ACL Permission Inheritance in Lion Server - dummies

ACL Permission Inheritance in Lion Server

By John Rizzo

In Lion Server, you can apply one or more of the thirteen (13) access control list (ACL) permissions to a folder. You can also set up to four types of inheritance to propagate these permissions to files in the folder and to folders within the selected folder. Each type applies to a particular level of folder hierarchy:

  • Apply to This Folder: Applies permissions to the selected folder (the folder you’re setting the permissions for).

  • Apply to Child Folders: Applies permissions to subfolders (folders that are one level below the selected folder).

  • Apply to Child Files: Applies permissions to the files in the selected folder.

  • Apply to All Descendants: Applies permissions to folders and files that are inside subfolders — that is, to items that are two or more levels below the selected folder. By itself, this setting doesn’t apply to the subfolders.


You can use the four inheritance settings in combination. If you select Applies to This Folder only, the ACL permissions settings wouldn’t propagate but would apply only to the selected folder.

If you check both Applies to Child Folders and Applies to Child Files, the permissions would apply to the files and folders inside the selected folder but would not apply to the selected folder itself. Also, any folders inside the subfolders wouldn’t get the permissions.

If you select Applies to This Folder and Applies to All Descendants, the permissions propagation would skip a generation, applying to the selected folder and to all folder levels below the first subfolder level.

You can remove all inherited permissions from an individual folder or file that is inside a folder structure with inheritance settings. Just do the following in the Server app:

  1. Click the name of your server in the sidebar under Hardware.

  2. Click the Storage tab and browse for and select a shared folder.

  3. Click the gear icon and select Edit Permissions from the pop-up menu.

    A new dialog appears.

  4. Click the gear icon and choose Remove Inherited Entries from the pop-up menu; then click OK.


Instead of removing all inherited ACL permissions from a nested folder or file, you can edit them, similar to the way you set them in the parent folder. However, before you edit them, you need to convert them from inherited to explicit permissions.

A choice called Make Inherited Entries Explicit converts the inherited ACL permissions to explicit entries that are set for that folder or file.