How to Propagate Permissions to Subfolders in Lion’s Server App
How to Set ACL Permissions in OS X Lion’s Server App
How to Set Basic Permissions in OS X Lion’s Finder’s Get Info Window

Lion Server Access Control List Permissions

Access Control Lists (ACLs) in Lion Server provide finer shades of what read and write mean than POSIX does. For example, you can set write permissions to enable a group to edit files but not to create new folders. You can also enable users to edit a file but not to delete it.

image0.jpg

Thirteen permissions are in Apple’s implementation of ACLs. Here’s how to access it in the Server app:

  1. Click the name of your server in the left column under Hardware.

  2. Click the Storage tab and browse for and select a shared folder.

  3. Click the gear icon and select Edit Permissions from the pop-up menu.

  4. Click the Add (+) button and start typing the name of an existing user or group.

    The Server app finishes the name.

  5. Click the triangle to the left of the user or group name.

    You see the 13 permissions grouped by type, as well as 4 types of inheritance.

The 13 permissions are as follows:

  • Administration:

    • Change Permissions: Users can change standard POSIX permissions even if they aren’t owners.

    • Change Owner: Users can change the file’s or folder’s ownership to themselves or to someone else.

  • Read:

    • Read Attributes: Users can view the file’s or folder’s attributes, including filename, date created, and size.

    • Read Extended Attributes: Users can view the file’s or folder’s attributes, or metadata, added by third-party developers.

    • List Folder Contents (Read Data): Users can view the folder’s contents and open files.

    • Traverse Folder (Execute File): Users can open subfolders and run programs in the folder.

    • Read Permissions: Users can view the standard POSIX permissions of the file or folder with the Mac Finder’s Get Info window (select the file or folder and choose Finder→Get Info) or with Terminal commands.

  • Write:

    • Write Attributes: Users can change the file’s or folder’s standard attributes.

    • Write Extended Attributes: Users can change the file’s or folder’s other attributes.

    • Create Files (Write Data): Users can create and edit files.

    • Create Folder (Append Data): Users can create subfolders.

    • Delete: Users can delete files or folders.

    • Delete Subfolders and Files: Users can delete subfolders and files within the selected folder. You set these permissions on folders only. Files inherit permissions from the folder they’re in.

You can use ACLs only on storage devices formatted in the HFS+ file system. If you want to use ACLs on a particular storage device that’s formatted differently, you have to first reformat that drive in HFS+.

To take advantage of ACL permissions in Lion Server, you must use the Server app. You can’t set or manage ACL permissions with Server Admin. This is the opposite of how previous versions of Mac OS X Server handled ACLs.

With this staggering array of permissions, you can easily lose track of who gets access to what and how. The best practice is to base your permission structure on group permissions. Don’t set individual user permissions unless you need an exception, either with more permissive or more restrictive access.

A good plan is to try to assign permissions to groups only once. Then if you need to change individuals’ access, just add or remove them from groups.

blog comments powered by Disqus
How to Set Basic Permissions in OS X Lion’s File Sharing Pane
How to Restrict Printer Access Using Lion Server CUPS Web Interface
How to Edit Inherited ACL Permissions in Lion’s Server App
How to Restrict Printer Access Using Lion Server System Preferences
Lion Server File-sharing Protocols 101
Advertisement

Inside Dummies.com