There are four types of standard POSIX access permissions that you can assign to a share point, folder, or file: Read & Write, Read Only, Write Only, and None. The following table shows how these permissions affect user access to shared items (files, folders, and share points).
Users can | Read & Write | Read Only | Write Only | None |
|---|---|---|---|---|
Open a shared file | Yes | Yes | No | No |
Copy a shared file | Yes | Yes | No | No |
Edit a shared file | Yes | No | No | No |
Move items to a shared folder or share point | Yes | No | Yes | No |
Move items from a shared folder or share point | Yes | No | No | No |
Note: WebDAV has separate permission settings.
Explicit permissions
Share points and the shared items they contain (including folders and files) have separate permissions. If you move an item to a different folder, the item keeps its permissions and doesn’t adopt the permissions of the folder you moved it to.
In the following illustration, the second folder (Designs) and the third folder (Documents) were assigned permissions different from those of their parent folders:
The user categories Owner, Group, and Others
You can assign standard POSIX access permissions separately to three categories of users:
Owner: A user who creates an item (file or folder) on the file server is its owner and automatically has Read & Write permissions for that folder. By default, the owner of an item and the server administrator are the only users who can change its access privileges (but you can enable a group or others to use the item). The administrator can also transfer ownership of the shared item to another user.
Note: When you copy an item to a drop box on a Mac file server, ownership of the item doesn’t change. Only the owner of the drop box or root has access to its contents.
Group: You can put users who need the same access to files and folders in group accounts. Only one group can be assigned POSIX access permissions to a shared item. For more information about creating groups, search Server App Help for “Users & Groups.”
Others: Others includes any user (registered user or guest) who can log in to the file server.
Hierarchy of permissions
If a user is included in more than one user category, each of which has different permissions, these rules apply:
Group permissions override Others permissions.
Owner permissions override Group permissions.
For example, when a user is the owner of a shared item and a member of the group assigned to it, the user has the permissions assigned to the owner.
The more restrictive permissions always take precedence. For example, if a user belongs to a group that has No Access assigned to an item while the Others permissions are set to Read & Write access, the item with No Access privilege overrides the Others setting, denying the user access to the item.
Client users and permissions
Users of AppleShare Client software can set access privileges for files and folders they own. Users who use Windows file sharing services can also set access privileges.
Standard permission propagation
The Server app lets you specify which standard permissions to propagate. For example, you can propagate only the permission for Others to all descendants of a folder and leave the permissions for Owner and Group unchanged. For more information, see Propagate access permissions.