Lion Server File Sharing Permission Categories - dummies

Lion Server File Sharing Permission Categories

By John Rizzo

In Lion Server file sharing, you set permissions for three user categories: Owner, Group, and Others. There’s also Everyone, which is similar to Others. (You can also find these user categories on users’ Macs; cmd-click or right-click any file or folder and then choose Get Info.)

You can use the categories to restrict access to a certain set of users, provide different levels of access to different users, or prevent access. When you create shared folders (called share points), you assign permissions to these classes of users.

These user categories are hierarchical; a user gets the permissions of the highest level he’s a member of. If a user is both the owner and in a group, the user gets Owner permissions.


The owner can be a user with a local account or one with a directory domain account. By default, the owner of a file or folder is the user who created it. The owner could also be the administrator.

The owner usually has the highest level of permissions: the ability to do anything to a file, such as edit, delete, or copy it. The owner is the only entity that can change permissions for groups or for Others/Everyone. The owner can also change the owner — that is, transfer ownership to another user.

The owner doesn’t have to be a person — the owner can be an entity of the operating system or the operating system itself. In the latter case, this owner is system, the equivalent of the Unix root user.


A group is a collection of users that you create accounts for. When a folder on the server has permissions for a particular group, all members of the group can access the folder. In Chapter 5, I describe creating groups, which you can do with System Preferences or Workgroup Manager.

Everyone, Others, and Guests

Everyone, Others, and Guests are similar and can be treated as one category of user. For a particular shared file or folder, they all refer to everyone else — users who aren’t an owner or in a group. This category is given the lowest level of permissions, which may mean no access at all.

Others are users who are logged in to the file server but are not owners or members of a group for a particular file or folder. Everyone includes anonymous users who are not logged in to the file server.

Don’t worry too much about it: You’ll never have to choose between Others and Everyone in a dialog. They’re used in different places.

You see a choice for Guest only in the settings for file services (not for individual share points), where you can choose to Allow Guest Access. Doing so allows anonymous users who aren’t logged in to access that file service or protocol without using a password. Guests have access only to files and folders with privileges for Everyone.