Hi Richard.
The OS X servers use ACL's (Access Control Lists) now. If there is an
ACL entry which applies to the particular user that is accessing the
file or folder, then the ACL supersedes the POSIX permissions you are
trying to set. The server first looks at the ACL entries in order. If
the user matches any of the ACL's that are set, that user gets that
ACL permission, and the whole process stops at that point.
If the user falls all the way through the ACL's without hitting on
one, THEN and ONLY THEN do the POSIX permissions come into play. The
only way to manage the acl permissions is if you use the Server Admin
utility.
The best solution is to allow all users read/write ACL access to the
root directory, and then (assuming the server is set up to have ACL's
inherit down to the children) any new files created will possess the
same ACL's that the parent folder has, and POSIX will not even come
into play.
Now if you can access a folder after setting the POSIX permissions,
but cannot access new files created in that folder, that is because
POSIX inheritance does not work the way you think it would, or the way
it should, given the nature of file servers. With POSIX, the creator
of the folder or file becomes the Owner with read/write permissions.
The parent's Group has read only (regardless of what the parent's
group's permissions were) and the Everyone gets read only.
If you still have problems after that, I would talk to the server
admin and make sure he has set the ACL's to inherit from the parent.
It's something you set at the root VOLUME (not the share) while
sharing is off.
One more note, are you using AFP or SMB to log into the server? I
believe SMB has it's own permission inheritance settings. I ALWAYS set
mine to have children inherit the parent. Otherwise you spend a LOT of
time cleaning up other people's new folder and file permissions.
Sorry for the long blurb.
Bob Sneidar
IT Manager
Logos Management
Calvary Chapel CM
On Apr 2, 2008, at 9:01 AM, Richard Miller wrote:
Not quite solved yet.
I believe this issue has been talked about before, but the answer is
not clear to me.
If I change the file attributes of a particular folder to "777" from
within my ftp program, my Rev cgi script can then go ahead and
delete it using Delete File and Delete folder commands. But if if
then use a Rev program to put a new folder on the server (via ftp)
in the same place as this last one, I can't delete it (unless I
manually change it to 777). There must be some setting on the server
itself... probably in the Ownership & Permissions area... to
configure any new folders placed there so they can be deleted by
Rev... but I can't sort out how to do this. This Ownership/
Permissions area is completely foreign to me.
Help would be much appreciated.
Thanks.
Richard
On Apr 2, 2008, at 8:53 AM, Richard Miller wrote:
I sorted it out. It was an Ownership & Permission OSX setting.
Can someone provide guidance on the correct way to set those
settings for unrestricted Rev cgi access, while still retaining
server security? Or is the security issue on a Mac (running its
native server app) not an issue, regardless of these settings?
Thanks.
Richard
On Apr 2, 2008, at 8:41 AM, Richard Miller wrote:
There's something else going on. I wish it was just spelling, but
it's not. It's probably particular to OSX.
I tried the following:
set the defaultfolder to "/users/myusername"
put the folders into buffer
I get back the correct list of folders, including one called
"Desktop"
I then try this:
set the defaultfolder to "/users/myusername/Desktop"
put the folders into buffer
It returns the list of folders inside the cgi-bin directory. I
tried changing "Desktop" to "Library" and got the same cgi-bin
results.
What's going on here?
Thanks.
Richard
On Apr 2, 2008, at 8:26 AM, jbv wrote:
Richard ,
I have done that dozens of time, mostly on linux & windoze
servers...
So I'm not sure about OSX settings, but one thing I'd check first
is the
spelling of the folder's name... it might sound silly, but many
times
I have been blocked by spelling problems (or case sensitive
spelling)
when referring to folders & files...
JB
I don't understand what is happening with this. This is on a
MacMini
server.
I ask a Rev cgi script the following:
put (there is a folder "/users/myusername/desktop") into
buffer
It returns TRUE.
I then ask the following:
put (there is a folder "/users/myusername/desktop/foldername")
into buffer
(foldername = any folder sitting on the desktop)
It returns FALSE.
Does this have something to do with some setting I need to
change on
the server?... or am I asking for information which is not
accessible
from a Rev cgi script located inside the CGI-Executables folder?
What I ultimately want to do is have the Rev cgi script delete a
folder sitting elsewhere on the server. Is there a reason this
can't
be done?
Thanks.
Richard Miller
_______________________________________________
use-revolution mailing list
[email protected]
Please visit this url to subscribe, unsubscribe and manage your
subscription preferences:
_______________________________________________
use-revolution mailing list
[email protected]
Please visit this url to subscribe, unsubscribe and manage your
subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-revolution
_______________________________________________
use-revolution mailing list
[email protected]
Please visit this url to subscribe, unsubscribe and manage your
subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-revolution
_______________________________________________
use-revolution mailing list
[email protected]
Please visit this url to subscribe, unsubscribe and manage your
subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-revolution
_______________________________________________
use-revolution mailing list
[email protected]
Please visit this url to subscribe, unsubscribe and manage your
subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-revolution
_______________________________________________
use-revolution mailing list
[email protected]
Please visit this url to subscribe, unsubscribe and manage your subscription
preferences:
http://lists.runrev.com/mailman/listinfo/use-revolution
