Member Avatar

OS X 10.5.6

I have one user account that is set up as a 'Sharing Only' account.
I am sharing an external USB Drive and have two folders on the root of that drive ('Folder A' and 'Folder B'). The 'Sharing Only' account has the following permission configured for these folders:

Folder A = 'Write Only (Drop Box)'
Folder B = 'Read Only'

The permissions on 'Folder A' are working correctly. The 'Sharing Only' account can only write to that folder and cannot view its contents.

The permissions on 'Folder B' function correctly, but only on the contents immediately contained in 'Folder B'. All folders and files contained within any subfolders of 'Folder B' can be altered, moved, deleted, etc. The permissions propagate down to all subfolders and files, but are not respected.

For example (I apologize for the formatting, the Composer prevents me from illustrating file system trees. The following represents a tree):

--Folder B (User cannot rename or write to this folder. This is expected.)
----File A (User can only Read this file. This is expected.)
----Subfolder A (User can write to this folder and alter all of its contents. This is not expected.)

I have used the 'Apply to enclosed items' option in the 'Get Info' dialog of 'Folder B' and expected the 'Read Only' permissions to propagate down to ALL subfolders and files contained within 'Folder B'. The 'Get Info' dialog for ALL subfolders and files show the 'Share Only' user as having 'Read Only' permissions but the 'Share Only' user can still alter the subfolders and their content.

Is there a way, short of manually setting up the desired permissions on every single folder and every subfolder they contain, to propagate the permissions, that are respected, from 'Folder B' down to everything contained within it? Because the 'Get Info' dialog displays the 'Share Only' user as having 'Ready Only' permissions on the entire tree of 'Folder B', this seems like a fault in OS X.

Any help would be greatly appreciated!

Extra information:
The 'Ignore ownership on this volume' option on the drive is unchecked
The external USB Drive is connected to a USB Port on an iMac and is shared through the iMac
The 'Sharing Only' user is a Mac user accessing the external USB Drive from a separate Mac
My Sharing Options are configured with AFP and SMB

It sounds like you aren't dealing with all levels of permissions. In UNIX operating systems, there are three levels:

- owner permissions
- group permissions
- everyone permissions

My guess is that you only adjusted 'owner' permissions, which doesn't mean squat if you left full permissions for everyone else (which includes the owner), or if they're part of the owning group. You can adjust these settings all from the Get Info dialog, see Apple's article for more details:

I am having the same problems with 10.5.6. I have set the Owner permissions to rwx, and everything else (Group, Everyone) to Read Only (so rwxr-xr-x)... I have the files shared AFP and SMB.

I'd send a screenshot of the Get Info, as well as a terminal "ls -l" that shows this, but here's the problem. I can login as a Guest from any other computer, and edit, delete, and create new files - even though the folder permissions shouldn't allow it. This behavior only applies to external drives - NOT any of the home folders on any of the host machine's user profiles.

I also had the setting for the external drive to "ignore ownership on this volume" checked on the Get Info page... I thought that's what the trouble was, but even when I unchecked that box, and logged in from a remote machine, it still ignored the Read-Only permission I had set for everyone, and let me edit, create, and delete...

It seems like a bug only applying to external drives, I can't get it to perform the same way on the internal drive at all.