Many of us have waited for Mac OS X Server 10.5.3 to be released, especially those of us who use POSIX file permissions on shared volumes.
Before 10.5.3, group membership was not inherited from parent folders, so you needed to work with ACLs to get a decent permission structure.
In 10.5.3, the AFP inheritance window has changed and now looks like this:
As you will notice, you can’t choose between “inherit permissions” and “POSIX permissions” anymore.
Instead, if you share a folder or volume using AFP, group membership on the POSIX level will always be inherited from the parent folders.
Yet, POSIX permissions will always be 755 by default, so you absolutely need to use ACLs if you want to make files group accesible.
This is how it looks:
I have an AFP share called “Daten” (see screenshot above). In this share lies a folder called “tmp”, which has these POSIX permissions:
drwxrwx---+ 4 andre admin 136 May 30 11:00 tmp
When I copy a file into this folder (using AFP), the file has these POSIX permissions:
-rw-r--r--@ 1 andre admin 7814 May 23 13:51 MyFile
as you can see, it uses standard 755 POSIX permissions and inherits group membership (on the source the file belonged to the group “staff”).
This means that for group folders, in which every group member needs to be able to edit any file, AFP with POSIX permissions only is almost unusable.
With ACLs activated and properly set up, everything is fine, though.
If you can’t use ACLs (e.g. because you share an Xsan 2.0 volume), you can either change the umask of your Xsan clients to e.g. 002, or you set up a cron job (or launchd), which fixes group permissions. The latter can take quite a lot of time on huge volumes.
Another option would be to use SMB instead, which still supports permissions inheritance:
