Standard POSIX Permissions in Lion Server - dummies

Standard POSIX Permissions in Lion Server

By John Rizzo

Because Mac OS X (and, therefore, Lion Server) has Unix at its core, POSIX permissions are used on all files and folders on every user’s Mac. POSIX permissions are the standards that define how Unix interacts with applications.

Among other things, POSIX permissions define a permission structure for accessing files and folders. POSIX permissions are used not only in file sharing on a network, but also on the Unix computer itself.

Because these permissions are used throughout Mac OS X, POSIX permissions are often referred to as standard permissions in Apple documentation and elsewhere.

For any given file, folder, or volume, standard POSIX permissions have four types of access that you can set for Owner, Group, and Others/Everyone:

  • Read and write: Gives full access to a shared folder or file. A user can open and save files located on the server-based folder and can copy files to the folder.

  • Read-only: A user can open the shared folder and files as well as copy a file or folder to his computer. But users with read-only access can’t save changes to files that they open in the shared folder, and they can’t add files to the shared folder or delete files.

  • Write-only: Users can only copy a file into a write-only folder. They can’t open the folder to see what’s in it or access the files. A write-only folder on a server is sometimes referred to as a drop folder.

  • No access: The user has no access to the folder or file and can’t copy files to or from it.

To bring up the settings window in the Server app, click File Sharing in the left column, select a folder, and click the Edit (pencil) button.


In Unix, another POSIX permission is execute. This permission enables a user or group to run a program. In a Unix command-line shell, the execute permissions also allows you to list the files in a directory. Execute permissions are similar to read permissions, which let you open folders to see what’s inside. The execute permission isn’t used in Server Admin or the Server app.