Yeah, ducasi is right. The described behavior only occurs if "Ignore ownership on the volume" is checked. Otherwise, permissions on the shared drive (firewire drive, network share or local partition) will behave as expected. Using UFS is not recommended by Apple for numerous reasons, and is a really bad idea from everything I've seen.

[ Reply to This | # ]

I tried unticking the "ignore ownership" on HFS+ and it made no difference. I could still create a file with one user and delete it with another. I expected it to work as you suggest but it didn't help. Perhaps it's the drive I'm using? It's a Western Digital "My Book".

[ Reply to This | # ]

I could still create a file with one user and delete it with another.

Note that the ability to delete a file does not depend on the ownership or permissions of the file - it depends on the ownership and permissions of the enclosing folder. So if the file you created as userA was in a folder where userB had write permission, then it is quite usual that userB would be able to delete that file.

To prevent deletion of a file, put it in a folder that is owned by your user and make sure that the permissions on that folder only allow your user to write to that folder.

[ Reply to This | # ]

The file I was trying to delete was in a folder that had the correct permissions when set up by admin. The problem being that ticking the "ignore ownership" button changes the perceived ownership. Here's a before and after (using ls -lR /Volumes/hfsplus). The file I managed to delete as fred was admin.txt which is in /Users/admin which was not writable by fred as set up.

ls -lR /Volumes/hfsplus by user admin with "ignore ownership" not ticked.
total 16
-rw-r--r-- 1 root admin 1024 Sep 1 08:30 Desktop DB
-rw-r--r-- 1 root admin 2 Sep 1 08:15 Desktop DF
drwxr-xr-x 6 admin admin 204 Sep 1 08:33 Users

/Volumes/hfsplus/Users:
total 0
drwxr-xr-x 3 fred admin 102 Sep 1 08:15 fred
drwxr-xr-x 2 visitor admin 68 Sep 1 08:13 visitor
drwxr-xr-x 4 admin admin 136 Sep 1 08:12 admin

/Volumes/hfsplus/Users/fred:
total 16
-rw-r--r-- 1 fred admin 7234 Oct 2 2005 fred.xml

/Volumes/hfsplus/Users/visitor:

/Volumes/hfsplus/Users/admin:
total 24
-rw-r--r-- 1 admin admin 11224 Jun 10 2006 admin.txt

ls -lR /Volumes/hfsplus as fred after ticking the "ignore ownership" (as fred).
total 16
-rw-r--r-- 1 fred fred 1024 Sep 1 08:30 Desktop DB
-rw-r--r-- 1 fred fred 2 Sep 1 08:15 Desktop DF
drwxr-xr-x 6 fred fred 204 Sep 1 08:33 Users

/Volumes/hfsplus/Users:
total 0
drwxr-xr-x 3 fred fred 102 Sep 1 08:15 fred
drwxr-xr-x 2 fred fred 68 Sep 1 08:13 visitor
drwxr-xr-x 4 fred fred 136 Sep 1 08:12 admin

/Volumes/hfsplus/Users/fred:
total 16
-rw-r--r-- 1 fred fred 7234 Oct 2 2005 fred.xml

/Volumes/hfsplus/Users/visitor:

/Volumes/hfsplus/Users/admin:
total 24
-rw-r--r-- 1 fred fred 11224 Jun 10 2006 admin.txt


So because fred could tick the "ignore ownership" button, he had write access to everything on the disc. I would have expected fred to be faced with a "give me an admin name and password" dialogue when he ticked the button as he is a standard user, but that dialogue did not come up.



[ Reply to This | # ]