我有一台 Mac Mini,我想将其用作文件服务器。我想共享以下目录结构:
Public <-- shared (UserA and UserB readonly; Admin is owner)
|- FolderA <-- (UserA is owner, read and write; UserB readonly)
|- FolderB <-- (UserB is owner, read and write; UserA readonly)
我已经public从 Mac 客户端访问共享,UserA例如创建一个新的子文件夹然后FolderA可以UserB读取它。
UserB但是例如我FolderB从 PC 客户端(Windows 10)创建了一个新的子文件夹然后UserA无法读取它。
我查看了一下权限,它看起来像这样:
Public <-- shared (UserA and UserB readonly; Admin is owner)
|- FolderA <-- (UserA is owner, read and write; UserB readonly)
|- MacSubFolderA <-- (UserA is owner, read and write; UserB readonly)
|- FolderB <-- (UserB is owner, read and write; UserA readonly)
|- MacSubFolderB <-- (UserB is owner, read and write; UserA readonly)
|- PCSubFolderB <-- (UserB is owner, read and write; UserA has no access, WHY?)
我知道以下解决方法。我可以为所有子文件夹应用文件权限FolderB。但我不想每次 PC 客户端添加一些文件时都手动执行此操作。
答案1
解决方案是设置ACL 继承权限在父文件夹FolderA和FolderB。
首先使用以下命令启用 SMB 共享的 ACL 权限。
sudo defaults write /Library/Preferences/SystemConfiguration/com.apple.smb.server AclsEnabled -bool YES
其次创建一个UserGroup包含UserA和的UserB。
FolderA然后FolderB使用以下两个命令在父文件夹上设置继承权限。
sudo chmod -R +a "group:UserGroup:allow readattr,readextattr,readsecurity,list,search,file_inherit,directory_inherit" /Public/FolderA
sudo chmod -R +a "group:UserGroup:allow readattr,readextattr,readsecurity,list,search,file_inherit,directory_inherit" /Public/FolderB