From: Greg Ercolano <erco@(email surpressed)>
Subject: [OSX/ADMIN] SMBFS mounts in OSX 10.9.2 Mavericks now multiuser accessible
   Date: Thu, 06 Mar 2014 20:19:11 -0500
Msg# 2378
View Complete Thread (1 article) | All Threads
Last Next
	Apparently there's been changes in OSX Mavericks smb mount client
	that allows multiple users to access SMB mounts to remote servers.

	This didn't used to be the case; see:
	http://seriss.com/cgi-bin/rush/newsgroup-threaded.cgi?-viewthread+1013+1014+1015+1019+1020+1021+1024+1595

	I just tried creating a mount with Mavericks, and it seems to now
	allow multiuser access, e.g.

# mkdir /var/tmp/testmount
# chmod 777 /var/tmp/testmount
# mount -t smbfs //guest:@eagle/net /var/tmp/testmount

	In this case host "eagle" is a Mac running 10.6.8 with the built-in
	Samba 3.0.29a-apple server with guest account access enabled:

------------------------------
[net]
        comment = net
        path = /net
        available = yes
        guest ok = yes
        public = yes
        create mask = 666
        directory mask = 777
        read only = no
        hide dot files = no
------------------------------

	Anyway, I tried accessing a file on /var/tmp/testmount
	as two different users ('render' and 'erco') to see if there'd be
	the usual trouble with permissions. Turned out to work OK:

# su - render
maver:~ render$ ls -la /var/tmp/testmount/tmp/foo
-r-xr-xr-x@ 1 render  staff  7074 Jan 22 04:32 /var/tmp/testmount/tmp/foo

# su - erco
[erco@maver] 1 : ls -la /var/tmp/testmount/tmp/foo
-r-xr-xr-x@ 1 erco  staff  7074 Jan 22 04:32 /var/tmp/testmount/tmp/foo
^^^^^^^^^^    ^^^^

	This is great; both users can access the mount that was created
	by root with 777 perms on the mount point.

	The owner of the file is showing under smb as whomever the
	current user is that is logged in.

	Also of interest, when a user creates a file on the smb mounted
	volume, other smb users can read/write it too, which is also useful:

# su - erco
[erco@maver] 2 : echo > /var/tmp/testmount/tmp/foo-erco		-- create a new file

[erco@maver] 3 : ls -la /var/tmp/testmount/tmp/foo-erco		-- view perms
-rw-r--r--@ 1 erco  staff  1 Mar  6 11:46 /var/tmp/testmount/tmp/foo-erco
^^^^^^^^^^    ^^^^

	Then, when I become the 'render' user, it now appears 'render'
	owns the file, and thus has write permission to it:

# su - render

maver:~ render$ ls -la /var/tmp/testmount/tmp/foo-erco
-rw-r--r--@ 1 render  staff  1 Mar  6 11:46 /var/tmp/testmount/tmp/foo-erco	-- perms open to us
^^^^^^^^^^    ^^^^^^
maver:~ render$ echo overwrite >> /var/tmp/testmount/tmp/foo-erco		-- writing works

maver:~ render$ ls -la /var/tmp/testmount/tmp/foo-erco				-- view perms and size
-rw-r--r--@ 1 render  staff  11 Mar  6 11:48 /var/tmp/testmount/tmp/foo-erco


        So that all looks pretty good actually; no permission errors
	at all between the two users over the same mount.

	The ownership of the files taking on whomever is logged in is
	a little weird; you can't tell who created the file.

	But if you don't care about that, and primarily don't want to run
	into permission issues, this might be a good thing.

	I found the following interesting though: if I change the unix umask,
	it actually affects the unix perms shown over the SMB mounted volume:

# cd /var/tmp/testmount/tmp
# umask 000 ; echo > umask-000
# umask 002 ; echo > umask-002
# umask 022 ; echo > umask-022
# umask 222 ; echo > umask-222
# ls -la umask-???
-rw-rw-rw-@ 1 _unknown  _unknown  1 Mar  6 17:04 umask-000
-rw-r--r--@ 1 _unknown  _unknown  1 Mar  6 17:04 umask-002
-rw-r--r--@ 1 _unknown  _unknown  1 Mar  6 17:04 umask-022
-r--r--r--@ 1 _unknown  _unknown  1 Mar  6 17:05 umask-222

	..which is a little odd; the umask 0 gives rw-rw-rw,
	whereas 002 and 022 both give rw-r--r--, and a umask of 222
	gives r--r--r--.

	Also, the /actual/ unix perms on the server reflect the umask
	values we used.

	If I connect over to the server and do an 'ls -la' on the unix
	file system to look at the files we created above over smbfs,
	the perms reflect the umask values we used:

# rsh eagle ls -la /net/tmp/umask-???
-rw-rw-rw-  1 nobody  wheel  1 Mar  6 17:04 /net/tmp/umask-000
-rw-rw-r--  1 nobody  wheel  1 Mar  6 17:04 /net/tmp/umask-002
-rw-r--r--  1 nobody  wheel  1 Mar  6 17:04 /net/tmp/umask-022
-r--r--r--  1 nobody  wheel  1 Mar  6 17:05 /net/tmp/umask-222

	I find this surprising, as I didn't think smbfs understood
	things like umasks and unix permissions, Looks like it kinda does,
	enough to set the perms, but not able to display them properly.

	Anyway, some interesting stuff; looks like there's now hope
	of using smbfs in multiuser environments again.

Last Next