For the past few months I have had my new Iomega PX4-200D which has worked out well for my vSphere and vCloud labs. We also use this as our primary file server between systems in the house for media, pictures, and everything else. For some time I have been fighting with the fact that both myself and my wife who use the appliance are setup as administrators on each primary share, yet we cannot access each others created subfolders. What I mean is simply, if she creates a folder under “Pictures” I could write to it and vice-vera. I was thinking this was an Apple File Protocol issue between the Lion and Snow Leopard installs at first. However the other night I decided to do a little digging and here is what I found.
From OSX Terminal I decided to look at the sub-folder permissions and what I found was exactly what I thought. The new folder and subsequent fles were only giving the owner read/write as show below.
drwxr-xr-x 2 Chris staff 16384 Jan 14 08:56 new -rw-r--r-- 1 Chris staff 0 Jan 14 08:55 test.txt
drwxr-xr-x 2 juliec staff 16384 Jan 14 08:56 new2 -rw-r--r-- 1 julie staff 0 Jan 14 08:55 test2.txt
This meant only I or my wife had read/write permissions to our own folders creating a problem as we manage documents together for her small business. This seemed to have no affect based on the user’s access to the volume. The user security controls on the PX4 first determine if you have access to the share, but at that point the lower level files do not seem to have any permission control…..so I thought.
I took a closer look at the share permissions settings and saw the option below to allow users to “Allow users to change file level security”
Once this was enable the entire permission set was changed to 777 for everything! This was a good thing for us as now we could read and write to each other folders that had been created. I did not need to go back and find all the folders neither of us had access to. You can see below how the permissions changed once this was applied.
drwxrwxrwx 2 Chris staff 16384 Jan 14 08:56 new -rwxrwxrwx 1 Chris staff 0 Jan 14 08:55 test.txt
drwxrwxrwx 2 juliec staff 16384 Jan 14 08:56 new2 -rwxrwxrwx 1 julie staff 0 Jan 14 08:55 test2.txt
Now this in no way means the share itself is completely read/write by anyone that is still controlled by the share level access. It simply means the people with access to the share can now correctly read and write each others documents.
There still seems to be an issue however that when an OSX machine creates a new directory or file, AFP still assignes the owner read/write/execute, but not the group/everyone else. This is not the case from a windows machine, so now I may need to check and see if there is a way to force a new file to have certain permissions from OSX. That is unless anyone else might know :). At least we can read/write to each others folders that already existed, but it still does not fix the issue for new files and folders we create since we have to each change the file permissions after they are created.
Not really an ideal solution and maybe a call to Iomega Support is an option to see if the UMASK default can be changed on the AFP protocol. Maybe it is not an OSX issue, so much as something on the PX4’s AFP protocol since it seems to set 777 on files created from a windows machine. If anyone else has more information please add some comments.