AFP permissions question

Discussion in 'Sharing' started by brossow, Mar 17, 2012.

  1. brossow New Member

    Member Since:
    Mar 17, 2012
    Message Count:
    9
    Likes Received:
    1
    Trophy Points:
    3
    Occupation:
    Data Analyst
    Location:
    Mankato, MN USA
    brossow, Mar 17, 2012

    Sorry in advance if this is covered somewhere, but I've searched and can't find it. (Probably my own fault.)

    I have a new FreeNAS 8.0.4 setup and I doubt the system specs matter for the purpose of my question.

    I have five users who are members of a group called "Everyone."

    I have a ZFS dataset also called "Everyone" for which the Owner (user) is "nobody" and the Owner (group) is "Everyone." Owner, Group and Other all have full R/W/E access.

    I have an AFP share also called "Everyone" with a correct path to the previously mentioned dataset of the same name. I have not (currently) specified anything from the Allow/Deny/Access lines, though I have previously tried it using @Everyone in the Allow list and for Read-Write Access. Disk Discovery is enabled and everything else is the default (disabled).

    All users in the "Everyone" group can see the share and access it using their passwords. That's perfect.

    PROBLEM: When any given user creates a directory in the root of the share, the other users can see it but cannot open it due to insufficient privileges. The desired behavior is that all users in "Everyone" can access all directories and files within the share. (I know I can change the permissions en masse after the directories/files have been added to the share by ticking the "Set permission recursively" box and re-saving the permissions on the dataset, but that's hardly a solution since it would have to be done every time something new is added.)

    What am I doing wrong? Any help is greatly appreciated!

    Thanks,
    Brent
  2. louisk Member

    Member Since:
    Aug 10, 2011
    Message Count:
    429
    Likes Received:
    2
    Trophy Points:
    18
    Occupation:
    Professional Nerd
    Location:
    Portland, OR area
    Home page:
    louisk, Mar 17, 2012

    I solved this by setting the Everyone directory to be set group id (chmod g+s Everyone). use -R if you want to include your existing directories vs. starting fresh (chmod -R g+s Everyone).
  3. brossow New Member

    Member Since:
    Mar 17, 2012
    Message Count:
    9
    Likes Received:
    1
    Trophy Points:
    3
    Occupation:
    Data Analyst
    Location:
    Mankato, MN USA
    brossow, Mar 17, 2012

    That seems to have worked perfectly. Thank you, Louis! :)
  4. brossow New Member

    Member Since:
    Mar 17, 2012
    Message Count:
    9
    Likes Received:
    1
    Trophy Points:
    3
    Occupation:
    Data Analyst
    Location:
    Mankato, MN USA
    brossow, Mar 17, 2012

    Err ... I take that back. Now everyone can access directories created by anyone in that directory, but the privileges aren't inherited by the newly created directories.

    In other words, if User A creates a new directory called "User A" in the root directory, User B can access that directory but User B cannot create new directories or save files in the "User A" directory. It comes out looking like this (where ./ is a directory created by User A in the root of the share and ../ is the root):

    drwxrwsr-x 5 user-A everyone 6 Mar 17 19:45 ./
    drwxrwsrwx 8 nobody everyone 9 Mar 17 19:45 ../
    drwxr-sr-x 3 user-A everyone 3 Mar 17 19:45 User A/
    drwxr-sr-x 3 user-B everyone 3 Mar 17 19:45 User B/


    I appreciate any advice. It's been many years since I had to work seriously in the *nix side of things and I've forgotten a lot.

    Brent
  5. brossow New Member

    Member Since:
    Mar 17, 2012
    Message Count:
    9
    Likes Received:
    1
    Trophy Points:
    3
    Occupation:
    Data Analyst
    Location:
    Mankato, MN USA
    brossow, Mar 21, 2012

    Surely I'm not the only person to experience this problem. Anyone?
  6. ReputableSquid New Member

    Member Since:
    May 13, 2012
    Message Count:
    2
    Likes Received:
    0
    Trophy Points:
    0
    ReputableSquid, May 13, 2012

    I am experiencing this same problem and found that adding "perm:0770" to each share line definition in /etc/local/AppleVolumes.default resolves the issue.

    Unfortunately, the GUI overwrites manual entries.

    I'm stuck now.
  7. ReputableSquid New Member

    Member Since:
    May 13, 2012
    Message Count:
    2
    Likes Received:
    0
    Trophy Points:
    0
    ReputableSquid, May 13, 2012

    Try this work around: Append to your Read-Write Access field perm:0770.

    For example: Read-write Access @Users perm:0770

    This tricks the WebGUI into adding the perm argument into the config file.

    Attached Files:

Share This Page