Discussion in 'macOS' started by Ultra Male, May 8, 2016.
You need to login to view this posts content.
Additionally, if I set the owner of the entire D: drive to EVERYONE, is that ok? or will that cause issues for shared folders as they would all have write access if the local owner is set to everyone?
They are two independent security levels, just like a gate then a door to enter to your home.
If you want free access you need to open both the doors
Looks more like a workaround than a fix to me. You should only grant full access permissions to users/groups that specifically need it, definitely not to "everyone". If syncing is failing due to ACLs my guess would be that iTunes uses a service running under a different account than your own for syncing. If that is the case (procmon will help), granting the user account that the service is running under full access (instead of "everyone") should suffice.
The default settings are that truly anonymous share access (i.e. a session without any credentials at all) is restricted to specific shares, and that "everyone" does not apply to this sort of anonymous access. So, unless you messed with those settings, accessing the share will still require credentials that are authenticated only based on your local user database (unless you're domain-joined).
Therefore, anyone who is able to authenticate and access the share would be granted "full access" if you have the "everone" ACE. You can use the "effective access" tab in the advanced security options for a file system object to determine which permissions apply to a specific user or group.
It would not be okay, because the owner of an object is always able to change its permissions. Pretty sure you're not going to want "everyone" to be able to do that.