   From: Greg Ercolano <erco@(email surpressed)>
Subject: Re: AFP mount point not accessable for any other user
   Date: Tue, 20 Sep 2005 01:37:39 -0700

Msg# 1038
View Complete Thread (2 articles) | All Threads
Last Next

Dylan Penhale wrote:

So, although the permissions tell him that he has access, and he isa member of the same group even, he can't do a dir listing, touchfiles etc. He can however tab to complete the contents of share, so hemust have access of some sort.


	This /kinda/ smells like a problem I posted regarding /samba/ mounts:
	http://discussions.info.apple.com/webx?14@31.sd2laJjn7IM.6@.68b77715
	http://seriss.com/cgi-bin/rush/newsgroup-threaded.cgi?-viewthread+1013+1014+1015+1019+1020+1021+1024

	I think Apple's OSX discussions page isn't quite down and dirty enough
	yet -- everyone's still trying to figure out the OS, waiting for it to
	stabilize. Questions that press the limits of unix knowledge
	down to the metal seem too far out for that OSX group I posted in.

	You probably have to go to the Darwin kernel mailing lists about stuff
	like this, where the kernel wizards hang out. Maybe it's a bug, or maybe
	it's a feature.. who knows? Only those guys.

	Not sure which group is the most relevant, but I guess find a list where
	the real wizards hang out, and where it looks like non-newbie sysadmin
	questions are answered rather than chased away elsewhere.

	Maybe start here:
	http://developer.apple.com/darwin/mail.html

	"Darwin-UserLevel" might be a good place to check out:
	http://lists.apple.com/archives/Darwin-userlevel/2005/Sep/index.html

	Or better yet, if you're on support, open up a case.

I suspect a ACL problem, as this works on panther. But I haven't setany up, and ls -le shows none have been set.


	IIRC, ACLs are globally turned off by default in 10.4.

	I /think/ you have to go out of your way to enable them
	as a global file system option before ACLs can be used.

	Proof my 'default config' 10.4.2 system doesn't have ACLs enabled:

[root@tower] # sw_vers
ProductName:    Mac OS X
ProductVersion: 10.4.2
BuildVersion:   8C46

[root@tower] # echo > foo

[root@tower] # ls -le foo
-rwxr-xr-x   1 erco  erco  1 Sep 20 01:05 foo

[root@tower] # chmod +a# 2 "mail deny read" foo			
chmod: Failed to set ACL on file foo: Operation not supported
                                      -----------------------
[root@tower] 16 # df .
Filesystem   512-blocks     Used     Avail Capacity  Mounted on
/dev/disk0s3  312319584 43361208 268446376    14%    /

	My guess is that when they went in to add ACLs to the kernel,
	they might have messed up some of the regular security stuff
	when it comes to mounts.

--
Greg Ercolano, erco@(email surpressed)
Rush Render Queue, http://seriss.com/rush/
Tel: (Tel# suppressed)
Cel: (Tel# suppressed)
Fax: (Tel# suppressed)

Last Next