Specifications
Chapter 2 Setting Up File Service Permissions 29
Folder ACL (Everyone) POSIX
Drop box Permission Type: Allow
Select the following checkboxes:
 Traverse Folder
 Create Files
 Create Folder
 All inheritance options
Owner: read, write, execute
Group: read, write, execute
Other: write
Example: drwxrwx-w-
Set the owner to root or
localadmin and set the group
to admin.
Backup share Permission Type: Allow
Select the following checkboxes:
 List Folder Contents
 Create Files
 Create Folder
Owner: read, write, execute
Group: read, write, execute
Other: no permissions
Example: drwxrwx---
Set the owner to root and set
the group to admin.
Home folder Permission Type: Deny
 Delete
 Apply to this folder
 Apply to all descendants
Owner: read, write, execute
Group: read only
Other: read only
Example: drwxr--r--
File Services Access Control
Server Admin in Mac OS X Server enables you to congure service access control lists
(SACLs), which enable you to specify which users and groups have access to AFP, FTP,
and SMB le services.
Using SACLs enables you to add another layer of access control on top of standard
POSIX and ACL permissions. Only users and groups listed in an SACL have access to
its corresponding service. For example, to prevent users from accessing a server’s AFP
share points, including home folders, remove the users from the AFP service’s SACL.
For information about restricting access to le services using SACLs, see “Setting SACL
Permissions” on page 66.
Customizing Shared Network Resources
The Network folder (/Network/) contains shared network resources. The Network
folder is accessible in the Finder sidebar either under Devices > Computer > Network
or Shared > All. You can customize the contents of the Network folder for client
computers by setting up automatically mounting share points.