How to Set ACL Permissions in OS X Lion’s Server App
When you first create a share point, Mac OS X Lion Server assigns it standard POSIX permissions for Owner, Group, and Others. You can change the owner and group, change the permissions for all three entities, and add users. Standard POSIX permissions are easier to set than ACLs and may be all that you need.
For share points shared with AFP and/or SMB, you can also add permissions with an access control list (ACL) for a finer degree of access control. An ACL is the server’s list of all permissions for all users and groups and for a share point. You add names of users and groups to the list and then use pop-up menus to assign permissions.
ACLs are more complicated than POSIX permissions because they give you up to 17 choices: 13 permissions grouped by type, as well as 4 types of inheritance.
With almost 100,000 possible combinations of ACL permissions, it’s best to set permissions for groups and add user permissions only for exceptions.
These ACL permissions settings are well hidden in the Server app. Here’s how to access them in the Server app:
Click the name of your server.
You will find it in the sidebar under Hardware.
Click the Storage tab.
Browse for and select a shared folder.
Click the gear icon and select Edit Permissions from the pop-up menu.
A list of users and groups appears.
If you want to add a user or group, click the Add (+) button.
Type the name of an existing user or group.
To configure permissions, click the triangle to the left of the user or group name.
This exposes the first level of ACL permissions. You have four choices: Administration, Read, Write, and Inheritance. You can make choices here. A hyphen [–] in a check box means that some, but not all, of the subordinate items for that category are selected. Selecting or deselecting a check box selects or deselects all of the subordinate items.
(Optional) Click the triangles next to the choices to expand them.
This will let you go even deeper into ACL permissions. Make any changes that you need and click ok when done.
An application is a type of file that you can share. If you do, set permissions so that very few people can change permissions for shared applications. In the ACLs, under Administration, few people should have the Change Permissions and Change Owner permissions. Malware such as viruses often targets permissions in applications.