Solved: Re: Upgrade to 2.0.2, wrong Mac permissions; fix?

tjrob · ‎04-02-2009

I just upgraded from VMware Fusion 1.X to version 2.0.2, including upgrading the virtual machines. Suddenly I'm getting lots of "permission denied" errors when I reference files in some of my shared folders (i.e. that reside on my Mac).

I traced this down to the fact that I'm using a directory owned by another Mac user. My Mac login is also a member of that user's group, and all of that user's directories and files have group write permission (also umask 0002 for both of us). On the Mac I can read and write these directories just fine. But from a VMware client running on the Mac as me, it accesses them without honoring my secondary group, and thus needs write permission for others.

This used to work correctly in VMware Fusion 1.X, for Windows Xp, Windows Vista, and Linux guests.

Is there any way to fix this? Or can I somehow set the group ID of VMware Fusion when it runs?

As a workaround, I have given world write permission to all relevant files and directories, but that seems risky on this multi-user Mac Pro. All users are co-workers, but it still leaves the door open to potentially catastrophic errors....

http://Why do I do this? Because I do not want our project source in my personal directory. So I created a user for the project and keep project files there. The only time I run VMware Fusion is to build or test the project programs on other OSs. This project is supported on Mac OS X, Windows Xp, Windows Visa, and Linux. It is small enough that source code control would be overkill.

nbe · ‎04-03-2009

Since MacOS X Leopard the OS uses ACL's. With that you can add your own account to the vm directory and set the correct permissions without messing with any of the other permissions like world. You can do this in Finder itself in the Info inspector. Make sure you click the small gear symbol and select "Apply to enclosed items" so it'll apply the ACL for all files and directories in that directory. Have you tried this already?

View solution in original post

nbe · ‎04-03-2009

Since MacOS X Leopard the OS uses ACL's. With that you can add your own account to the vm directory and set the correct permissions without messing with any of the other permissions like world. You can do this in Finder itself in the Info inspector. Make sure you click the small gear symbol and select "Apply to enclosed items" so it'll apply the ACL for all files and directories in that directory. Have you tried this already?

tjrob · ‎04-03-2009

Thanks! This works fine, and I'm much happier to not have world write on these files and directories.

My experience is primarily UNIX and Linux, and after 2.5 years owning this Mac Pro I'm still learning about subtleties of Mac OS X.

gh4507 · ‎04-21-2009

i am having the identical problem. is there any way to get files with group write perms enabled to work, as opposed to adding an ACL for each user?

nbe · ‎04-22-2009

You might want to take a look at these great ACL guides for Tiger (it's still valid for Leopard): ACLs in Tiger (Arstechnica) & The ACL Permissions pane

In those articles you can find how to add users and how to add groups (i.e. staff):

% chmod +a "staff allow delete" file

Exactly the same as adding users.

I couldn't find a way to do that in the Get Info inspector though, but the commandline shouldn't be a problem