If you use mobile home directories on Mac OS X 10.6 or OS X 10.7 with Windows Server 2008 R2 based SMB home shares, you can run into permission issues during home sync.
While you can easily sync your home directory from the server to a client, syncing changed data back to the server can fail as OS X tells you, that you don’t have proper permissions to access some of your local files.
This happens due to the way OS X deals with the sync process. After investigating what’s going on there, I found out that the easiest way to fix this is to use a logout hook which changes permissions.
I use this logout hook:
#!/bin/bash
user=$1
if [[ "${user}" == "" ]]; then
echo "Usage: logout.sh USER"
exit 1
elif [[ "$(whoami)" != "root" ]]; then
echo "Must be run as root. Exiting."
exit 1
fi
chmod -R -N "/Users/${user}"
chmod -R 777 "/Users/${user}"
chown -R "${user}":staff "/Users/${user}"
logger "Repaired permissions of /Users/${user}."
To set up the client to execute this script during user logout, I use a schema extended Active Directory like described in the free sample chapter of my Mac client management book.
Hope this helps you in your environment, too.