Sometimes you have a shared folder and the permissions are never what you want them to be. Suppose you have a HP Color Laserjet Pro MFP M477fdw that can scan to a network folder on your Mac. The problem might be that even after you successfully get the scanner configured to save the file into your shared folder, you can’t open the scanned file. Oh sure you can click on the file icon, “Get Info”, click the lock, enter your OSX admin password, click the plus sign, add yourself as a user, and give yourself read/write access…. But really? That does get very old quickly. And if somone else uses your scanner & copies their scan to their computer, then they may not be able to open it either. So annoying. One of the ways to fix this is with a “Folder Action” to change the file permissions immediately after the folder changes. The OS X app Automator can set up a Folder Action that runs a terminal command something along the lines of
chmod -R 777 ~/HP_SCANS/
And that may work for you, if the files belong to you. Otherwise, you’ll need to enter your admin password every time, and that can cause some issues of its own. After much poking around with sudo, sudo -S and echo, (I even read the man pages!) I had read enough forum posts with security warnings to not want to save an admin password in any script.
But I kept wondering WHY these files were coming to my Mac with bad permissions. I did remember that the HP instructions said that it does not speak AFP, you have to turn on SMB Windows file sharing, so I investigated that for awhile. Which turned out to be what got me onto the right path. For no reasons I understand, over the past decade the Mac OS has been having functionality removed, even as they build in more security & slowness. Mail & iPhoto/Photos keeps getting worse with every version. I hear Apple may even drop support for AppleScript. Geez guys, there is more to it than what you can do on your iPhone. I hope once the new Apple campus is finished they will again focus on making macOS great again. I’ sure that has been a major distraction.
Anyway, the Mac OS wants to use only POSIX permissions if it can get away with it, & it does not auto-generate ACL (Access Control List) permissions lists. This matters (a lot) because according to what I’ve read, POSIX permissions do not propagate to files & subfolders, although ACL permissions do. However, if you have an ACL permissions in there, then it will work as you expected, and keep working. So the question becomes, how to get ACLs going when Apple left them out?
Luckily, there is an easy way! And the free demo version of TinkerTool System 5 or 6 will get you there. Actually, for $14 it’s a great deal for the awesomeness it brings just with this one fix. There is also Tinkertool which is very cool, but we need the TinkerTool System app for the job at hand. What you’ll want to do is run TinkerTool System 5 (unless you’re running MacOS 10.12 Sierra or higher, then v6) and click on the tool for ACL Permissions. Drag your shared folder into the middle of the ACL window and add users to the ACL section of the bottom half of this window. Remember that permissions work top down (first match wins), so if you want certain users to have special permissions, and everybody else to also have access, then put the Everybody user last. Lastly, you might as well propagate these permissions to all the files already in this folder, and that bottom menu is useful for that.
The only hard part about this is resisting the urge to Tinker with all the system settings. But remember, with great power comes great responsibility. So leave all that other stuff alone for now. After making these adjustments, the HP MFP scanner can still save scans into my shared folder, but now I can actually open those files without getting all SuperAdmin on them. Once you fix this once, it ought to stay fixed & all future files ought to automatically have the correct permissions. So awesome! 🙂