On your macOS PaperCut primary server, there are some tasks that require that the
papercut system account is a member of a folder’s Sharing and Permissions list. One example of such a task is the automatic synchronization for shared accounts that come from an external source. As the manual says: The source should have permissions to be readable by the
papercut account. Otherwise, your attempts to synchronize an external shared account list might end up with an error like this:
However, you can’t just open a folder’s info window to add this user. If you click the plus button, you will only see human user accounts and not the system accounts that background services like PaperCut use.
We will be using Terminal to create an access control list entry for the
papercut system account.
1. Open Terminal (or your terminal emulator of choice).
2. Then, run the following command:
chmod +a “papercut:allow:write” /SyncFolder
Be sure to change the folder destination from
/SyncFolder to the one you are trying to modify for access.
3. You can now use the Info window options to change the read permissions for this account.
Incidentally, you might be asking yourself, “Why not simply grant the default
everyone group full read and write access?” After all, doing so would give the
papercut account full privileges to write to this folder, right? Nope! Although this appears to be valid, the idea is that we want to mitigate security risks inherent to solutions like that by taking the proper steps to give hidden system user accounts the special access they require.
Keywords: acl, access control list, terminal, chmod, check that the file exists and can be read