Problems with file sharing permissions for Windows users

gdc

Greetings, I would be very pleased if someone could help me with file sharing permissions for Windows users of a Mac mini file server running Snow Leopard 10.6.1 (not server).



I have a folder in my root directory, lets call it Project, that holds a series of 10 sub folders, say 1 through 10. Some of my users I wish to have read/write access to the whole Project directory, and, having enabled file sharing in System Preferences (and SMB for Windows), I did cmd i to get info on the Project folder, ticked sharing, added the users (whose user accounts I had replicated on the Mac from their Windows machines), gave them read/write access, and then was able to map a drive to Project in their machines. All good so far, notwithstanding an hour tussle with a Vista laptop . The other user 'groups' were set the following permissions: me - read/write; Admin - read/write; Everyone - no access; which seemed sensible.



Then, when I wanted to only share say sub folders 4, 5 and 6 with other users, who will not have access to the whole Project directory, things were not as straight forward. I followed the same procedure as above, but for the particular sub folders. However, I think they are only able to see them if I provide read or read/write access for Everyone to the parent Project directory. This of course then lets them at least see all the other folders I do not want to share with them. I don't seem to be able to remove the Everyone group from the Project directory, which occurred to me might resolve this.



Any thoughts? Thanks.

buceta

Quote:

Originally Posted by gdc


Greetings, I would be very pleased if someone could help me with file sharing permissions for Windows users of a Mac mini file server running Snow Leopard 10.6.1 (not server).



I have a folder in my root directory, lets call it Project, that holds a series of 10 sub folders, say 1 through 10. Some of my users I wish to have read/write access to the whole Project directory, and, having enabled file sharing in System Preferences (and SMB for Windows), I did cmd i to get info on the Project folder, ticked sharing, added the users (whose user accounts I had replicated on the Mac from their Windows machines), gave them read/write access, and then was able to map a drive to Project in their machines. All good so far, notwithstanding an hour tussle with a Vista laptop . The other user 'groups' were set the following permissions: me - read/write; Admin - read/write; Everyone - no access; which seemed sensible.



Then, when I wanted to only share say sub folders 4, 5 and 6 with other users, who will not have access to the whole Project directory, things were not as straight forward. I followed the same procedure as above, but for the particular sub folders. However, I think they are only able to see them if I provide read or read/write access for Everyone to the parent Project directory. This of course then lets them at least see all the other folders I do not want to share with them. I don't seem to be able to remove the Everyone group from the Project directory, which occurred to me might resolve this.



Any thoughts? Thanks.

This is the reality of this matter. Over time, maintaining your server is going to cost ya untold amounts of money (time=money). To solve all of this do the following:



Plunk down ~ $10k to buy macs for every user. Then you will be able to setup the whole network in 30 minutes and never have to touch it again. Problemo solved.

gdc

Thanks, but on reflection I don't see how this is a 'Windows' issue. I cannot even assign the appropriate file permissions for the user accounts on my Mac file server! I must be doing something wrong...



In Snow Leopard client 10.6.1, if I allow a user read & write access to a folder because they need to have read & write access to two of three subfolders it contains, I cannot deny them (at least) read access to the third subfolder. I don't want them to even see it.



In respect of a particular folder it seems:

1. You can only assign read; read & write; or write (drop box) to an individual user; and

2. You can only assign No Access to everyone.



Is this really the case? If so, if I use 10.6 Server would I have additional file sharing permission options that would allow me to set No Access to a subfolder for a particular user ?

outsider

Quote:

Originally Posted by gdc


Thanks, but on reflection I don't see how this is a 'Windows' issue. I cannot even assign the appropriate file permissions for the user accounts on my Mac file server! I must be doing something wrong...



In Snow Leopard client 10.6.1, if I allow a user read & write access to a folder because they need to have read & write access to two of three subfolders it contains, I cannot deny them (at least) read access to the third subfolder. I don't want them to even see it.



In respect of a particular folder it seems:

1. You can only assign read; read & write; or write (drop box) to an individual user; and

2. You can only assign No Access to everyone.



Is this really the case? If so, if I use 10.6 Server would I have additional file sharing permission options that would allow me to set No Access to a subfolder for a particular user ?

You need to use ACLs in Leopard and Snow Leopard Server. In Server Admin (this app is installed on the server, you can also download it or install it on a client machine for remote administration) you need to select the share point and set the ACLs there. You can also granularly set permissions to each folder inside of the share point to fine tune your permissions.



See this for an example:

outsider

I just noticed you don't have MacOS 10.6 Server installed. It different at that point but you can great groups and non-local users in the Account preference pane and manage permissions in the Sharing pane that way.