Acronis ExtremeZ-IP Seamless Integration of Macs into Windows Infrastructure

Mavericks ACL bug keeps Windows users locked out

Nuwan Wolters has the Mavericks problem with ACLs changing when Mac users open files on Windows servers. Changing Time Machine settings and switching to SMB 1 alleviated the problem for Macs, but Windows users still could not open the files touched by Macs. And, administrators of the Windows server can't set ACL permissions back to normal. The only workaround is for the Mac user to copy the file to his local machine and then put it back on the share. Here is Nuwan's report:

We have this problem with a Mac OS X that connects to an SMB share on a Windows Server.

First, the problem was that the Mac user could open a document and change it, but after the document was saved, he wasn't able to get in the file again immediately because of a file lock on his own computer. So he was the one that causes the file lock by opening, and the very same person couldn't open the file in non-read-only mode for about 20 minutes. The Windows users could not open that file either, because of the file lock.

Now in "Time Machine" I changed the setting for locking files for 2 weeks. I disabled locking files at all and after that setting, I turned the Time-machine feature back to OFF.

After that, the problem with the file lock on his own computer was just gone. But the problem on the file locks for Windows users was still there.

So I found out that Microsoft suggest to disable SMB2 on the fileserver, so the fileserver uses SMB1. After I first disabled it and then enabled it again, the file lock problems were also gone for 98%. 2% still was not opening, but that was also not opening on the Mac itself, so probably the file lock problem is 100% gone, but in our situation not.

Now we have the problem that if the Mac user edits a file and saves it, the file will be inaccessible for the Windows users. Even an administrator on the server can't set permissions back to normal. And really, normally you always can take ownership, but in case of the saved files from a Mac, after pressing the button to take ownership, the option to simply add new users to the ACL wont appear. Strange, because this behavior is only know for Windows system files, which should not be edited.

If the Mac user copy the file to his local machine and then put it back on the share, the problem is solved.

So the SMB file lock problem is solved, but according the way we used, we created a new problem, which have only one way to work around this issue and that's saving it locally and then put it back on the share.

Additionally, the groups on the folders don't have full control permission, which means they cannot change permission, take ownership or write extended attributes to the files. So the permissions were already in place according this workaround.

Maybe Apple has a real problem here.

If you've seen this problem or if any of this helps .

See also another report from today, OS X 10.9.4 doesn't fix ACL file sharing problems

For all our reports on this issue, see Mavericks File Sharing Tips and Reports.