|05-30-2005, 08:37 AM||#1|
Join Date: Apr 2005
Share point access privileges in Xserver
I'm the very-very beginner, do not kill pls!
While seting up Xserver 10.3.7 on Xserve I didn't found out how to:
1. set the share point's access privilege to "add&read" so, that authorized users got a permission to write to and to read from the folder but not to change or delete items from it?
2. set share point's access so, that the first group will have, for example, r/w privilege, the second - read only, and others - no access?
Last edited by yellow; 05-30-2005 at 08:41 AM.
|06-07-2005, 08:02 AM||#4|
Join Date: Mar 2004
Location: London, UK
If you have an XServe, then you should have the "Workgroup Manager" application installed which can be used to set r/w privs for share points.
However, I have no clue how you set privs to add&read, but not delete or change - didn't even know you could do that!
|06-07-2005, 03:16 PM||#5|
Join Date: May 2004
Location: london on ca
I don't know anything about OS X Server so I don't know how to actually do any of these things, but perhaps setting the "sticky" bit on the directory will help with respect to the first question (see the 'man' page for 'sticky' and 'chmod'). A folder with the "sticky bit" set can have files added to it by anyone with "write" privileges, but a file can only be removed by "the owner of the file, the owner of the directory, or the superuser".
AFP can also be configured so that a file that is added will inherit the ownership of the directory. I don't know how this is done on the OS X Server but for OS X client, you just have to set "afp_use_parent_owner" to "true" in the "/LIbrary/Preferences/com.apple.AppleFileServer.plist file.
With the two combined, a user could add a file, but the ownership of the copy would be changed so that even the user adding it wouldn't be able to remove it. However, because of some quirks, the file also inherits permissions of the folder so they wiill still be able to edit files they have added. I don't know how to get around this aspect (AppleScript folder action, perhaps?).
Regarding the second question, I don't think you can directly share an existing folder with different permissions for different groups (maybe "access control lists" introduced with "Tiger" can be used although I know nothing of this). However, you can set up a folder that will effectively behave that way provided you set up a system of "groups" and a hierarchy of nested folders. eg:
Group C (contains all members of both group A and B)
Foldername: SharedFolder > SpecialFolder
grp&perms : C;drwxr-x--- > A;drwxrwxr-x
In this example, only members of group A or B would be able to access the "SharedFolder", so "no access" for "others". Then, access to the "SpecialFolder" would be "read & write" for group A, and "read only" for group B because they would be the only "other" that would have been able to get as far as "SharedFolder".
|Display Modes||Rate This Thread|