Multi-user access?

Started by macsolu, December 02, 2014, 10:39:43 AM

Previous topic - Next topic

macsolu

I'd like to know if I can set Espionage3 up on a 10.9 / Mavericks Apple File Server so that data stored in a password-protected folder can be accessed by multiple users / clients on the LAN.  For example, Client A mounts the Server, opens the Espionage3-protected folder on the mounted volume, creates a file, saves that file in in the Espionage3-protected folder, and then closes the file.  Client B then mounts the local server, opens the same Espionage3-protected folder, and then opens Client A's file.  Client B makes changes to this file and saves / updates it.

I know -- Server.app is supposed to allow for me (the Admin) to create groups and place users in those groups so that they will have privileged access to certain volumes, folders, and files.  Well, that was working just fine with 10.6 Server.  But 10.9 Server has ruined these access permissions / privileges.  Clients are alerted they cannot alter / update files created by other users.  I've been round and round with tech support with no fix.  I would rather not reinstall 10.9 or 10.10 from scratch (huge project), so I'm searching for alternatives.

Will Espionage3 allow me to do what I've described above?  If not, do you have suggestions?

thanks!

zsolt

Hello, yes, this should be possible, it is the same thing as if you would protect a folder on an external volume.
The only limitation is that the folder can be unlocked only from one Espionage at a time, and I'm not sure how can you control this if you have multiuser access. Relying on users to "promise" they will not unlock the folder if somebody else is using it, is not reliable. Also, it is not possible to see from another Espionage installation if the folder is already unlocked or not.

So, if you can make sure that only one users uses it, then we can move on, if not, then this will be the main problem.

other then that, they way it should be set up is the following: you protect a folder from the first installation of espionage. once the encryption is done, click onto small "i" near the folder name and with disk image drop down menu select the location of the disk image, probably the folder on the file server. On the same screen, click on the copy password button, and paste the disk image password into a text file you will access later from other macs for further setup.

now go to the other mac install espionage, create a local empty folder, locate the disk image on the file server and drag it to espionage, it will ask you for password, use the one you saved into the text file, then it will ask you for mountpoint folder, select the local empty folder you just created.

repeat this on every mac you want to have access this folder to.

let me know if you have any further questions

rgds
Zsolt
Follow @espionageapp on twitter for news! | For general Mac support, please visit Mac Me Support

macsolu

Zsolt,

Thanks for the reply.  The conditions you put forth will not be possible.  There are up to a dozen users of the shared volume at any one time.  Constant file use by multiple employees all day long.

Unless I find some other product that will allow what I'm looking for, I'm faced with having to reinstall a completely fresh OS and Server.app in the desperate hope that things will actually work as advertised.  Sure wish Apple made better software...

greg

#3
Hi macsolu,

Unlocked folders, as you probably understand, are just volumes. Each volume on OS X can be set to "Ignore ownership" (see the attached image).

1. Unlock a folder and open it in the Finder in icon view (not list view, coverflow, or anything else)
2. Right-click on the white background, choose Get Info
3. At the very bottom of the Get Info window, under Sharing & Permissions, you should see the "Ignore ownership on this volume" checkbox. You may need to click on the little lock icon first to modify it. Make sure it's checked.

If that doesn't solve your problem, make sure that the volume allows rwx (read-write-execute) permissions for all users. You can do that via the terminal, while the folder is unlocked, by doing:

[prompt]$ chmod +rwx /path/to/your/encrypted/but/unlocked/folder

Hope that helps, or at least gets you going on the right path! Let us know if there's anything else we can help with or clarify!
Follow @espionageapp@twitter.com or @espionage@mstdn.io for news and updates!

macsolu

Greg,

The office has some employees (I will call them the "Admins" group) who need access to a shared volume /folder.  But other employees (I will call them the "Others" group) are not allowed to see the shared item when they choose "Connect to Server" and they certainly are not allowed to browse or alter the contents.  In 10.6 Server, these groups worked fine -- Admins had read/write access to all files and folders that were designated specifically for their eyes only.  Most importantly, Admins could open and alter files, regardless of the original file owner.  And the Others had zero access.

Upon upgrading to 10.9 Server, these access permissions went to hell.  Now, Admins cannot open each other's files; they are alerted the file is in use and/or locked and/or they have no permission to save the altered file with the same name in the same location.

For me to choose "Ignore Ownership" on a volume or a folder on the Server will not be an option, due to the conditions described above.

thanks anyway!

greg

Dear macsolu,

I see, ok sorry I misunderstood. I made two recommendations, the first seems not relevant to your use case, and the second (using chmod) I made only because that might be necessary for the volume to appear on the "Connect to Server" screen.

The chmod and chown commands might help you with your actual problem (if used correctly on the right folders). There are also "ACLs" which are a set of permissions on top of the standard UNIX permissions, and that might be what OS X server is using. To modify those, the chmod command can also be used (see its man page), although it's a bit cumbersome.

Sorry I couldn't help better! Hope you're able to figure it out!
Follow @espionageapp@twitter.com or @espionage@mstdn.io for news and updates!