From: Greg Ercolano <erco@(email surpressed)> Subject: [OSX/Admin] Tiger / mount_smbfs problems Date: Fri, 26 Aug 2005 21:30:48 -0700 |
Msg# 1013 View Complete Thread (7 articles) | All Threads Last Next |
The following was first posted on the Apple discussions board: http://discussions.info.apple.com/webx?14@31.sd2laJjn7IM.6@.68b77715 ...then deciding it really has to be a Apple related bug, I recently reported it to Apple (bug #4234684). I'll try to follow up here if there are any developments, or if any of you admins have any opinions, feel free to add to this thread. * * * Title: Permission problems with mount_smbfs Originator: Greg Ercolano State: Analyze Created Date: 26-Aug-2005 09:22 PM Since upgrading to Tiger, I've had trouble using it as a client via mount_smbfs. It mounts our samba oriented file server just fine, but it seems that OSX 10.4.x only allows the mount point owner access to the server; any other user (besides root) gets a 'permission denied' error. **Even the user who the mount is authenticated as is denied access.** This just seems very wrong; when 'sandro' owns the mount dir /smb/meade, even if the dir is 777, when the dir is mounted, only sandro can access the dir, even if it's mounted as 'fred': --------------------------------------------------- # mkdir -m 777 /smb/meade ; chown sandro:sandro /smb/meade # ls -lad /smb/meade drwxrwxrwx 1 sandro sandro 16384 Jul 28 14:26 /smb/meade # mount_smbfs //fred:fred@meade/net /smb/meade # su fred -c 'ls -la /smb/meade' ls: meade: Permission denied # su sandro -c 'ls -la /smb/meade' [directory listing displays] --------------------------------------------------- If I umount the dir, and chown the mount dir to fred:fred, then only fred can access it, regardless of which authentication info is supplied to mount_smbfs. In addition, OSX seems to ignore the 'group' and 'other' ownerships on the mount dir. If the dir is owned to fred:jack, and the mount authenticated with sandro, /only/ fred can access the mount (owner); not jack (group), and not sandro (mount authentication). The perms being 777 don't seem to matter, so it seems inconsistent with itself. ** IMPORTANT OBSERVATION ** When I run tcpdump on the server (and client), no SMB packets are hitting the wire when the 'permission denied' errors occur at the client (ie. when doing 'ls -la /smb/meade'), which seems to imply this is entirely a *client side issue* -- OSX's local permissions are preventing the access, not the server. Something seems very broken here; it seems like the smbfs kernel extension library (/System/Library/Extensions/smbfs.kext?) might be at fault here. BTW, all this works fine in Panther, so it seems very Tiger specific. Tested on 10.4.1 and 10.4.2. I know for a fact this problem is preventing many CGI companies from upgrading to Tiger, and has caused retreats to Panther. |
From: Dylan Penhale <dylan@(email surpressed)> Subject: Re: [OSX/Admin] Tiger / mount_smbfs problems Date: Sun, 28 Aug 2005 19:12:05 -0700 |
Msg# 1014 View Complete Thread (7 articles) | All Threads Last Next |
Same results here - broken-ness. Client is 10.4.2 Server is 10.3.8. Same error "Permission Denied". Probably not but I wonder if this is in any way related to the problem with write permissions on AFP and Tiger 10.4.1? http://discussions.info.apple.com/webx?13@539.rCICa03A50v.1@.68b1ddfb/6 In that case upgrading to 10.4.2 seems to have sorted it on remote NFS and SMB mounts here at least. I am able to create directories under NFS and SMB. Probably not though..... Dylan Greg Ercolano wrote: > The following was first posted on the Apple discussions board: > http://discussions.info.apple.com/webx?14@31.sd2laJjn7IM.6@.68b77715 > > ..then deciding it really has to be a Apple related bug, > I recently reported it to Apple (bug #4234684). > [..] --- Dylan Penhale Systems Administrator Fuel International |
From: Greg Ercolano <erco@(email surpressed)> Subject: Re: [OSX/Admin] Tiger / mount_smbfs problems Date: Sun, 28 Aug 2005 20:36:32 -0700 |
Msg# 1015 View Complete Thread (7 articles) | All Threads Last Next |
Dylan Penhale wrote: Probably not but I wonder if this is in any way related to the problem with write permissions on AFP and Tiger 10.4.1? http://discussions.info.apple.com/webx?13@539.rCICa03A50v.1@.68b1ddfb/6 Mmm, interesting thread. I use NFS at my office entirely, and I've had no issues with security, using it as I do with locally configured accounts and matching uids/gids across the net. However, some folks do need AFP or even SMB, and for those folks issues like these do come up. I think the main reason is these protocols were simply not designed with multiuser access in mind %^/ Updates are coming to change that situation, but it's in a state of flux right now, and that means a year or so of instability while the protocols shake out the bugs. -- Greg Ercolano, erco@(email surpressed) Rush Render Queue, http://seriss.com/rush/ Tel: (Tel# suppressed) Cel: (Tel# suppressed) Fax: (Tel# suppressed) |
From: Courtney Irvin <courtney@radarNOSPAMstudios.com> Subject: Re: [OSX/Admin] Tiger / mount_smbfs problems Date: Fri, 02 Sep 2005 13:15:21 -0700 |
Msg# 1019 View Complete Thread (7 articles) | All Threads Last Next |
We primarily use SMB for our mixed OS X/Windows/*NIX environment. I have
setup SMB automount on my OS X boxes and am able to always use the same
path to my SMB mounts regardless of what user is logged in, with no
permission issues.
If anyone is interested in using this method instead of using the mount command, I can post exactly how I have things set up. --=C Courtney Irvin Computers Et. Al. Radar Studios Greg Ercolano wrote: Dylan Penhale wrote:Probably not but I wonder if this is in any way related to the problem with write permissions on AFP and Tiger 10.4.1? http://discussions.info.apple.com/webx?13@539.rCICa03A50v.1@.68b1ddfb/6Mmm, interesting thread. I use NFS at my office entirely, and I've had no issues with security, using it as I do with locally configured accounts and matching uids/gids across the net. However, some folks do need AFP or even SMB, and for those folks issues like these do come up. I think the main reason is these protocols were simply not designed with multiuser access in mind %^/ Updates are coming to change that situation, but it's in a state of flux right now, and that means a year or so of instability while the protocols shake out the bugs. |
From: Gary Jaeger <gary@(email surpressed)> Subject: Re: [OSX/Admin] Tiger / mount_smbfs problems Date: Fri, 02 Sep 2005 20:02:11 -0700 |
Msg# 1020 View Complete Thread (7 articles) | All Threads Last Next |
I'd be interested. Thanks Courtney On Sep 2, 2005, at 1:15 PM, Courtney Irvin wrote: If anyone is interested in using this method instead of using the mount command, I can post exactly how I have things set up. . . . . . . . . . . . . . . . . . . . . . . . . Gary Jaeger // Core Studio + www.corestudio.com + |
From: Abraham Schneider <aschneider@(email surpressed)> Subject: Re: [OSX/Admin] Tiger / mount_smbfs problems Date: Mon, 05 Sep 2005 01:39:24 -0700 |
Msg# 1021 View Complete Thread (7 articles) | All Threads Last Next |
Yes, me too. Would be nice if you could share your knowledge with us. Thanks, Abraham I'd be interested. Thanks Courtney On Sep 2, 2005, at 1:15 PM, Courtney Irvin wrote:If anyone is interested in using this method instead of using the mount command, I can post exactly how I have things set up.. . . . . . . . . . . . . . . . . . . . . . . . Gary Jaeger // Core Studio + www.corestudio.com + -- Abraham Schneider VFX Compositor ARRI Film & TV Services GmbH Tuerkenstr. 89 D-80799 Muenchen Phone: +49 89 3809-1269 Mobile: +49 173 5719842 Email: aschneider@(email surpressed) |
From: Courtney Irvin <courtney@radarNOSPAMstudios.com> Subject: Re: [OSX/Admin] Tiger / mount_smbfs problems Date: Tue, 06 Sep 2005 10:36:33 -0700 |
Msg# 1024 View Complete Thread (7 articles) | All Threads Last Next |
Thanks for the interest.Heres the way I set things up; in NetInfo manager, create a new entry under mounts... heres how the properties are set: Property Value(s) name <Server IP Address>:/<Share Name> dir /Network/<Server Name> opts url==smb://<username>:<password>@<Server IP Address>/<Share Name> nosuid vfstype urlOnce you save this into netinfo, all you need to do in order to emulate UNC paths, create a directory at the root level with the same name as the server, then in that directory create a symbolic link with the name of your smb share that points to /Network/<Server Name>... That way //<Server Name>/<Share Name> will work, and the mount will work no matter who is logged in -- I think I chmoded the dir I created at the root level with the server's name to 777, but I don't know if this is really needed. Let me know what your results are. Send me an email directly. --=C Courtney@(email surpressed) Abraham Schneider wrote: Yes, me too. Would be nice if you could share your knowledge with us. Thanks, AbrahamI'd be interested. Thanks Courtney On Sep 2, 2005, at 1:15 PM, Courtney Irvin wrote:If anyone is interested in using this method instead of using the mount command, I can post exactly how I have things set up.. . . . . . . . . . . . . . . . . . . . . . . . Gary Jaeger // Core Studio + www.corestudio.com + |