Rules of Precedence
If a user complains that she can't access a certain share or save a file, look at your permission structure and the inheritance. You may have one type of inheritance unexpectedly taking precedence over another. For example, check the groups that the user belongs to and whether any Deny permissions are set. The issue is that if you have multiple sets of permissions and inheritance, only one can apply for any given shared folder and user or group. Some permissions take precedence over others.
Here are some rules that define which permissions take precedence:
- Standard POSIX permissions apply automatically if no ACL exists for a certain file or folder. If you don't specify any permissions to a newly created share point (and none are inherited), the default POSIX permissions and inheritance rules are applied.
-
Deny permissions take precedence. When the server sees a Deny permission, it applies it regardless of other rules or precedence. This can unintentionally block access for a user. - ACL entries are first-come, first-served. The order in which users and groups are listed in the ACL matters. If a user belongs to multiple groups in the list, the group listed higher takes precedence over one listed lower. So if the first entry doesn't give a user the right to ...
Get Mac OS X Lion Server For Dummies® now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
