Subject: Re: How do Mac access privileges map to Unix?
From: Stan P. van de Burgt (stan@q-go.com)
Date: Tue Jul 04 2000 - 13:48:36 EDT
Thanks Tom,
It sure helps, although I hope more people will answer to this thread.
It would really help everyone to have the precise mapping semantics.
More below...
> > Can anyone help me with a pointer to a document or a short desciption of
> > - the exact mapping of access privileges on a Mac vs those on Unix (Linux)
> > and vice versa?
> > - the inheritance of access privileges when copying files and folders to a
> > shared disk.
> > - the inheritance of ownership of those files.
>
>I was hoping someone else would answer authoritatively, but here's what
>I've
>surmised from behavior:
>
>- afpd processes run as the user who logged into the Mac, so the Mac has
> access to everything the user would ordinarily. This is the only thing
> you need to decide if a user can *read* a file.
>
>- Afpd gives newly-created directories the same permissions bits as those
> of the parent directory, including the setgid bit.
Is that the 't' shown when using ls -l ?
>- Newly created files will get the same permissions bits as the parent
> directory, with the x bits stripped.
Really??
>- Newly created files and directories will be owned by the creating user.
> If the parent directory has the setgid bit set, new files and directories
> will be in the same group as the parent; otherwise they will be in the
> creating user's primary group. (This is normal Unix behavior.)
>
>- Files and directories can only be created in directories to which the
> user has rwx access (as opposed to Unix, where only wx access is needed.)
That explains my problems with creating a 'drop box' (see below).
>- These rules apply to the .AppleDouble directories as well, but not to
> Network Trash Folder.
>
> > One of the things I'd like to have is a 'drop box' where a file can be
> > copied to, and where the owner of the drop box can pick it up.
> > But a complete overview would be great to set up the right privileges for a
> > shared network disk.
>
>I don't believe you can do this in general without letting all users
>overwrite and delete files created in the dropbox by other users;
That's ok, as long as other users cannot see the file list
I think however that it is possible if you give it the same access rights
as /tmp
>you
>can't have files created in the dropbox that can only be modified by the
>creator and drop-box owner.
>
>Now, if you're willing to create a subfolder for each user within the
>dropbox, so that users can only drop files into their own folder, then you
>can do it.
That's what I tried and it worked, although there seems to be something wrong.
With a +w setting, I get a nice 'folder with downarrow above it', but I
other users cannot create files in it
With +wx the folder Icon is a normal one for other users but when they open
it, they will see an empty folder (even if it's not) and see a small doc
icon with red diagonal line across it
- Stan
This archive was generated by hypermail 2b28 : Wed Jan 17 2001 - 14:31:25 EST