying a single file I get three dialogs: "You may need to enter the name and password for an administrator on this computer to change the item named 'xxxx', "The item 'xxxxx' contains one or more items you do not have permission to read. Do you want to copy the items you are allowed to read?, and, The operation cannot be completed because you do not have sufficient priveleges for some of the items.

With the single file, a file gets created on the server, but is empty.

My ACL for the group this user belongs to is:

 0: group:projectmembers allow list,add_file,search,delete,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit
 1: group:informationtechnology inherited allow list,add_file,search,delete,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit
 2: group:executive inherited allow list,add_file,search,delete,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit
 3: group:everyone inherited deny list,add_file,search,delete,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit

User 1 & 2 belong to informationtechnology and executive and projectmembers, they can read and write freely on the share. User 3 belongs to projectmembers and cannot read and write freely.

I have read that this is a UID issue, however User 1 & 2 do not have matching UID's across clients and server and they work, so I don't think this is the case.

Any ideas?

© Server Fault or respective owner

Related posts about osx

Related posts about afp