Take Off That Umask So We Can See You
When a user creates a file in OS X, that file receives an initial set of permissions determined by the system's umask, or user file mode creation mask. The default umask in OS X dictates that the creator of a file has full read and write access, while everyone else has read-only access. This pesky default umask has bothered OS X users for quite some time. Users create files and drag them to server volumes shared by groups, only to realize that other group members can read the files, but not modify them. Collaboration is effectively broken, but not beyond repair ...
Current Situation in Xsan
This old headache for users of shared volumes doesn't automagically disappear for users of Xsan volumes. While Xsan volumes behave very much like local storage for each user, the initial permissions for every new file are still determined entirely by each user's umask. So, if an Xsan user wants other group members to be able to edit the files he creates on the SAN, then he must change his umask.
How to Address
There are a couple of ways to change the umask, to give other group members read-write privileges. The first is to use the following command line:
sudo defaults write -g NSUmask 2
This yields the commonly desired permissions: owner and group members receive full access to newly created files. If for any reason this model doesn't prove ideal for some particular work environment, it's easily undone with the following similar command line:
sudo defaults write -g NSUmask 18
A second way to manage your umask parameters is to use the freeware TinkerTool. This application has an intuitive Permissions tab, with checkboxes for setting the values simply.
Xsanity reader Brian Summa also brought his application Umask Doctor to our attention. "Umask Doctor is designed to run the command line once and automatically log the user out so settings can take effect [on next log in]," he writes. "So why use Umask Doctor? On a SAN with 5 clients and 5 users accounts on each client, you will have to login and manually run the command 25 times. By installing Umask Doctor on all the machines and setting it as a login item under open directory you can automate the process quickly and effectively."
Umask Doctor is available in Xsanity Downloads, though Brian notes that there is no official support for the app at this time. Also in our Downloads is the topically relevant Privilege Processor, a handy droplet for changing the privileges of items dropped on it, certainly worth a look.