Network Drive Permissions Hassles

[ravenplenty]

Sorry about the confusion Hal. I guess there are two separate issues. One is the general issue with restricted permissions when copying files across to coworkers computers (including the Library disk) across the network – this would cease to be a problem if our files were read/write by default for everyone (or for our group, but I don't yet know anything about creating and managing groups), which became my main quest in this posting. The other issue is with creating new files or folders directly onto shares across the network. I have since learned that this isn't as big an issue as I thought. New files and folders created on Library (or any other networked computer hard drive) are shown to have Read Only privileges for Everyone (with no other user or group privileges displayed), but I can rename, move, etc. It's only if I try to change Read Only to Read/Write that trouble starts — it switches to No Access and the red circle and bar appear.

At this point I still think the umask solution is our best bet. It will avoid our having to even drop files into a scripted folder or anything.

Thanks very much to Trevor for posting those links.

[Hal Itosis]

Quote: Originally Posted by ravenplenty New files and folders created on Library (or any other networked computer hard drive) are shown to have Read Only privileges for Everyone (with no other user or group privileges displayed), but I can rename, move, etc. It's only if I try to change Read Only to Read/Write that trouble starts — it switches to No Access and the red circle and bar appear.

That's the reluctance i was sensing. The group 'everyone' isn't a typical group in the ordinary sense [such as wheel, admin, staff, etc]. 'Everyone' is more akin to the Unix concept of "others" (or "world"), which is not a group per se... but rather refers to everyone *else* who isn't a member of a privileged group. (i.e., users not associated with some particular file or rule by virtue of any ownership or membership).

Apple's attempt to have Finder's Get Info windows provide a GUI for tweaking Unix permissions results in misleading information in some ways. (For one thing the 'execute' bit is conflated away so we don't actually see it. Directory sticky bit? Nonexistent. Likewise setuid and setgid on files. And also -- when we grant access to specific users or [real] groups -- what's happening sometimes is an ACL is being added).

Most likely for security reasons (or so i suspect anyway), it's a simple matter to *deny* 'everyone' this or that privilege... but less simple (or perhaps impossible?) to *allow* 'everyone' certain privileges. If instead of trying to tweak on 'everyone' you were to manipulate access based on a bona-fide group, like admin or staff (or 'graphics'), then perhaps Finder's Get Info window might be more willing to play along.

--

Hmm, actually, 'everyone' is a pretty strange animal. For example, we all own our own ~/Downloads folder (and many other subfolders of our home). But -- due to the "group:everyone deny delete" ACL on it -- even we as the owner cannot easily get rid of such folders. So then, 'everyone' seems more encompassing than Unix's "others" in some ways... at least when an ACL makes use of it. From a Finder Get Info window however, allowing 'everyone' to Read&Write simply reverts to the POSIX rwxrwxrwx mode... and skips placing any ACL.

Confused yet? -- I am.