09-22-2010, 09:46 PM
The scenario is three iMacs on an Airport Extreme network in an office. They all share folders and files located on each other's machines and only one is backed up (yikes). Depending on the document it will be created and/or saved on one machine, sometimes from one machine to the other via the AFP share. There are sharing accounts created on each machine (one for each of the other two users) but I have a feeling that sometimes they access the shares while connected as Guest. They are constantly having permissions errors such as being denied access to certain folders and only being able to open files in read-only mode and it is impairing business.
So far I have disabled guest account access to the shares to enforce using the share account, and I am trying to convince the users to use one folder on each machine for shared data (currently they want to share documents, desktop, and myriad other folders) for simplicity and consistency. I have looked at permissions on certain problematic files but they seem to either already be correct or when I reset the permissions they revert back and I am unsure of the cause.
I think it would be best to reset permissions on all of the files that need to be shared and then move them to a NAS with three accounts for read/write access. Would this prevent these permissions issues from coming back again for existing as well as newly created files? Everything on the drive needs to be accessible to all three accounts, with the ability to limit access in the future.
Airport Extreme can turn a USB hard drive more or less into a NAS, if I'm not mistaken. That would need to be backed up and I'm not sure how to accomplish that, unless one of the other iMacs could include it in it's Time Machine backup, as long as that doesn't run into any permissions problems.
You can probably see that a lot of this is conjecture on my part, as I'm not comfortably familiar with permissions on UNIX-based systems, so any help would be appreciated. Alternate solutions are welcome, since I'm really not sure my solution is competent or not.