OS X AFP shares and access

mac-osx afp shares

Solution 1:

Replaced my original answer after doing some testing of my own using a OS X 10.5.6 Server and a 10.5.7 Client:

What I found after a bit of experimentation is that OS X is a bit crazy when it comes to ACL inheritance for share points. ACLs that are inherited will always take precedence over ACLs that are set at the share point (or lower in the tree) but only for write permissions. You can quite happily give a user read permissions on a folder down the tree a bit and it'll work, but if you give them write it'll fail hopelessly.

What does work. Turn off inheritance for the deny rule above the problem share (you can have it there, just don't have it inherit in any way). Then explicitly set the deny at the share point (turning inheritance on at this point seems to work just fine). My testing had that working without issue but it'd be a pain if you had to manage hundreds of similar shares.

One option might be a top level blanket deny on Everyone having read and then the no-inherit block on write as suggested above. Please let me know how you get on as I'm interested for my own share management.

Related

Upgrading RAID 5 array drives in a DELL 2950 with Perc 6i controller
Nginx vs Lighttpd for WordPress server performance?
Bypass Proxy Settings "captive.apple.com"?
Software to sync external HD and NAS - must work with FAT32
Run zsh alias via automator?
iPhone 4S fell into water and blacked out, with only CPU and mainboard burning. Is it possible to export the data from two years ago?
Typing five-digit Unicode
Connect 3 External Displays to iMac (Retina 5K, 27-inch, 2017)
What happens if I cancel/downgrade my iCloud storage plan? [duplicate]
Can Numbers create stacked column charts with two columns for each category?
Getting list of pids and process names
Hotkeys (COMMAND-V ....) don't honor Dvorak layout