Drop Folder Rights for Mac Workstations

[Guest]

I have a windows 2k advanced server in a mixed network with PC's running
win98 up to win2k pro and mac workstations running 8.6 up to 10.3.5

The problem is I have an instructor who would like two folders on the server
that his students can access from a mac lab, one folder being read only for
the students so he can place assignments in it and they can pull them out to
do. The second folder needs to be a drop folder, the students can put files
into it, but not access files once they are in there, delete them, read other
students files etc. But the instructor and myself should have full access to
both folders. I can pull this off for the windows workstations but they
don't work the same for the mac workstations...

does anyone have this type of network setup? These folders? How do you set
up file permissions on these folders? I tried to share the folders through
the mac share side, but the main volume is already shared and it won't let me
share folders inside the volume so I'm limited to using the permission
settings from the windows side on these folders.

Thanks for any and all suggestions!

 

[William Smith]

I have a windows 2k advanced server in a mixed network with PC's running
win98 up to win2k pro and mac workstations running 8.6 up to 10.3.5

The problem is I have an instructor who would like two folders on the server
that his students can access from a mac lab, one folder being read only for
the students so he can place assignments in it and they can pull them out to
do. The second folder needs to be a drop folder, the students can put files
into it, but not access files once they are in there, delete them, read other
students files etc. But the instructor and myself should have full access to
both folders. I can pull this off for the windows workstations but they
don't work the same for the mac workstations...

does anyone have this type of network setup? These folders? How do you set
up file permissions on these folders? I tried to share the folders through
the mac share side, but the main volume is already shared and it won't let me
share folders inside the volume so I'm limited to using the permission
settings from the windows side on these folders.

Thanks for any and all suggestions!

Hi johnny!

A fundamental difference in the way Windows and Macs deal with
permissions is that Windows can use Access Control Lists but Macs are
more limited and can assign permissions to only Owner/Group/Everyone.
ACLs allow you to select multiple groups or users and assigns unique
sets of permissions to each whereas Mac permissions are limited to the
three levels above.

Therefore, the best way to set this is to use the common denominator
between the two, which is the Mac permissions.

Set up your share on the Windows server with permissions for everyone to
READ. Create a Mac volume using the same directory.

Then connect to this Mac volume as an administrator or owner of this
volume from a Mac OS 9 or lower system and create your folders. Select
each folder, type Command + I (Get Info) and select Sharing. Set your
permissions here. You can have only one owner, one group and one setting
for everyone else.

Set the Owner to the name of a group that you're part of. This group
will have full access. Set the Group to the name of a group containing
your students. This group should have either READ or WRITE access
depending on the purpose of that folder. You can set Everyone to no
access.

Once these permissions are set, do not attempt to adjust them from
Windows clients or the Windows server or you will mangle the permissions
set by the Mac.

Hope this helps! bill

 

[Paul Nelson]

Powell at Johnny J (e-mail address removed) wrote on 2/1/05 11:05
AM:

I have a windows 2k advanced server in a mixed network with PC's running
win98 up to win2k pro and mac workstations running 8.6 up to 10.3.5

The problem is I have an instructor who would like two folders on the server
that his students can access from a mac lab, one folder being read only for
the students so he can place assignments in it and they can pull them out to
do. The second folder needs to be a drop folder, the students can put files
into it, but not access files once they are in there, delete them, read other
students files etc. But the instructor and myself should have full access to
both folders. I can pull this off for the windows workstations but they
don't work the same for the mac workstations...

does anyone have this type of network setup? These folders? How do you set
up file permissions on these folders? I tried to share the folders through
the mac share side, but the main volume is already shared and it won't let me
share folders inside the volume so I'm limited to using the permission
settings from the windows side on these folders.

Thanks for any and all suggestions!

You didn't mention what protocol you wanted to use for sharing, but if you
are using smb/cifs from your OS 10.3 systems, you need to make sure your
access control list has an entry for "CREATOR OWNER". This entry should
allow access to items INSIDE the drop box (be sure you set it to subfolders
and files, and don't leave it "this folder, subfolders and files"). You can
then give this ACL entry with read/write access allowed. You may allow or
deny deleting items too. Users could delete them from the Mac, but would
need to use a shell command to do it.

The reason you need this is that 10.3 finder creates the file inside the
drop box, then closes it, then reopens it for writing. The Mac can create
the file (this is the same thing a PC does), but after closing it, it can no
longer open it unless there is a CREATOR OWNER ACL entry. PCs simply create
the file (which also opens it) and write to the open file.

 

[Bob Doyle]

Good god, first upgrade all your o/s's. 10.3.5? Nice.