OS X Server: When saving files on SMB shares, the permissions might be changed so that only the owner can read or write

Files saved on an SMB sharepoint might have group access removed when you save them.

This can happen when applications use "safe save," which helps to minimize data loss if the save process is interrupted. The process creates an updated copy of the file that will replace the old file. That way, if the process is interrupted, the previous version of the file remains intact. As a consequence, the saved file is created as a new file with default access permissions that only allow the owner to access the file. Users who are part of a group that had access to the old file won't have access to the newly saved file.

Turn on ACLs on the server and configure ACL inheritance on the share to save the group access.

To turn on ACLs for the SMB shared folders, execute this command on the server:

sudo defaults write /Library/Preferences/SystemConfiguration/com.apple.smb.server AclsEnabled -bool YES

To turn off ACLs for the SMB shared folders, execute this command on the server:

sudo defaults write /Library/Preferences/SystemConfiguration/com.apple.smb.server AclsEnabled -bool NO

Learn more

ACLs allow you to set very fine-grained control on how new files inherit access from the share. To allow group collaboration of files edited in a SMB shared folder, turn on SMB Access control lists (ACLs) on the server and set the ACL permissions to inherit group read and write permissions from the parent folder.

For more information about "safe save" refer to this article.