New To Mac-Forums?

Welcome to our community! Join the discussion today by registering your FREE account. If you have any problems with the registration process, please contact us!

Get your questions answered by community gurus Advice and insight from world-class Apple enthusiasts Exclusive access to members-only contests, giveaways and deals

Join today!

 
Start a Discussion
 

Mac-Forums Brief

Subscribe to Mac-Forums Brief to receive special offers from Mac-Forums partners and sponsors

Join the conversation RSS
OS X - Operating System General OS operation information and support

OS 10.6 - Read-only permission not respected in shared volume?


Post Reply New Thread Subscribe

 
Thread Tools
lucapcp

 
Member Since: Sep 14, 2009
Posts: 3
lucapcp is on a distinguished road

lucapcp is offline
I have an external drive, attached via firewire, formatted in HFS+ Journaled.
This drive was first formatted with Tiger (10.4); I have now upgraded the OS to 10.6.
I specify, in sharing this volume, that there are two users (including me) who should be able to access this volume read-write, and one user that should be able to access it read-only (this is a photo archive, and I want to prevent my kids from inadvertently deleting some photos).

All seems perfect: when I select that volume, or any sub-directory, in Finder, and click on Get Info, it shows clearly that I and my wife have read-write permission, and our child read-only. Yet, from my child' laptop, I have no trouble making copies of files, moving them to trash, renaming them, etc etc.
In essence, it looks like the read-only permission is not respected.

How comes? Are there known "gotchas"? I am not a Mac OS X expert sysadmin (I thought the beauty of Mac OS X is that one did not need to be an expert sysadmin to use it :-), but neither am I a fully clueless user... any suggestions of things to watch for?

Note: I don't know anything about how ACLs are implemented on Macs, except for the information I can read in the "Info" tab I obtain when I click on "Get Info", or the setting I select in the Settings / Sharing setup menu.

Many thanks! Luca.
QUOTE Thanks
mr.lumberg

 
Member Since: Sep 12, 2009
Location: Upstate NY
Posts: 15
mr.lumberg is on a distinguished road
Mac Specs: 15" unibody MBP, Core Duo 2.66, NIVIDEA 9400 graphics, 4GB DDR3

mr.lumberg is offline
If I read this post correctly, you have your own Mac that you and your wife use primarily and a second one that your kids use?
If so, try hooking the drive to your kid's lappy and change the permissions there so that they only have read privileges, and don't change yours at all. You should be able to do this with the Sharing menu if I am not mistaken, though as a Linux vet I always dive right into the command line with the "chmod" command and haven't used "Sharing" yet...
QUOTE Thanks
lucapcp

 
Member Since: Sep 14, 2009
Posts: 3
lucapcp is on a distinguished road

lucapcp is offline
Quote:
Originally Posted by mr.lumberg View Post
If I read this post correctly, you have your own Mac that you and your wife use primarily and a second one that your kids use?
If so, try hooking the drive to your kid's lappy and change the permissions there so that they only have read privileges, and don't change yours at all. You should be able to do this with the Sharing menu if I am not mistaken, though as a Linux vet I always dive right into the command line with the "chmod" command and haven't used "Sharing" yet...
Not quite... We have 4 Macs: one for me, one for my wife, one for the kid, and one, this Mac Mini, which I would like to use as a file server (and I use it for some long-lasting computation, as it is the only non-laptop). To this Mac Mini are attached a bunch of firewire-chained drives. I was hoping to be able to define the sharing permissions of those volumes from the Mac Mini: there is a menu in "File Sharing" that seems to be trying to do just that. So in that menu, I carefully chose the permissions, giving the kid only read-only permission, and me and my wife read-write, but as I said, it does not seem to work.

Precisely, I gave me and my wife read-write permission. The kid has an account also on the Mac Mini that acts as file server, and on that Mac Mini, I have BOTH set up the file sharing permission for the kid to read-only, AND the permission of every file (at all levels of the hierarchy) to read-only. Yet, the kid is able to attach the volume, rename files, delete them, etc etc, as if the permissions were completely disregarded.

I have to say that the volume was originally formatted with 10.4 (Tiger); I am not sure if this makes any difference.

Luca
QUOTE Thanks
mr.lumberg

 
Member Since: Sep 12, 2009
Location: Upstate NY
Posts: 15
mr.lumberg is on a distinguished road
Mac Specs: 15" unibody MBP, Core Duo 2.66, NIVIDEA 9400 graphics, 4GB DDR3

mr.lumberg is offline
Maybe try a check and repair of the permissions on the tyke's machine and the Mini after verifying/resetting the permissions on their machine. Also: are the accounts on their machine and the Mini the same? It may be that you only limited the access the account on the Mini.
QUOTE Thanks
mr.lumberg

 
Member Since: Sep 12, 2009
Location: Upstate NY
Posts: 15
mr.lumberg is on a distinguished road
Mac Specs: 15" unibody MBP, Core Duo 2.66, NIVIDEA 9400 graphics, 4GB DDR3

mr.lumberg is offline
Also, HFS has been the Mac file format for a while now, so that fact that you originally formatted using Tiger shouldn't be an issue.
QUOTE Thanks
lucapcp

 
Member Since: Sep 14, 2009
Posts: 3
lucapcp is on a distinguished road

lucapcp is offline
Quote:
Originally Posted by mr.lumberg View Post
Maybe try a check and repair of the permissions on the tyke's machine and the Mini after verifying/resetting the permissions on their machine. Also: are the accounts on their machine and the Mini the same? It may be that you only limited the access the account on the Mini.
I am not sure I understand... I checked and repaired the permissions from the Mac Mini, and on the Mac Mini, when I define sharing, I clearly put the kid's permissions for that share as read only. From the kid's laptop, however, when I do "Get Info" for that volume, I get that the kid has write and read permission, and there is nowhere where I can go and modify permissions for that.

Interestingly, when I do ls -l on the volume from the Mac Mini, it tells me that I am the owner of all files, and no-one else has write access.

I am a linux expert, and I really don't understand the Mac OS X ACL model, which seems to overlap the good-ol' unix-style permissions.

Luca
QUOTE Thanks
mr.lumberg

 
Member Since: Sep 12, 2009
Location: Upstate NY
Posts: 15
mr.lumberg is on a distinguished road
Mac Specs: 15" unibody MBP, Core Duo 2.66, NIVIDEA 9400 graphics, 4GB DDR3

mr.lumberg is offline
Quote:
Originally Posted by lucapcp View Post
I am not sure I understand... I checked and repaired the permissions from the Mac Mini, and on the Mac Mini, when I define sharing, I clearly put the kid's permissions for that share as read only. From the kid's laptop, however, when I do "Get Info" for that volume, I get that the kid has write and read permission, and there is nowhere where I can go and modify permissions for that.

Interestingly, when I do ls -l on the volume from the Mac Mini, it tells me that I am the owner of all files, and no-one else has write access.

I am a linux expert, and I really don't understand the Mac OS X ACL model, which seems to overlap the good-ol' unix-style permissions.

Luca
I hear ya'; the permissions model is juuuuust different enough to cause a bit of head scratching.

Aside from trying it on the command line, I don't know what else to recommend.
QUOTE Thanks
MKS

 
Member Since: Jan 28, 2013
Posts: 1
MKS is on a distinguished road

MKS is offline
The problem is with the difference between an external drive and an internal drive. External drives are treated differently, in terms of permissions. In my opinion, this should not matter, and the AFP server (the bit of software that allows remote access to this folder) should handle the read/write permissions according to what you have set in the Sharing control panel. Unfortunately, it doesn't work this way.

You will need to do something like the following:

In Finder, select the drive and Get Info (apple-I or File->Get Info).

In the Info window, if there is a lock icon near the bottom, click it and enter your password. You should see a tick box called "Ignore ownership on this volume" -- uncheck it.

At this point, I recommend that you "Get Info" on your internal hard drive as well, for comparison.

Expand the "Sharing and Permissions" area. You will see your username, with Read&Write privilege. You will also likely see "everyone" and "staff."

In the Info window for your internal drive, you will not see "staff," but instead "admin." This is a key difference. The "admin" group contains only those users who have administrative accounts on the machine. The "staff" group includes everyone with login accounts.

If you are sharing the entire drive, you would make changes here at the drive level. However, if you are making only a folder of the drive shared, then you are done with this part, and may close the Info window now.

Next, you need to change the group ownership of the shared folder. In a terminal window, do the following according to my example. On my machine, I share a folder called "Video" on a drive called "RAID 00." So at the command prompt, I type:

sudo chgrp -R admin "/Volumes/RAID 00/Video"

This will change group ownership of everything in this directory to the "admin" group.

The problem with external drives is the combination of "Ignore ownership on this volume" coupled with the fact that all users who can log into your computer have "group" write permissions to the external drive. It is meant to make things easier when moving drives from one machine to another, but makes it more difficult to do sensible things with permanently-attached external drives. Though, as I said, if the file server were designed sensibly, it wouldn't matter. Unfortunately, SMB has never been brilliant, and NFS is a pain in the posterior even for those who know how to configure it. Mac-to-Mac, I've had the best luck, stability-wise, with Apple's AFP. Unfortunately, it appears to be brain-dead in terms of security.

Anyhow, this should resolve the issue.

But beware: if you move or copy files or folders into this location from elsewhere on your computer, the group permissions will be copied as well.

This means that if a file was owned by the group "staff" it will be writable (and deletable). I would recommend that, any time you add files to the shared folder, you either re-run the aforementioned command line, or use "Get Info" on the folder, expand "Sharing & Permissions," select the "gear" icon, and select "Apply to enclosed items..." -- this will copy the group ownership and ensure all files and sub-folders are not shared "writable."
QUOTE Thanks

Post Reply New Thread Subscribe


« Where Are All My Contacts... | Screen flashing »
Thread Tools

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off
Forum Jump

Similar Threads
Thread
Thread Starter
Forum
Replies
Last Post
Printing on a shared windows printer.... macmania Running Windows (or anything else) on your Mac 6 03-19-2010 05:52 PM
iMac G4 can't read Tiger install DVD, can read other DVD's though? lee_3033 Apple Desktops 4 12-27-2009 04:28 PM
Using a shared folder as a "Network" jherzog OS X - Operating System 3 03-03-2007 07:54 AM
Seagate 7200.10 incompatible? Detailed benchmarks! otheronenorehto Apple Desktops 5 01-15-2007 04:38 AM
External Drive Corruption? mrrumfoord OS X - Operating System 2 05-17-2004 01:02 AM

All times are GMT -4. The time now is 07:40 AM.

Powered by vBulletin
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
X

Welcome to Mac-Forums.com

Create your username to jump into the discussion!

New members like you have made this community the ultimate source for your Mac since 2003!


(4 digit year)

Already a member?