Fixing Windows File Sharing (SMB) Permissions on OS X Server

With Apple hiding a lot of the more useful and fine-grained controls over the services on OS X Server, the SMB Service is one area that has suffered.

There is no longer any control whatsoever over Windows file sharing, other than having a checkbox to turn it on or off on each sharepoint.

As it turns out, there’s a big problem with Windows file sharing on OS X Server, newly created files are given default permissions such that all ACL inheritance is ignored, the permissions on the containing folder are ignored and the file is created such that it can only be accessed by the owner of the file. There is no access by other members of the group, or by anyone else.

In previous versions of OS X Server, there were configuration panes for Windows file sharing so you could accept the default behaviour, or set explicitly the permissions to be used for new files and folders.

Now that Apple has ditched Samba in Lion and Mountain Lion, none of the tweaks that have been applied previously are of any use.

In Lion Server and Mountain Lion Server, there’s a command-line option that restores some sanity to SMBX, Apples SMB Service. The following command, to be executed from Terminal on the OS X Server, will enable ACL inheritance for files and folders accessed via SMB:

sudo defaults write /Library/Preferences/SystemConfiguration/com.apple.smb.server AclsEnabled -bool YES

More information is available in Apple Knowledge Base Article TS4149.

 

This article was posted by Kai Howells. If you liked this content and have any technical work in the Melbourne area, say hello via my contact form or give me a call on 0419 361 653 - I cover most of the greater Melbourne area and my rates are competitive.

Leave a Reply

Your email address will not be published. Required fields are marked *