Originally Posted By: kevs
Gan,
This is a closed loop. only me who owns and works this computer.
So the default is correct that my new files are read only on the network?

I'ts highly annoying becuase I tell an assistant to work on a file (via their laptop and the router...) and I always have to go back to my computer to make the file read/write.


You're contradicting yourself. First you say it's only you, and then you say that it's also your assistant.

The default is that only the creator of a file can write to it. Unix strives for flexibility, though, so they achieve that default in a way that doesn't carve it into stone: applications actually try to create files with 666 permissions (read/write but not execute for everyone) and directories with 777 permissions (read/write/execute for everyone), but there is a quantity called the 'umask' which gets logically subtracted from that. The default umask is 022, which subtracts 'write' from the group and from others, leaving only the owner with write access.

But you can change the umask. Setting the umask to 000 lets files/directories get created with their full 666/777 permissions. Or you could set the umask to 002, which subtracts write access from others while leaving it in place for the group. I'd recommend 002 as safer than 000.

So, how does the default 022 umask get set, and how do you change the default?

Well, one way or another everything running on a Mac gets launched by launchd (or exec-ed by something that was launched by launchd). Unless it explicitly changes its umask, every process keeps the value that launchd gave it (or that it inherited from the process that exec-ed it). You configure launchd using a command-line tool called launchctl. The command

launchctl umask 002

tells launchd to launch all new tasks with a umask of 002. To make that new value propogate to your GUI applications, you have to quit and restart them.

Once you've done that, all new files will be group writable, with 'the group' being whatever group the folder the file is being created in belongs to.

The only remaining step is to make sure your assistant is in that group. You can Get Info on the folders you'll be creating files in to see what group(s) your assistant needs to be in, and add the assistant to those groups in System Preferences->Accounts (or change the group of those folders to some group the assistant is in).