Odd permissions issues on Windows Share

sharing windows file-sharing permission smb

I'm handling the IT for a Mac based design studio and they're having weird issues with files on a Windows Server 2008 R2 server. They should have complete access to everything, they can create, delete, edit files but sometimes they can't move them or rename them. It seems to be limited to files they created but I'm not 100%, anyone come across this before?

Edit: On further investigation, it's not permissions it's file locking. Some programs including preview or opening files (assuming locking them) and not releasing. Killing all the programs or remounting the share sees to working but it's a workaround that's not really acceptable to the users.


Solution 1:

We have had a very similar (if not the same) problem ever since we upgraded our server to Windows 2008 R2. (WinServer 2003 was fine.) However, the main symptom we encountered, is somewhat different:

We work in a mixed Mac / PC environment. Desktop operators work on Mac only, whereas our backend services are Windows based. Also some manual operations are done on Windows 7.

We call our problem "Ghost Folders". These are folders, that are inaccessible even for Windows Administrator account. Windows displays no privileges for anyone! Even admin user cannot see folder permissions or owner - nor can ownership be taken by Administrator. Total lockdown.

Such folders are created under following circumstances:

  1. A windows share is mounted on Mac by SMB://<IP-address> notation.
  2. Mac or Windows user attempts to move or delete a folder with some files inside.
  3. Mac Finder gives error "No access" or "Insufficient privileges", as does Windows.
  4. Windows Server shows the folder as with no permission for anyone. This folder will disappear by itself some time later (!!) Time span can be anything from a few minutes to several hours.
  5. On Mac, the UNIX 'ls -la' command shows the folder permissions as normal. However 'ls -la' for the folder contents lists nothing. Not even the "." or ".." for 'current' and 'upper-level' folders.

This scenario can be repeated at will - Deletion can be attempted either on Mac or Windows.

Similar behavior is also seen when attempting to save (overwrite) a file from a Mac application. This will give permissions error - and the original file disappears from the server. This suggests a successful deletion of the original file, but failed write of the new content.

This scenario will only take place if at least one Mac has the share mounted and any folder of the share is open in Finder. A share that is not accessed by any Mac does not produce this problem.

We have sketchy evidence that the initial deletion attempt (when unsuccesful) will actually (or partially) delete the folder from the Windows file system. We have seen deletion apparently to succeed on Windows Explorer. However, the Mac SMB connection appears to somehow, as if "re-create a shadow" of the folder - or "deny" the deletion after the fact, bringing the folder back to Windows file system, but with null permissions.

We would appreciate if someone checks for this behavior on their systems, if you see the same chain of events as we do. It may help us all to more accurately pinpoint the source of this elusive problem.

Any input will be greatly appreciated.

Solution 2:

Feels a bit cheeky answering my own question but I've spent enough time searching through boards that don't go anywhere to know how frustrating that can be. It's not a permissions issues, I like a lot people assumed it was a permissions issue. It's file locking. The Mac opens a file that's hosted on the server and closes it, but the directory above the directory the file is contained in stays open. It's this directory that can't be moved or renamed. To close the connection you can unmount and remount the share drive, or you can kill finder, or on windows server you can Right Click on Computer, Select Manage, Expand Roles, Expand File Services, click on Share and Storage Managment. Then click Action from the menu at the top, then Manage Open Files. That will bring up a dialogue showing all the open files on the computer, I like to order by open file so I can see the file paths in order. Select the problem folder(s) and click close selected. The latter open sounds harder but once the dialog is open it's easier to manage if you have a lot of users.

This is still not a solution, it's a workaround but I thought I could help someone else search.

Related

Bootcamp Failing with Error: "The startup disk cannot be partitioned or restored to a single partition."
Disable badge for specific app with a script
How to move all of my mails to external HD and make them appear only when its connected
Mac Pro 4,1 (Early 2009) Sierra Compatibility?
How to unregister "httpd" after "wfsctl stop"?
Applescript to automatically add .noindex extension to a file?
Is it possible to output different audio to HDMI and built-in speaker simultaneously?
How to move or export all Photos' library contents to a hierarchical by-date filesystem structure?
MacOS Catalina Verifying app at bootstrap
killing httpd spawns new processes
Can I tell iTerm 2 to change color when I'm root
Can I configure a task to run while my MacBook lid is closed?