We have 7 or 8 users who use a M4 Mac Mini to save files. Since upgrading the M4 with Sequoia, we often see where files created by one user do not inherit the parent folder's permissions. We understand the workaround of applying changes to all files, but we are trying to stop this from happening. Has anyone else experienced it, and how has it been resolved>?
Mac mini (M4)
You need to add an access control list the top-level folder, then propagate that to subfolders in order to make it act like a file server.
https://techion.com.au/blog/2018/6/9/share-with-directory-permission-inheritance
Once in place the ACL will be automatically inherit into the new folder.
File Sharing is not a file server.
I have almost the exact same situation.
A new M4 Mac Mini with Sequoia 15.3.1.
7-8 network users
The previous 2018 Mac Mini running Sonoma crashed but before then its network users' file and folder creation and edits inherited permissions fine after using this terminal command in 2020 (pre-Sonoma):
sudo chmod -R +ai 'group:topGROUP allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit' '/Users/tmadmin/Documents/Shared_Docs'
This no longer helps. I tried it several times with restarts in between and turning filesharing off and on.
Though the M4 Mac Mini (TimeMachine migration from 2018 Sonoma backup drive) shares work, newly created files and folders with the Shared_Docs folder don't inherit permissions.
As an emergency measure, using the GUI on the folder to "apply to enclosed items" works but network users create folders and files all day long.
Ok, fixed it.
SUMMARY
• Created new parent folders in the Home folder, not inside the Documents folder.
• Copied stuff to them
• Appled sudo chmod -R +ai ... setting (see below) that I've used since 2020
• Shared the new folders
• Tested with network users ok
• Restarted the server and tested ok again
LONG VERSION
There are two shared folders containing numerous child folders and files, e.g., Shared_A and Shared_B.
They were in the Documents folder. In Terminal, I saw their chmod settings by using the ls -le command (both "els"). I saw the permissions that I applied with the sudo chmod -R +ai 'group:topGROUP .... command BUT I also many other lesser ACL permissions on the same folder. I considered using the ACL remove index command but changed my mind and did this instead:
(1) Created new folders Shared_A and Shared_B in the Home folder, not in the Documents folder.
(2) Moved everything from the problematic originals to the corresponding new folders.
(3) Ran this in terminal
sudo chmod -R +ai 'group:topGROUP allow
list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit'
'/Users/tmadmin/Shared_A'
and
sudo chmod -R +ai 'group:lowGROUP allow
list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit'
'/Users/tmadmin/Shared_B'
(4) Viewed the new folders' permissions with ls -le in Terminal. They looked perfect and clean.
(5) Shared the two folders with appropriate user groups.
(6) Tested ok. We tested the heck out of it by having one user create a new folder and doc in a shared folder, then had the other user change the name of that new folder, the name of the new doc and the content of the new doc, then had the other user change it again to something else, back and forth about 5 times -- all ok.
(7) Restarted the server (M4 Mac Mini) just in case.
(8) Tested more ok.
I just posted the same problem yesterday and I'm excited to try what you have said here. I'm totally green with Terminal. Is there anywhere in what you posted here that I change for my particular application? I'm assuming where ever you have "group" I replace it with mine such as "staff"?
sudo chmod -R +ai 'group:lowGROUP allow
list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit'
'/Users/tmadmin/Shared_B'
to:
sudo chmod -R +ai 'staff:lowSTAFF allow
list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit'
'/Users/tmadmin/Shared_B'
Thanks for this information @generatech - I did something similar and it appears to have worked (so far) with the help of chatGPT (I'm no good with Terminal and I couldn't copy / paste and manipulate your code with success).
move file folders for sharing to home folder
turn off file sharing
run the following in Terminal:
# Step 1: Change group ownership of the folder and all its contents
sudo chgrp -R GROUPNAME /Users/USERNAME/"FILENAME"
# Step 2: Give group members read, write, and execute permissions (rwx)
sudo chmod -R 770 /Users/USERNAME/"FILENAME"
# Step 3: Set the setgid bit so new files inherit the group
sudo chmod -R g+s /Users/USERNAME/"FILENAME"
Repeated for any shared folders with different group name access.
Turned file sharing back on
Staff tested today and so far they're all celebrating.
Hopefully this continues to hold. Such a buggy OS.
Thanks for this information @generatech - I did something similar and it appears to have worked (so far) with the help of chatGPT (I'm no good with Terminal and I couldn't copy / paste and manipulate your code with success).
move file folders for sharing to home folder
turn off file sharing
run the following in Terminal:
# Step 1: Change group ownership of the folder and all its contents
sudo chgrp -R GROUPNAME /Users/USERNAME/"FILENAME"
# Step 2: Give group members read, write, and execute permissions (rwx)
sudo chmod -R 770 /Users/USERNAME/"FILENAME"
# Step 3: Set the setgid bit so new files inherit the group
sudo chmod -R g+s /Users/USERNAME/"FILENAME"
Repeated for any shared folders with different group name access.
Turned file sharing back on
Staff tested today and so far they're all celebrating.
Hopefully this continues to hold. Such a buggy OS.
We have to do the apply to all 15 or more times a day.
Sequoia on Mac Mini, Not saving permissions correctly
