If you work with a Mac OS X Server 10.4.x AFP server and Tiger clients, and you set up a shared folder with read-only permissions for your users, Mac OS X will preserve the read-only permissions if you copy files and folders from your file server to your Desktop, no matter if it’s a local or a server-based home directory.
While preserving as much information as possible is really useful, in some cases you might want to have an archive folder with write permissions for administrators and read-only permissions for users. I’ve seen prepress environments in which artists are supposed to copy files from a read-only volume to their local Desktop where they can then edit the copies. Yet, in a standard Mac OS X Server / Mac OS X environment they can not edit these files anymore.
To change this, we can set up an ACL entry for each user’s Desktop folder, that lets each user edit any file or folder on his or her own Desktop.
Download the following script, extract it, and run it on your server if you use server-based home directories or on your client machines if you use local home directories. If you work with portable home directories, I guess that invoking this script on your server only should be sufficient, too.
Here’s the script:
SetDesktopACLs.zip
After extracting it, open Terminal and type:
sudo -s
Enter your password, drag the extracted file into the Terminal application and press Enter.
If your home directories are not located in /Users, please change the path in the script.
In case ACLs are not activated on your client yet (they are turned off by default), the script automatically turns them on by invoking
fsaclctl -p / -e
If you have multiple clients, you can select them in ARD, choose “UNIX”, enter the code of the script, and let it run as root. This way you can enable ACLs remotely.
The script writes an ACL entry into each user’s Desktop folder that allows for writing and deleting.
Be careful and try this in a test environment first.