Take Control of OS X Server, Chapter 6: File Sharing
If you want to share files among a family, class, or workgroup on an internal network, you’ll want to turn on file sharing in OS X Server. In this chapter, Charles Edge explains the different procotols available (AFP, SMB, and WebDAV) and how to create a shared folder, customize permissions, and connect to it from client machines.
Several questions remain unsettled.
- Is it possible to insert an user into more than one group?
- What happens, if permissions are contradictory, e.g. group 1 gets only read permission, group 2 read and write?
- If I move a folder containing subfolders into a shared folder, do all the files and subfolders inherit the permissions of the shared folder?
- What about SMB2 ?
I'll have to let Charles answer the rest of these, but I can say that there's no problem with a user being in more than one group.
I suspect contradictory permissions are just one of those things that you as the admin should avoid - it's always best to keep groups and associated permissions as simple as possible.
When permissions are contradictory there are a few different behaviors that can happen based on which. Given that you have conflicting groups I assume they're ACLs. So ACLs are the easiest, the top ACLs get enforced first and then it goes down the list. Unless you're explicitly denying access. A deny can still deny no matter where in the order the permissions are. You can move ACLs up and down the list by dragging them higher or lower to test the behavior and get things just right.
Good luck!