Set folder access permissions with OS X Server

You can set file and folder access permissions with the Server app. OS X provides two ways to control access to files and folders: standard permissions and access control list (ACL) permissions. Standard permissions provide basic control. ACL permissions provide more flexibility and control, but are more complex.

Set standard permissions

You can use the Server app to set standard permissions—Read & Write, Read Only, Write Only, or None—to control access to a folder and its contents. You can set different permissions for one user (the owner), one group, and all other users who log in. You can also set standard permissions for individual files. Standard permissions are also called POSIX permissions.

Select your server in the Server app sidebar, then click Storage.
Select the folder whose access permissions you want to change, then click the Action pop-up menu , then choose Edit Permissions.
To grant access to a different user, double-click the current user name and enter a different user account name.
As you type, the Server app looks up matching user accounts and displays them in a list. Clicking a listed user grants access permissions to that user.
To grant access to a different group, double-click the current group name and type the name of the new group.
As you type, the Server app looks up matching group accounts and displays them in a list. Clicking a listed group grants access permissions to it.
To change the permission level for the user, group, or others, click the current setting in the Permission column, then choose a setting from the pop-up menu.
The permission level you set for Others applies to any user who logs in but isn’t the specified user or a member of the specified group.

Set ACL permissions

You can use the Server app to set access control list (ACL) permissions for a folder or a file. An ACL consists of access control entries (ACEs), which you can add and change.

Each entry applies to a specific user or group. For each entry, you can set 12 permissions, giving you much finer control over access than you have with standard permissions. For example, entries in an ACL can grant write permission separately from delete permission, so a user can edit a file but can’t delete it.

The first entry in the list takes precedence over the second, which takes precedence over the third, and so on. For example, if the first entry denies a user the right to edit a file, other entries that allow the same user editing permissions are ignored. The entries in the ACL also take precedence over standard permissions.

Select your server in the Server app sidebar, then click Storage.
Select the folder or file whose access permissions you want to change, then click the Action pop-up menu , then choose Edit Permissions.
To add an entry, click Add , then enter the name of the user or group you want to set specific access permissions for.
As you type, the Server app looks up matching user and group accounts and displays them in a list. Clicking a user or group grants access permissions to the user or group.

To change the permission level for an entry, click the current setting in the Permission column, then choose a setting from the pop-up menu.

Choice	Description
Full Control	Has full administration, read, write, and inheritance permissions.
Read & Write	Has full read, write, and inheritance permissions.
Read	Has full read and inheritance permissions.
Write	Has full write and inheritance permissions.
Custom	Doesn’t have full administration, read, write, or inheritance permissions.

By default, each new entry has full read and inheritance permissions.

To change detailed permission settings for an entry, click the disclosure triangle next to the entry, optionally click the additional disclosure triangles that appear, and select or deselect permission settings.
For information about the detailed permission settings, see Access control lists (ACLs) and Access control entries (ACEs).