> >- Afpd gives newly-created directories the same permissions bits as those
> > of the parent directory, including the setgid bit.
>
> Is that the 't' shown when using ls -l ?
No, the 's' in the 7th column, in something like drwxrwsr-x or drwxrws---
The 't' is the sticky bit, which is appropriate for temporary
directories and such (it keeps users from deleting files created by
other users, but since it isn't inherited by subdirectories, it doesn't
help with dropboxes or any other kind of folder hierarchies).
> >- Newly created files will get the same permissions bits as the parent
> > directory, with the x bits stripped.
>
> Really??
Apparently.... in the source, ad_open intentionally sets the mode of
newly created files to the mode of the parent directory masked with the
bits the caller wants, and afp_createfile calls ad_open (.... 0666). This
is what I've seen too. (This is nearly always the right behavior.)
> >can't have files created in the dropbox that can only be modified by the
> >creator and drop-box owner.
> >
> >Now, if you're willing to create a subfolder for each user within the
> >dropbox, so that users can only drop files into their own folder, then you
> >can do it.
>
> That's what I tried and it worked, although there seems to be something wrong.
> With a +w setting, I get a nice 'folder with downarrow above it', but I
> other users cannot create files in it
> With +wx the folder Icon is a normal one for other users but when they open
> it, they will see an empty folder (even if it's not) and see a small doc
> icon with red diagonal line across it
I think you still need owner rwx access on all the subfolders, or users
can't create files in them. The main dropbox folder needs to be rwxr-xr-x
(0755), and if you want to hide a user's dropbox from other users,
the subfolders need to be rwxrws--- (mode 0770 with the setuid bit, which
is actually 02770). I assume there's no problem with users seeing the
files they've created themselves.
