Sharing a share

Setting up the server so files created on a share are always readable (and writeable) by a group proved to be a bit tricky. Lion clients tend to create files that are only accessible by the user who created them. It works well for private folders, but creates problems for common shares like media archives. If one user saves a photo on the common share another user cannot access it even if they are bot in the same group. So here are the steps to share the share:

1. assign a common group to the share: sudo chgrp -R media /Volumes/Media
2. set group suit bit on the directory, so files created in the directory have the required group ownership: sudo chmod g+s /Volumes/Media
3. set ACL for the media group to allow reading and writing on the share and set the inheritance to files, folders, and descendants. You can it from a command line, I used Sandbox a free tool by Michael Watson.
4. propagate the ACL permission down the share subtree. Use Sandbox.
5. enable ACL for samba shares: sudo defaults write /Library/Preferences/SystemConfiguration/com.apple.smb.server AclsEnabled -bool YES