Why read/write permissions go awry with macOS File Sharing
Some macOS problems don’t have an easy fix. This is one of them.
Thinkstock
“);});try{$(“div.lazyload_blox_ad”).lazyLoadAd({threshold:0,forceLoad:false,onLoad:false,onComplete:false,timeout:1500,debug:false,xray:false});}catch(exception){console.log(“error loading lazyload_ad “+exception);}});
Jan Miller writes:
I have six computers and use a Mac mini as a fileserver with sharing set up on it. About every week some of the files become read-only for some of the users.
She also asks:
When I open the files on one computer two servers show up with the same info in each.
But her request for both is the same: “How do I make this more reliable?”
The first problem is a limitation with the underlying Unix system upon which macOS is built upon+. Many operating systems have the concept of “file permissions,” which are metadata attributes set for each file and folder (or directory) about who may create, manipulate, and delete items, as well as who may execute or run them as software. Permissions are designed to compartmentalize users and prevent non-privileged users from accessing administrative functions.
Unix generally divides permissions in user, group, and “world,” meaning all other users of the system for read, write, execute, and a few extras typically needed only by system files. Apple adds extended file attributes on top of this that can be used by apps or the system.
But despite all the control over who can do what, there’s shockingly no way to lock permissions for a given folder such that everything created in it, modified in it, or added to it inherits the permissions of the parent folder. That is, you’d expect you could say, “Shared Folder should always be reachable for everyone who has access to this system,” and yet there’s no simple way to ensure that.
Over at StackExchange, a contributor came up with a long command-line invocation you can use in Terminal to set a folder to keep permissions set correctly, but it only works when files are created in the folder—if you move a file or multiple items in, they don’t inherit the right permissions. If you’re comfortable with the Terminal, this will certainly reduce the problem but not get rid of it.
Apple does offer a $20 upgrade for macOS that lets you turn a Mac into a more full-featured server, including better controls for folder access. However, it requires a bit more system-administration knowledge. The book Take Control of OS X Server ($20) may help. It was last updated for El Capitan (OS X 10.11), but little changed.
Now the second question, why two servers appear, is easier:
- Make sure all users have disconnected from the file server, clicking the eject button next to the server name in the sidebar of the Finder on their Macs.
- On the Mac sharing files, open the Sharing system preference pane.
- Select File Sharing.
- Click Options.
- You should see both Share Files and Folders Using SMB and another item for AFP checked. Uncheck AFP.
- Click Done.
IDGYou can disable file-server types to prevent the potential of multiple instances of the same server appearing as an option.
You should no longer see two servers. Apple supports AFP (Apple Filing Protocol) for legacy reasons, but has put its new file-sharing efforts behind SMB, which is compatible with Mac, Windows, and other platforms.
If you find that some older Macs can no longer connect to the server, you may need to re-enable AFP, even with the duplicate servers appearing.
Ask Mac 911
We’ve compiled a list of the questions we get asked most frequently along with answers and links to columns: read our super FAQ to see if your question is covered. If not, we’re always looking for new problems to solve! Email yours to mac911@macworld.com including screen captures as appropriate. Mac 911 can’t reply to—nor publish an answer to—every question, and we don’t provide direct troubleshooting advice.