How to Set Basic Permissions in OS X Lion’s File Sharing Pane
How to Set Basic Permissions in OS X Lion’s Finder’s Get Info Window
How to Propagate Permissions to Subfolders in Lion’s Server App

How to Set ACL Permissions in OS X Lion’s Server App

When you first create a share point, Mac OS X Lion Server assigns it standard POSIX permissions for Owner, Group, and Others. You can change the owner and group, change the permissions for all three entities, and add users. Standard POSIX permissions are easier to set than ACLs and may be all that you need.

For share points shared with AFP and/or SMB, you can also add permissions with an access control list (ACL) for a finer degree of access control. An ACL is the server’s list of all permissions for all users and groups and for a share point. You add names of users and groups to the list and then use pop-up menus to assign permissions.

ACLs are more complicated than POSIX permissions because they give you up to 17 choices: 13 permissions grouped by type, as well as 4 types of inheritance.

With almost 100,000 possible combinations of ACL permissions, it’s best to set permissions for groups and add user permissions only for exceptions.

These ACL permissions settings are well hidden in the Server app. Here’s how to access them in the Server app:


Click the name of your server.

You will find it in the sidebar under Hardware.


Click the Storage tab.

Browse for and select a shared folder.


Click the gear icon and select Edit Permissions from the pop-up menu.

A list of users and groups appears.


If you want to add a user or group, click the Add (+) button.

Type the name of an existing user or group.


To configure permissions, click the triangle to the left of the user or group name.

This exposes the first level of ACL permissions. You have four choices: Administration, Read, Write, and Inheritance. You can make choices here. A hyphen [–] in a check box means that some, but not all, of the subordinate items for that category are selected. Selecting or deselecting a check box selects or deselects all of the subordinate items.


(Optional) Click the triangles next to the choices to expand them.

This will let you go even deeper into ACL permissions. Make any changes that you need and click ok when done.

An application is a type of file that you can share. If you do, set permissions so that very few people can change permissions for shared applications. In the ACLs, under Administration, few people should have the Change Permissions and Change Owner permissions. Malware such as viruses often targets permissions in applications.

blog comments powered by Disqus
How to Restrict Printer Access Using Lion Server CUPS Web Interface
How to Enable Lion Server Printing for Windows Clients
How to Set Up RSS to Monitor Print Servers Using Lion Server CUPS
How to Assign File-Sharing Protocols to a Lion Server Share Point
Lion Server Access Control List Permissions