Permissions Problems in Mac OS X Tiger Server

Question

I'm having the following problem:

Our users are using Macs running Mac OS Leopard to connect to an Xserve running Tiger Server (Version 10.4.11) via AFP.

On the Xserve, I created a user group called "staff" (using Directory Admin) and put some user accounts into that group. Then I made the group "staff" owner of the folder I want them to be able to access.

Now, whenever any user accesses a file on the server and saves it, its permissions revert to the user's permissions instead of those of "staff". Even stranger: When I create a new folder via AFP, and give "staff" Read/Write permission, it immediately reverts to "Everyone: No Access"

I'm pretty weirded out. Any pointers towards a solution would be greatly appreciated.

Answer 1

This is a bit of a shot in the dark, but I've hit some wonkiness with permissions for desktop OSX and the same thing may hold true for server OSX.

On desktop, each new user is create with a unique group that matches that user. Does server behave this way and if so have you tried removing that group?

Answer 2

It looks like it may be a bug in the Leopard client frameworks; have you tried the same thing with a 10.4 client box? The reason I say it looks like a bug? This thread: http://lists.psu.edu/cgi-bin/wa?A2=ind0903&L=macenterprise&T=0&F=&S=&P=204647

Answer 3

Try looking up the effects of the setuid and setgid bits on directories. MacOSX is Unix, and it reminds me of a problem I had on HPUX about eight years ago.

Answer 4

I suspect you need to set the setgid bit on the directory. See Wikipedia

Answer 5

Take a look at this thread at macosxhints.com

Answer 6

I think that you need to set a default / master group for each user so that way whilst the owner of the file may change the group will not meaning everyone with group access can get to the file. Also remember to make sure that you have group read and write access to the directory/files.

Answer 7

Turn on ACL's, add the group and set permissions via ACL, then propagate.