Knowledge base

OS X Server: When saving files on SMB shares, the permissions may be changed so only the owner can read or write

Posted in Apple Mac OS

Products Affected

Lion Server, OS X Server (Mountain Lion)

Symptoms

Files saved on an SMB sharepoint may have group access removed when you save them.

This can happen when applications use "safe save," which is used to minimize data loss if the save process is interrupted. The process creates an updated copy of the file that will replace the old file. That way, if the process is interrupted, the previous version of the file remains intact. As a consequence, the saved file is created as a new file with default access permissions which only allow the owner to access the file. Users who are part of a group that had access to the old file will not have access to the newly saved file.

Resolution

Turn on ACLs on the server and configure ACL inheritance on the share to save the group access. 

To turn on ACLs for the SMB shared folders, execute this command on the server:

sudo defaults write /Library/Preferences/SystemConfiguration/com.apple.smb.server AclsEnabled -bool YES


To turn off ACLs for the SMB shared folders, execute this command on the server:

sudo defaults write /Library/Preferences/SystemConfiguration/com.apple.smb.server AclsEnabled -bool NO

Additional Information

ACLs allow you to set very fine-grained control on how new files inherit access from the share. To allow group collaboration of files edited in a SMB shared folder, turn on SMB Access control lists (ACLs) on the server and set the ACL permissions to inherit group read and write permissions from the parent folder.

For more information about "safe save" refer to this article.

Read more http://support.apple.com/kb/TS4149