What I'm trying to achieve, is to have a "MacSpace" folder within which I will have several year group home folders, i.e. home05, home06, home07 etc.
The idea being that I can give teachers read access to the "MacSpace" folder so they can 'read' anything within, and set up the 'home' folders as users home drives within this folder - this way teachers can read content within any folder contained within "MacSpace" (still with me?)
So, what I have done thus far, is to create "MacSpace" as an unshared folder, then create 'homexx' folders within that which are shared and designated as 'home folders' in Server Admin.
I have set the "MacSpace" folder to have 'read only' for those who will need to access sub folders, i.e. teachers and students going into respective folders.
Trouble is, I can't login a test user who's home folder is one of the 'homexx' drives!
Surely I can have a 'container' folder in which I can then have 'home' folders and make it so that container folder's contents can be seen by whoever has read only permission of its content?
I've been at this all day, and I can't get it to work!
Stand alone OD environment, Server Tools 10.5.*, xserve, ARD
Tried it from client and xserve, but still can't work it out.
Permissions on 'MacSpace are :
ITtechnical - full control (i.e. me)
Teachers - Read Only
Server Admin - Full Control
Staff - Read Only
Everyone - None
Permissions on home folders within MacSpace are the same, except the 'everyone' POSIX is set to 'read only'
I'm sure it's a permissions thing, but I can't fathom it.
Last edited by theeldergeek; 23rd June 2010 at 06:12 PM.
"Surely I can have a 'container' folder in which I can then have 'home' folders and make it so that container folder's contents can be seen by whoever has read only permission of its content?"
Yes but only if you share the folder. Besides the Parent Container for Home folders has to be shared and set to auto-mount for User Homes. Clearly the structure you're using is not best suited to allow this to happen. If I've understood you correctly this is because you have Parent Containers for User Homes within another Parent Container. Generally this is the way you would approach this in a typical AD environment. For an OD environment this won't work well if work at all. Basically you're just creating problems for yourself. Keep the OD folder structure simple - essentially a single Parent Container shared and set to auto-mount User Homes with individual User Home Folders within that container.
It's a good idea on the platform to keep things as 'flat' as possible. A tree-like structure ends up giving you problems sooner or later.
You can apply an ACL for the Teacher and/or IT Group that gives that group Read/Write access to that container and the individual Homes within it. Don't be tempted to do anything with the default POSIX permissions for individual homes either. These should be left well alone.
Hope this helps?
Antonio Rocco (ACSA)
There are currently 1 users browsing this thread. (0 members and 1 guests)