Share Group Folders
Aside from the files an OS X Server shares across your entire enterprise, there's often the desire within individual workgroups to have private storage areas for their own projects. These group folders are essential for departments like HR and Accounting, but they can also be helpful for less security-conscious groups as a staging area before sharing their final work company-wide. Fortunately, while the process of creating these file shares isn't obvious, it also isn't complicated.
First, select a group from your Open Directory domain in the "Accounts" pane of Workgroup Manager. Then click the "Group Folders" button, and select a share point under which you'd like the group folders to appear. By default, Mac OS X uses /Groups, which comes pre-configured as a share on a new installation. Next, you'll need to choose an owner for your new folder. Your directory administrator account makes the most sense here, as you'll be using the group (not owner) attribute to determine access permissions. With these options configured, hit "Save".
For whatever reason, you can't actually use Workgroup Manager to create the folder you've just configured (as you can with user's home directories). Instead, you'll need to open the Terminal and type:
sudo CreateGroupFolder
This will build a folder for every group assigned a share point, not just the most recent, so if you're deploying multiple group folders it makes sense to run this command after they've all been set up in Workgroup Manager. This also sets the permissions for each group folder as read-only to the group itself, and only read-write to the individual user defined as it's owner. To remedy this in the Terminal, type the following, replacing PATH-TO-FOLDER with the full Unix path to each group folder:
cd PATH-TO-FOLDER
sudo chmod 770 Documents/ Library/
This will allow access by workgroups to their own group folders with a simple permissions scheme. For more complex sharing setups, you may wish to add an access control list as well, in the sharing pane of Server Admin.
Finally, if you're utilizing managed preferences in an Open Directory environment, you can set group folders to automatically mount when a member of that group logs in to their workstation. Moving to the "Preferences" pane of Workgroup Manager, click the "Login" icon, then the Items button on the far right. Check "Mount share point with user's name and password" and "Add group share point", then click "Apply Now".
Not only can each workgroup have their own private file share, but users will connect to those shares automatically when logging in to their Open Directory account.
