Thanks for the suggestion tlarkin. Unfortunately I got the exact same result.

Is it really so odd that I should want my files to be read/write for everyone? Why is it so hard to accomplish? Doesn't anyone else find this annoying?

1) Try using "Sandbox" for changing access control lists (ACLs):
http://mikey-san.net/sandbox/

2) Don't use Finder for finding out about permissions - especially if you are doing something out of the ordinary with ACLs. Finder's Get Info is notoriously misleading regarding permissions. (or at least it has been in the OS X versions I've tried)
Use commands in Terminal to be sure.

It seems that Sandbox is not ready for Snow Leopard, so that's out of the questions for now.

You mean the "ls -le" command thingy? This is what it tells me about my newly created Untitled folder that was supposed to inherit read/write privileges:

drwxr-xr-x+ 2 ravenplenty wheel 68 Nov 2 10:40 untitled folder
0: group:everyone inherited allow list,add_file,search,delete,add_subdirectory,delete_child,file_inherit,directory_inherit

Unfortunately for me, that's mostly gibberish. And it's besides the point, because when I copy it over the network, it still converts to Read Only. This is my whole point. If I manually assign a file or folder Read/Write for Everyone and then copy it over the network, no problem – it retains Read/Write privileges. But every new file or folder I create gets Read Only for Everyone by default.

I just want all my files to be Read/Write for everyone by default. Is there a way?

How are you logged into the Mac Pro on your network? Through an Administrative, non-admin or Guest account? This would also effect how file permissions are assigned.

The permissions assigned to newly created files/folders on your local drive are controlled by your 'umask' settings.
Look for articles on the main macosxhints site about changing 'umask'

I have admin access on my own Mac Pro as well as when I log in to the network Mac Pro which hosts the shared external hard drive.

Edit: Thanks Hayne, I'll look into the "umask" thing. Sounds promising.

Another edit: I'm having difficulty finding out how to change umask settings. Nothing really comes up when I search macoshints.com – only 4 articles are less than three years old, and they don't describe how to do this either. A google search hasn't pointed me to a simple explanation either. There are a lot of irrelevant posts or else they are articles that are filled to the brim with developer techno-speak. So now my two new questions are:

1) Is anyone able to explain in simple terms how to change the umask settings on my computer?
2) Is it, like, a really bad idea to change my default permissions to read/only for everyone? I only want that to apply to specific folders, but perhaps umask settings apply to the whole computer?

Why are you only looking for articles less than three years old? umask is a unix command, and it hasn't changed the way it works in many years.

Trevor

Since I do not have experience with Terminal, scripting, Unix, etc., I am proceeding with caution. I suspected there could be changes in the way this is implemented in Snow Leopard vs. Tiger or Panther or whatever. As it is now, the only thing I know about umask is that it has to do with default permissions, and now, that it's a "Unix command that hasn't changed the way it works [however it works] in many years". I don't yet know how to change umask settings, or if it can be applied to specific folders or just the entire hard drive.

I will continue hunting for more info. Meanwhile, if anyone has the magic bullet – eg. "simply type XXXX in Terminal" or whatever – fire away!

If this is part of an Open Directory deployment at your work MCX could be over writing the settings and enforcing management. It can even override local Admin settings.

If this is a company computer, contact your IT department and have them set up a share for you.

Bless your heart, you probably thought that might be helpful. Open Directory Deployment? MCX? Uhh...

It is a rather large company with a PC workflow, within which we are basically a self-managed Mac island of graphic designers. IT here knows next to nothing about Mac computers. Effectively we're on our own here. Enter the (often) super helpful world of forums like this. Except I'm mostly getting jargon thrown at me instead of real-world help for a non-programmer. You guys are trying to help, I just know it.

If they have any kind of management put into those machines you may not be able to share anything. Further more, if you are logging in against AD/OD then you are most likely getting a Kerberos ticket.

This basically means, it would be easy for them to set up a network share, add in whatever users need access to it, and all users that authenticate with their network log ins would be granted access to it.

I have never personally tried to enable ACLs on the file system locally. I have always used Servers instead so I would have to test this out to see what is going wrong here and unfortunately I don't have the time at the moment.

IT hasn't ever touched our Mac machines, so there's no kind of management put into these machines.

Regarding IT setting up a network share for us... I prefer a local network option because it is probably faster and avoids SMB issues we've had. Plus, I've tried to connect to shared drives used by the PC-using bunch in Marketing, but the folders only appear empty to us Mac-users, and IT couldn't figure that out at all. I want to steer clear of the quagmire that is this company's IT dept if possible.

Let's avoid the temptation to get lost in these tangents. My original question remains: How can I make all my files Read/Write to Everyone by default?

You said your log in is a network log in, which means they had to bind your machine to some sort of directory service for you to log in, is that not the case?

I'm no expert at this, but the idea that you could be trying to effect this shared disk from your client machine seems futile to me. [it seems unlikely we could set ACLs on some local folder... and then "copy it over the network" and expect the server sharing this disk to automatically honor all our custom ACL entries.]

What i'm saying is that: you (or someone) needs to walk over to that Tiger Mac Pro which is serving the shared disk, and make the necessary changes *there*... on that machine.

I.e., do the fsaclctl command there, on the Tiger server... not from your Snow Leopard client. Unless the Tiger server itself (and the shared disk) have ACLs enabled on *their* end, all the chmod stuff done from some client seems meaningless.

Also -- AFAIK -- fsaclctl is not a command we apply to individual folders, but rather entire volumes. So go to the Tiger Mac Pro and login as an admin there... and use fsaclctl to enable ACLs on it (and the diskyDisk):

sudo fsaclctl -p / -e
sudo fsaclctl -p /Volumes/diskyDisk -e # it would be nice if you told us the real names of these items, to avoid misunderstandings.

Once Tiger is serving with ACLs enabled (i.e., after a restart) -- then start using chmod +a to allow and extend various write access privileges... but again: do that chmod +a stuff from the Mac that's serving the share, not from anyone's client machine.

At that point, it will be nice to see what ls -ale /Volumes/diskyDisk/path/to/shared/folder looks like (again, when run from the Tiger server).

Thanks Hal. I think there is a misunderstanding. I'm not trying to affect the shared disk from my computer, I'm trying to change the default permissions for new files on my computer. Here's the story retold:

I am part of a group of 6 graphic designers. We all use Mac Pros, some Tiger, some Snow Leopard. We are connected directly to each other in a local gigabit network, all ethernet cabled into one hub. We work off our own local hard drives. Sometimes we need to share files with each other. Also, there is a shared drive, "Library", which is an external hard drive connected to one of the computers. As long as my own local files are set to Read/Write for Everyone before I transfer them across the network, there's no problem. But the default for any new files and folders in Read Only for Everyone (Read/Write for Me of course). I would like Read/Write privileges for Everyone to be the default on my own local system, so my files can be easily shared across the network – thus avoiding the extra step of having to constantly reapply access privileges to my new files.

1) The procedure for changing 'umask' so it will affect GUI apps (as opposed to just commands run in Terminal) has changed from OS X version to version. So you are right to look only at more recent articles.
But there was an article about doing it in 10.5 (Leopard).
What version of OS X are you using? (I forget if you told us this)

2) It might be easier just to set up a Folder Action script that would automatically change the permissions of files put into a specific folder.

Mac OS X Hints: 10.5: How to set NSUmask in Leopard System 10.5

Apple.com: Mac OS X: Resolving permissions (umask) issues in a server-based group folder environment

Apple.com: Mac OS X Server 10.5: Setting a custom umask (despite the page title, also contains information about "OS X 10.4 and later")

Trevor

Okay, well i've gone over the posts here a few times... and it sure seemed like that external shared disk was the principle issue (on page 1 anyway).


One would need to know exactly where (which directory) those files get created, and exactly where (which directory) those files get copied to... and what sort of perms/ACLs exist in those two areas.

There may be some reluctance built-in to OSX which makes giving the general group known as "everyone" write privileges to everything more challenging. [it may be that denying everyone something is one matter, while allowing everyone is quite another -- idunno for sure.] Tweaking the umask to grant world access everywhere may indeed work... but also implies a security risk.

The more common approach is to use (or create) a *specific* group... and make all of your coworkers members of that group. Maybe name the group 'graphics' and pick an obscure gid, like 777 or something. Then set up ACL inheritance in some shared area using

chmod +a "group:graphics allow etc,etc,etc,etc" /Volumes/etc/etc/etc

There more detailed info we get about volume names and folder locations, the less vague the commands we can craft.

Other than that, hayne's folder action scrip should also suffice for your more recently stated needs.

Sorry about the confusion Hal. I guess there are two separate issues. One is the general issue with restricted permissions when copying files across to coworkers computers (including the Library disk) across the network – this would cease to be a problem if our files were read/write by default for everyone (or for our group, but I don't yet know anything about creating and managing groups), which became my main quest in this posting. The other issue is with creating new files or folders directly onto shares across the network. I have since learned that this isn't as big an issue as I thought. New files and folders created on Library (or any other networked computer hard drive) are shown to have Read Only privileges for Everyone (with no other user or group privileges displayed), but I can rename, move, etc. It's only if I try to change Read Only to Read/Write that trouble starts — it switches to No Access and the red circle and bar appear.

At this point I still think the umask solution is our best bet. It will avoid our having to even drop files into a scripted folder or anything.

Thanks very much to Trevor for posting those links.

That's the reluctance i was sensing. The group 'everyone' isn't a typical group in the ordinary sense [such as wheel, admin, staff, etc]. 'Everyone' is more akin to the Unix concept of "others" (or "world"), which is not a group per se... but rather refers to everyone *else* who isn't a member of a privileged group. (i.e., users not associated with some particular file or rule by virtue of any ownership or membership).

Apple's attempt to have Finder's Get Info windows provide a GUI for tweaking Unix permissions results in misleading information in some ways. (For one thing the 'execute' bit is conflated away so we don't actually see it. Directory sticky bit? Nonexistent. Likewise setuid and setgid on files. And also -- when we grant access to specific users or [real] groups -- what's happening sometimes is an ACL is being added).

Most likely for security reasons (or so i suspect anyway), it's a simple matter to *deny* 'everyone' this or that privilege... but less simple (or perhaps impossible?) to *allow* 'everyone' certain privileges. If instead of trying to tweak on 'everyone' you were to manipulate access based on a bona-fide group, like admin or staff (or 'graphics'), then perhaps Finder's Get Info window might be more willing to play along.

--

Hmm, actually, 'everyone' is a pretty strange animal. For example, we all own our own ~/Downloads folder (and many other subfolders of our home). But -- due to the "group:everyone deny delete" ACL on it -- even we as the owner cannot easily get rid of such folders. So then, 'everyone' seems more encompassing than Unix's "others" in some ways... at least when an ACL makes use of it. From a Finder Get Info window however, allowing 'everyone' to Read&Write simply reverts to the POSIX rwxrwxrwx mode... and skips placing any ACL.

Confused yet? -- I am. :)