The following was first posted on the Apple discussions board:
http://discussions.info.apple.com/webx?14@31.sd2laJjn7IM.6@.68b77715
...then deciding it really has to be a Apple related bug,
I recently reported it to Apple (bug #4234684).
I'll try to follow up here if there are any developments, or if any
of you admins have any opinions, feel free to add to this thread.
* * *
Title: Permission problems with mount_smbfs
Originator: Greg Ercolano
State: Analyze
Created Date: 26-Aug-2005 09:22 PM
Since upgrading to Tiger, I've had trouble using it as a
client via mount_smbfs.
It mounts our samba oriented file server just fine, but it seems
that OSX 10.4.x only allows the mount point owner access to the server;
any other user (besides root) gets a 'permission denied' error.
**Even the user who the mount is authenticated as is denied access.**
This just seems very wrong; when 'sandro' owns the mount dir /smb/meade,
even if the dir is 777, when the dir is mounted, only sandro can access
the dir, even if it's mounted as 'fred':
---------------------------------------------------
# mkdir -m 777 /smb/meade ; chown sandro:sandro /smb/meade
# ls -lad /smb/meade
drwxrwxrwx 1 sandro sandro 16384 Jul 28 14:26 /smb/meade
# mount_smbfs //fred:fred@meade/net /smb/meade
# su fred -c 'ls -la /smb/meade'
ls: meade: Permission denied
# su sandro -c 'ls -la /smb/meade'
[directory listing displays]
---------------------------------------------------
If I umount the dir, and chown the mount dir to fred:fred,
then only fred can access it, regardless of which authentication info
is supplied to mount_smbfs.
In addition, OSX seems to ignore the 'group' and 'other' ownerships on
the mount dir. If the dir is owned to fred:jack, and the mount
authenticated with sandro, /only/ fred can access the mount (owner);
not jack (group), and not sandro (mount authentication).
The perms being 777 don't seem to matter, so it seems inconsistent
with itself.
** IMPORTANT OBSERVATION **
When I run tcpdump on the server (and client), no SMB packets
are hitting the wire when the 'permission denied' errors occur at the
client (ie. when doing 'ls -la /smb/meade'), which seems to imply this
is entirely a *client side issue* -- OSX's local permissions are preventing
the access, not the server.
Something seems very broken here; it seems like the smbfs kernel extension
library (/System/Library/Extensions/smbfs.kext?) might be at fault here.
BTW, all this works fine in Panther, so it seems very Tiger specific.
Tested on 10.4.1 and 10.4.2. I know for a fact this problem is preventing
many CGI companies from upgrading to Tiger, and has caused retreats to Panther.
|