Go to menu

Fixing Netatalk setgid woes


The family server I manage serves as a NAS, with files accessible through SFTP or AFP (the Apple Filing Protocol, served by Netatalk). Shared files are placed in “group folders”, where a combination of ACLs and the setgid bit on directories enforce “770” permissions for a specific group. For some time now, I’ve had problems with directories created from macOS (so via AFP) not having the right permissions. Today, I sat down and decided to fix the problem.

The solution turned out to be somewhat counter-intuitive: I had previously set chmod request = ignore globally, thinking it would simply ignore any requests to change permissions from the Mac. It seems, however, that this also somehow made Netatalk strip the setgid bit. Deleting this line and adding umask = 0077, file perm = 0600 and directory perm = 02770 made sure files are created with the right permissions and that the setgid bit is preserved, making sure group writes are allowed everywhere.