   From: Greg Ercolano <erco@(email surpressed)>
Subject: [OSX/Admin] Tiger / mount_smbfs problems
   Date: Fri, 26 Aug 2005 21:30:48 -0700

Msg# 1013
View Complete Thread (7 articles) | All Threads
Last Next

The following was first posted on the Apple discussions board:
http://discussions.info.apple.com/webx?14@31.sd2laJjn7IM.6@.68b77715

...then deciding it really has to be a Apple related bug,
I recently reported it to Apple (bug #4234684).

I'll try to follow up here if there are any developments, or if any
of you admins have any opinions, feel free to add to this thread.

* * *
       Title: Permission problems with mount_smbfs
  Originator: Greg Ercolano
       State: Analyze
Created Date: 26-Aug-2005 09:22 PM

Since upgrading to Tiger, I've had trouble using it as a
client via mount_smbfs.

It mounts our samba oriented file server just fine, but it seems
that OSX 10.4.x only allows the mount point owner access to the server;
any other user (besides root) gets a 'permission denied' error.

**Even the user who the mount is authenticated as is denied access.**

This just seems very wrong; when 'sandro' owns the mount dir /smb/meade,
even if the dir is 777, when the dir is mounted, only sandro can access
the dir, even if it's mounted as 'fred':

---------------------------------------------------
# mkdir -m 777 /smb/meade ; chown sandro:sandro /smb/meade
# ls -lad /smb/meade
drwxrwxrwx 1 sandro sandro 16384 Jul 28 14:26 /smb/meade

# mount_smbfs //fred:fred@meade/net /smb/meade

# su fred -c 'ls -la /smb/meade'
ls: meade: Permission denied

# su sandro -c 'ls -la /smb/meade'
[directory listing displays]
---------------------------------------------------

If I umount the dir, and chown the mount dir to fred:fred,
then only fred can access it, regardless of which authentication info
is supplied to mount_smbfs.

In addition, OSX seems to ignore the 'group' and 'other' ownerships on
the mount dir. If the dir is owned to fred:jack, and the mount
authenticated with sandro, /only/ fred can access the mount (owner);
not jack (group), and not sandro (mount authentication).
The perms being 777 don't seem to matter, so it seems inconsistent
with itself.

** IMPORTANT OBSERVATION **
When I run tcpdump on the server (and client), no SMB packets
are hitting the wire when the 'permission denied' errors occur at the
client (ie. when doing 'ls -la /smb/meade'), which seems to imply this
is entirely a *client side issue* -- OSX's local permissions are preventing
the access, not the server.

Something seems very broken here; it seems like the smbfs kernel extension
library (/System/Library/Extensions/smbfs.kext?) might be at fault here.

BTW, all this works fine in Panther, so it seems very Tiger specific.
Tested on 10.4.1 and 10.4.2. I know for a fact this problem is preventing
many CGI companies from upgrading to Tiger, and has caused retreats to Panther.

Last Next