+ Post New Thread
Results 1 to 3 of 3
Mac Thread, Permissions on root home in Technical; Creating a new home folder for as yet to be decided users, and the permissions are ACL - Technical_group ..... ...
  1. #1
    theeldergeek
    Guest

    Permissions on root home

    Creating a new home folder for as yet to be decided users, and the permissions are

    ACL -

    Technical_group ..... full control (this is me and my boss)

    POSIX -

    SADMIN ..... read/write
    ADMIN ..... read
    OTHERS ..... read

    If I were to change 'OTHERS' to 'NONE' at root, would this cause me any problems when creating home folders within?

    It will be a student year group who are in the folder, and I don't want anyone else to see their folders except those who I specify in the ACL's, i.e. the technicians and maybe READ ONLY for teachers. Everyone else needs to be denied (we don't use public folders or drop boxes)

    Or do I need to leave the permissions as they are and specify "EVERYONE" as 'DENY' in the ACL? Should In fact, should I be making changes to POSIX at all? My own feeling is that I shouldn't, but I'm taking advice here!



    Should be noted that this is a completely separate Mac network to our Windows environment, we are not bound to Windows AD, server is an xserve running 10.5
    .

  2. #2
    AntonioRocco's Avatar
    Join Date
    Oct 2008
    Location
    South Yorkshire
    Posts
    268
    Thank Post
    10
    Thanked 114 Times in 95 Posts
    Rep Power
    41
    Hi theeldergeek

    When creating any folder (either at the Finder level or using the option within Server Admin) that is to be used for 'housing' users' home directories/profiles the System 'sets' the default POSIX permissions at the moment of creation. Generally at the Finder level and depending which OS Version it is these would be:

    Owner : root/admin : R/W
    Group : admin/staff : R
    Everyone/Others : R

    Don't be tempted to change these. You may find network users won't be able to login as you've denied them access to their home folders at a level higher up than their homes. Setting the POSIX value for Everyone/Others to None is useful for denying a 'view' in certain circumstances depending on what you want to achieve. But denying a 'view' in POSIX is not the same as adding the $ symbol in Windows. It really does mean "No Access". With 10.5 and even more so with 10.6 you should not 'mix' the permissions models to control access. Whatever the system sets as the default POSIX permissions leave well alone and concentrate solely on ACLs. Once you drill down to Users individual home folders you should see the System has added an overriding 'deny' ACL anyway. There really should not be anything else you need do with regards to permissions unless you want to add an access ACL for desired staff.

    A 'Deny' takes precedence over an 'Allow'. If a 'Deny' is set at a level higher up than an 'Allow' the 'Deny' will be 'read' first. The 'Allow' won't ever happen. You can alter this behaviour with a custom ACL that will allow folder traversal. This can get complicated very quickly so use with caution. A 'Deny' in both permission models can cause major problems although this does depend on what you want to achieve.

    Antonio Rocco (ACSA)

  3. Thanks to AntonioRocco from:


  4. #3
    theeldergeek
    Guest
    Quote Originally Posted by AntonioRocco View Post

    snippety snip ...

    A 'Deny' takes precedence over an 'Allow'. If a 'Deny' is set at a level higher up than an 'Allow' the 'Deny' will be 'read' first. The 'Allow' won't ever happen. You can alter this behaviour with a custom ACL that will allow folder traversal. This can get complicated very quickly so use with caution. A 'Deny' in both permission models can cause major problems although this does depend on what you want to achieve.
    Brilliant, that's what I needed to know.
    I'm getting there

    Thanks for your help

SHARE:
+ Post New Thread

Similar Threads

  1. Home Area Permissions
    By DSapseid in forum Scripts
    Replies: 15
    Last Post: 21st May 2012, 01:27 PM
  2. Reset Home folder permissions
    By garym2000 in forum Windows
    Replies: 10
    Last Post: 29th March 2008, 11:16 AM
  3. Replies: 2
    Last Post: 6th October 2007, 09:46 AM
  4. Advanced file permissions in XP Home
    By crc-ict in forum Windows
    Replies: 2
    Last Post: 7th December 2006, 08:29 PM
  5. Replies: 9
    Last Post: 16th June 2006, 09:28 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •