Server Admin 10.4 Help

Controlling Access to a Windows Share Point or Shared Folder

The information below replaces the information for this topic on page 58 of the Windows services administration guide.

Using Workgroup Manager, you can set access control lists (ACL) permissions and standard UNIX privileges for a share point or any folder in it. ACL permissions fully supersede the standard UNIX privileges for users who access a share point or folder using the SMB/CIFS or AFP protocols. Only the standard UNIX privileges affect users who access a share point or folder using the NFS protocol. The standard UNIX privileges are also known as POSIX permissions.

The ACLs for folders in Mac OS X Server share points are compatible with Windows XP ACL settings. A Windows XP user can use Windows Explorer to set ACL permissions of shared folders, and the changes will affect Windows, Mac OS X, and UNIX clients that access the folders.

1. Open Workgroup Manager and click Sharing.
2. If you want to set ACL permissions for a share point or folder, make sure ACLs are enabled for the volume on which the share point or folder is located.

   To enable ACLs for a volume, click All, select the volume, select "Enable Access Control Lists on this volume," and click Save.

3. Click Share Points and select the share point or folder you want to control access to.

   If you want to create a folder in a share point, select the share point or a folder inside it, click the New Folder button (folder icon with +), enter the new folder name, and click OK.

4. Click Access.
5. Change the standard UNIX access privileges.
   • To change the owner or group of the shared item, type a name or drag a name from the Users & Groups drawer.

     To open the drawer, click Users & Groups. If you don't see a recently created user or group, click Refresh. To change the autorefresh interval, choose Workgroup Manager > Preferences.

   • Use the pop-up menus next to the fields to change the permissions for Owner, Group, and Everyone.

     Everyone is any user who can log in to the file server:  registered users and guests, alike.

6. Change the ACL permissions.
   • To add an entry to the ACL, drag a name from the Users & Groups drawer.
   • To change an entry in the ACL, select it, click the Edit button (pencil shaped), and change permission settings.

     You can also change an entry's type and permission level by choosing from the pop-up menus in the Type and Permission columns of the ACL.

   • To remove an entry from the ACL, select it and click the Delete button (-).
   • To remove a selected folder's inherited entries, choose "Remove inherited entries" from the Action menu.
   • To make a selected folder's inherited entries explicit so you can edit them, choose "Make inherited entries explicit" from the Action menu.
   • (Optional) To apply all ACL permissions or selected UNIX privileges of a share point or folder to all files and folders it contains, select the share point or folder, choose Propagate Permissions from the Action menu, then select what you want to propagate and click OK.

     This overrides access privileges that other users may have set for the affected files and folders.

7. Click Save.