Applies to: All versions of Centrify DirectControl on Mac OS X
When working with files over a network share, copying files from one location to another does not retain the security permissions of the original file.
Upon further investigation, the following behaviour is found:
- Copying a file from a Mac to the network share inherits the correct permissions.
- Copying or duplicating a file from one part of the share directly to another part of the share does not inherit the permissions.
Why does this happen?
This issue may occur to the Mac systems that are joined in either of the following environments:
- Zone Mode
- Auto Zone while using the auto.schema.groups parameter
(A standard set up does not use this. It is also used when the "Specify AD groups allowed in Auto Zone" GP is enabled)
If the Security settings of a shared folder or file contains an AD group or user which cannot be resolved by the Mac - then the copy operation will not include that group or user in the destination file/folder's permissions. This is an OS X issue and is not Centrify-related.
To ensure that the full Security settings are correctly copied over - make sure any groups that are specified in the Security permissions can also be resolved by the Mac:
- For Zone Mode: Add the AD group into the relevant Centrify Zone
- For Auto Zone: Make sure the AD group is also included in the auto.schema.groups filter.
After the groups have been added into the Zones, go to the Mac and as a user with Local Admin privileges - run the following Terminal command:
When this completes, the Mac will be able to copy files on network shares correctly.
Keywords: SMB security permissions mount read write groups