Controlling File Access

  • Thread starter Thread starter Alan Kidner
  • Start date Start date
A

Alan Kidner

Greetings,

In my test environment a Mac user can see into other
users folders that he can not see into when logged in on
a PC. Although the folder is locked and he can not make
changes from the Mac, he can nevertheless copy work that
he should not have access to.

Our Macs are using OS 9, our PCs are running Windows XP
and the server is Windows Server 2003. I have tried
using Macfile Directory commands and managed to change my
ability to see into folders when using Windows Explorer
on the server! However, none of the permutations I tried
seemed to make any difference to a Macintosh user
mounting the volume through the Chooser and browsing with
the Finder!

Any help would be much appreciated.

Best regards, Alan.
 
Greetings,

In my test environment a Mac user can see into other
users folders that he can not see into when logged in on
a PC. Although the folder is locked and he can not make
changes from the Mac, he can nevertheless copy work that
he should not have access to.

Our Macs are using OS 9, our PCs are running Windows XP
and the server is Windows Server 2003. I have tried
using Macfile Directory commands and managed to change my
ability to see into folders when using Windows Explorer
on the server! However, none of the permutations I tried
seemed to make any difference to a Macintosh user
mounting the volume through the Chooser and browsing with
the Finder!
Click to expand...

Hi Alan!

Windows allows for much more granular permissions than Macs and the results
won't necessarily translate as you'd expect.

Keep in mind that a Windows "share" is equivalent to a Mac "volume". These
are two "front doors" to items on your server. Each front door can have
different permissions for entering, but once a user has passed through
either front door, he has exactly the same access to all the files and
folders as he would from either client.

Also, Windows can control access to files and folders, but Mac access can
only be controlled at the folder level. If a Mac can see a _file_, it has
full access to either open it or copy it.

The following are what I'd call best practices for making sure access is
equal when sharing to both Windows and Macs.

1.) Microsoft recommends that when creating a Windows share, the permissions
be left at the default of Everyone with Full Access. Then control access to
files and folders within the share.

2.) Try to share the same directory on the server as both a Windows share
and a Mac volume. Creating a share at one level and then creating a volume
at another level only adds to confusion. Windows and Mac users should expect
to "see" the same thing from both clients.

For example:

With a directory structure of \\server\sharedFiles\moreFolders\Files, don't
create a Windows share at "sharedFiles" and a Mac volume at "moreFolders".
Create both the Windows share and the Mac volume at "sharedFiles" or
"moreFolders".

3.) Once a Mac volume has been created, set permissions from a Mac client
and not from the server. The Mac client is limited to setting permissions
for Owner, User/Group and Everyone. And the permissions apply only to
folders and not files. You'll have a much clearer idea of what's happening
when doing this from a Mac.

Log on to the server from a Mac workstation as the owner of the volume and
set the access for the folders. Each folder has only one set of permissions.
Nothing is different whether a user is logged on from a Windows or Mac
client.

Hope this helps! bill
 
Back
Top