This behavior occurring on all current versions of 10.7.x, i.e. 10.7.0 through 10.7.3? They've really been working on the problem for 9+ months?
Nevertheless, I think there's something wrong with the client-server paradigm if its design includes the expectation that the client honors server sent privilege metadata. All one needs is Mac OS X 10.7 client, a single user authenticated, and that user can now see all users' data on the server? How is this not a huge security hole for both the client *and* the server? Chris On Feb 29, 2012, at 2:28 PM, Susan Alston wrote: > I contacted Apple support on this issue, and their response was that > Windows Active Directory group membership and group permissions are not > read properly in Lion. We are not using Active Directory on the server, > just simple users and groups, but we are relying on group permissions. > Currently there is no workaround, but they are working on the problem. > > On Mon, Feb 27, 2012 at 10:10 AM, Susan Alston <[email protected]> wrote: > >> I have a lab of iMacs for students. From any iMac a student can connect >> to general Windows server volume and access their own individual file >> storage folder. They only have permission to see or open their own folder >> on this server, (not any other student's folder). That is, this is how it >> worked under Tiger, Leopard, and Snow Leopard (A red circle with a dash >> displays on these other students folders and they are not accessible to >> anyone but themselves). >> >> I just upgraded one of the iMacs to Lion, and when I connect as a student >> to the server, I can view *all* other student folders. I have changed >> nothing on the server side. What can I do to ungrant permission for a >> particular student to see all other student's work in this Windows volume? >> >> -- >> >> >> Susan Alston >> Internet Developer/Blackboard Administrator >> 110 McSweeney >> Chowan University >> 252-398-6263 >> > > > > -- > > > Susan Alston > Internet Developer/Blackboard Administrator > 110 McSweeney > Chowan University > 252-398-6263 > _______________________________________________ > MacOSX-admin mailing list > [email protected] > http://www.omnigroup.com/mailman/listinfo/macosx-admin _______________________________________________ MacOSX-admin mailing list [email protected] http://www.omnigroup.com/mailman/listinfo/macosx-admin
