Part 1

Users have shares automatically mounted that they can drop PDFs into for a 
proofing system. The shared folders use ACLs. Previously the shares were using 
just POSIX permissions as those were adequate. Users could either drop a PDF 
into the folders using the Finder, or they could write them into the share 
directly from InDesign CS4.

Now, with ACL based shared folders, InDesign reports "Cannot save to the file 
"blah.pdf". You may not have permission or the file may be in use." And then it 
proceeds to write out a zero K PDF. I'm not sure that it's ACL related, it 
might be something else. But I don't know anything about how ACLs are 
implemented, and if and how aware of ACLs an application would need to be or if 
there is some other interaction that could be going on, maybe even with AFP as 
the intermediary.

ls -le on one of the shares reveals the following:

drwxrwx---@ 4 admin  admin  136 Jul 26 13:39 Gloss Covers
0: user:charlie inherited allow 
list,add_file,search,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit
1: user:hurley inherited allow 
list,add_file,search,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit

It seems "add_file" should be adequate for the user to both add and write to 
the file.

This is on OS X Server 10.5.6.

Part 2

When I ls -le on the folder after trying to create a PDF directly with 
InDesign, this is what I get:

-rw-r--r--+ 1 charlie  admin  0 Jul 27 00:12 test file_IDcs4.pdf
0: user:charlie inherited allow 
read,write,execute,readattr,writeattr,readextattr,writeextattr,readsecurity
1: user:hurley inherited allow 
read,write,execute,readattr,writeattr,readextattr,writeextattr,readsecurity


So there appears to be write permission for the file, yet IDCS4 won't write to 
it. It creates the file, but won't write any data to it. It ends up being a 
zero K PDF and of course the RIP tries to identify it, can't because it's not 
really a PDF, and then every admin gets an email about the failure.

I'm thinking this is just some obscure ACL problem, maybe even a bug that's 
fixed with later server versions?

Thanks,

Chris Murphy



_______________________________________________
MacOSX-admin mailing list
[email protected]
http://www.omnigroup.com/mailman/listinfo/macosx-admin

Reply via email to