Friday, November 28, 2014

Openfiler permission problems with shares on MacOSX and Windows



This morning, we encountered an incident with OpenFiler server. It is this:

  • We have Mac users and Windows users (and some genius Linux users :D) but they are belonged to a same group name ABCD.
  • We granted write permission for all users in the ABCD group.
  • When a Mac user sharing a folder on the OpenFiler server, other users of the ABCD group suppose to have all permission on that folder, but nope, they cannot do anything except read.

I investigated the folder with getfacl command:

# getfacl /mac_users/shared_folder
...
group::r-x
...

As you can see, the group attribute lacks of write permission.

I was googling around and found this article:

http://www.maykinmedia.nl/blog/2009/aug/22/openfiler-permission-problems-share-macosx-windows/

That guy had exactly the same problem with us, and he gave a solution:
  • Enable inherit_owner option of samba to avoid this issue in the future with new folders
  • For the old folder, after you have enabled inherit_owner of samba, you need to create a new folder, then copy over all the files and folders from the original folder.
That method mays take some time.

Actually, you can just grant the write permission for the ABCD group using the following command:

# setfacl -R -m group::rwx /mac_users/shared_folder

Everything will be OK! \m/