From: Greg Ercolano <erco@(email surpressed)> Subject: [OSX/Admin] Samba mounts allow multiuser Date: Thu, 31 Oct 2013 03:13:46 -0400 |
Msg# 2358 View Complete Thread (1 article) | All Threads Last Next |
The following screen history compares OSX Mavericks/Lion/Snow Leopard/Tiger using mount_smbfs to mount a windows file server, and see how multi-user access varies. In the following cases, I have a windows XP machine named "superior" acting as the file server sharing a directory 'Documents', so the UNC is //superior/Documents. The variation in behavior over the releases is 'interesting'. These tests were done some months apart, hence the date/time differences. The recent releases (Lion and up) seem the best so far for production; the perms reflect what we expect, and supports multiuser access. Snow Leopard is OK too in that it supports multiuser access, but the ownerships shown are inaccurate. Tiger worst: multiuser access to an SMB share unusable. START: MAVERICKS SCREEN HISTORY ------------------------------- # sw_vers ProductName: Mac OS X ProductVersion: 10.9 BuildVersion: 13A603 # whoami root # mkdir /tmp/sup # mount_smbfs //superior/Documents /tmp/sup <-- as root, mount the windows share Password: # ls -la /tmp/sup total ### drwx------ 1 _unknown _unknown 16384 Aug 2 2012 . <-- owner _unknown/_unknown (apparently root) drwxrwxrwt 9 root wheel 306 Oct 30 23:36 .. -rwxrwxrwx@ 1 _unknown _unknown 6148 Jul 31 2012 .DS_Store -rwxrwxrwx 1 _unknown _unknown 62 Jan 30 2008 desktop.ini drwx------ 1 _unknown _unknown 16384 Apr 1 2009 microsoft # touch /tmp/sup/afile <-- create a file, permitted to do so # ls -la /tmp/sup/afile -rwxrwxrwx 1 _unknown _unknown 0 Oct 30 2013 /tmp/sup/afile <-- owner _unknown, but rwx for all # su - fred <-- become new user 'fred' fred $ ls -la /tmp/sup <-- see if he can see smb mount total ### drwx------ 1 fred staff 16384 Oct 30 23:41 . <-- it works, owner of everything now fred/staff (!) drwxrwxrwt 9 root wheel 306 Oct 30 23:46 .. -rwxrwxrwx@ 1 fred staff 6148 Jul 31 2012 .DS_Store -rwxrwxrwx 1 fred staff 0 Oct 30 23:41 afile -rwxrwxrwx 1 fred staff 62 Jan 30 2008 desktop.ini drwx------ 1 fred staff 16384 Apr 1 2009 microsoft fred $ touch /tmp/sup/afile2 <-- create a file as 'fred' fred $ ls -la /tmp/sup/afile2 -rwxrwxrwx 1 fred staff 0 Oct 30 2013 /tmp/sup/afile2 <-- same perms as 'afile' made by root fred $ umask <-- view umask for what it's worth 0022 <-- 22, whatever, smbfs isn't unix.. fred $ exit exit # su - jack <-- become jack jack $ ls -la /tmp/sup <-- same results as 'fred'.. total ### drwx------ 1 jack staff 16384 Oct 30 2013 . drwxrwxrwt 9 root wheel 306 Oct 30 23:47 .. -rwxrwxrwx@ 1 jack staff 6148 Jul 31 2012 .DS_Store -rwxrwxrwx 1 erco staff 0 Oct 30 23:41 afile -rwxrwxrwx 1 erco staff 0 Oct 30 2013 afile2 -rwxrwxrwx 1 erco staff 62 Jan 30 2008 desktop.ini drwx------ 1 erco staff 16384 Apr 1 2009 microsoft jack $ touch /tmp/sup/afile3 jack $ ls -la /tmp/sup/afile3 -rwxrwxrwx 1 jack staff 0 Oct 30 2013 /tmp/sup/afile3 jack $ umask 0022 --------------------------------------------------------------------------- END OF MAVERICKS SCREEN HISTORY START: LION SCREEN HISTORY -------------------------- # sw_vers ProductName: Mac OS X ProductVersion: 10.7 BuildVersion: 11A511 # whoami root # mkdir /tmp/sup # mount_smbfs //superior/Documents /tmp/sup <-- as root, mount the windows share # ls -la /tmp/sup <-- view mount, works total ### drwx------ 1 _unknown _unknown 16384 Jul 31 22:15 . <-- owner is _unknown/_unknown (apparently root) drwxrwxrwt 14 root wheel 476 Jul 31 22:07 .. -rwxrwxrwx@ 1 _unknown _unknown 6148 Jul 31 22:15 .DS_Store -rwxrwxrwx 1 _unknown _unknown 62 Jan 30 2008 desktop.ini drwx------ 1 _unknown _unknown 16384 Apr 1 2009 microsoft # touch /tmp/sup/afile <-- create a file, works # ls -la /tmp/sup/afile -rwxrwxrwx 1 _unknown _unknown 0 Jul 31 22:10 /tmp/sup/afile <-- owner _unknown, but rwx for all # su - fred <-- become fred fred $ ls -la /tmp/sup <-- view mount total ### drwx------ 1 fred staff 16384 Jul 31 22:15 . <-- owner is now fred drwxrwxrwt 14 root wheel 476 Jul 31 22:07 .. -rwxrwxrwx@ 1 fred staff 6148 Jul 31 22:15 .DS_Store -rwxrwxrwx 1 fred staff 0 Jul 31 22:10 afile <-- owner/group is now fred/staff -rwxrwxrwx 1 fred staff 62 Jan 30 2008 desktop.ini drwx------ 1 fred staff 16384 Apr 1 2009 microsoft fred $ touch /tmp/sup/afile2 <-- create a file, works fred $ ls -la /tmp/sup/afile2 -rwxrwxrwx 1 fred staff 0 Jul 31 22:11 /tmp/sup/afile2 <-- owner fred/staff, but rwx for all fred $ umask <-- check umask for fun 0022 <-- 22, whatever, smbfs isn't unix.. fred $ exit # su - jack <-- become jack jack $ ls -la /tmp/sup total ### drwx------ 1 jack staff 16384 Jul 31 22:15 . <-- owner is now jack drwxrwxrwt 14 root wheel 476 Jul 31 22:07 .. -rwxrwxrwx@ 1 jack staff 6148 Jul 31 22:15 .DS_Store -rwxrwxrwx 1 jack staff 0 Jul 31 22:10 afile -rwxrwxrwx 1 jack staff 0 Jul 31 22:11 afile2 -rwxrwxrwx 1 jack staff 62 Jan 30 2008 desktop.ini drwx------ 1 jack staff 16384 Apr 1 2009 microsoft [etc.. same behavior as was for fred..] --------------------------------------------------------------------------- END OF LION SCREEN HISTORY START: SNOW LEOPARD SCREEN HISTORY ---------------------------------- # sw_vers ProductName: Mac OS X ProductVersion: 10.6.8 BuildVersion: 10K549 # whoami root # mkdir /tmp/sup # mount_smbfs //superior/Documents /tmp/sup <-- create mount, works Password: # ls -la /tmp/sup <-- view the mount total ### drwx------ 1 root wheel 16384 Jul 31 22:44 . <-- owner root/wheel drwxrwxrwt 9 root wheel 306 Jul 31 22:13 .. -rwx------@ 1 root wheel 6148 Jul 31 22:31 .DS_Store -rwx------ 1 root wheel 62 Jan 30 2008 desktop.ini drwx------ 1 root wheel 16384 Apr 1 2009 microsoft # touch /tmp/sup/rootfile <-- create a file, works # ls -la /tmp/sup/rootfile -rwx------ 1 root wheel 0 Jul 31 2012 /tmp/sup/rootfile <-- owner root/wheel, rwx to user only # umask <-- check umask for fun 22 <-- 22, whatever; smbfs isn't unix # su - fred <-- become fred fred $ ls -la /tmp/sup total ### drwx------ 1 root wheel 16384 Jul 31 22:47 . <-- owner still root drwxrwxrwt 10 root wheel 340 Jul 31 22:47 .. -rwx------@ 1 root wheel 6148 Jul 31 22:31 .DS_Store -rwx------ 1 root wheel 62 Jan 30 2008 desktop.ini drwx------ 1 root wheel 16384 Apr 1 2009 microsoft -rwx------ 1 root wheel 0 Jul 31 22:47 rootfile fred $ touch /tmp/sup/fredfile <-- create a file, works even though perms say we can't fred $ ls -la /tmp/sup/fredfile -rwx------ 1 root wheel 0 Jul 31 2012 /tmp/sup/fredfile <-- owner root, rwx to user only fred $ exit [..same behavior if we su to other users..] --------------------------------------------------------------------------- END OF SNOW LEOPARD SCREEN HISTORY START: TIGER SCREEN HISTORY --------------------------- # sw_vers ProductName: Mac OS X ProductVersion: 10.4.11 BuildVersion: 8S165 # whoami root # mkdir /tmp/sup # mount_smbfs //superior/Documents /tmp/sup Password: # ls -la /tmp/sup total ### drwxr-xr-x 1 root wheel 16384 Dec 31 1969 . <-- owner root/wheel, rwxr-x-r-x perms, 0 epoch date drwxrwxrwt 6 root wheel 204 Jul 31 22:51 .. -rwxr-xr-x 1 root wheel 6148 Jul 31 22:31 .DS_Store -rwxr-xr-x 1 root wheel 62 Jan 30 2008 desktop.ini drwxr-xr-x 1 root wheel 16384 Apr 1 2009 microsoft # touch /tmp/sup/rootfile <-- create file, works # ls -la /tmp/sup/rootfile -rwxr-xr-x 1 root wheel 0 Jul 31 22:54 /tmp/sup/rootfile <-- owner root/wheel, perms rwxr-xr-x # umask <-- check umask for fun 22 <-- matches, but probably more to do with mount point perms # su - fred fred $ ls -la /tmp/sup <-- try to view mount ls: /tmp/sup: Permission denied <-- nope (!) fred $ ls -la /tmp/ <-- try to see perms on mount ls: sup: Permission denied <-- can't even see directory entry (!) total ### drwxrwxrwt 6 root wheel 204 Jul 31 22:51 . drwxr-xr-x 7 root wheel 238 Jul 19 12:45 .. srw-rw-rw- 1 root wheel 0 Jul 19 12:46 .aksusb [..tmp files..] fred $ exit # umount /tmp/sup <-- unmount # ls -lad /tmp/sup <-- view perms on mount point drwxr-xr-x 2 root wheel 68 Jul 31 22:51 /tmp/sup <-- 755 # chmod 777 /tmp/sup <-- let's try 777 and remount # mount_smbfs //superior/Documents /tmp/sup Password: # ls -al /tmp/sup <-- view mount total ### drwxrwxrwx 1 root wheel 16384 Dec 31 1969 . <-- now everything rwxrwxrwx drwxrwxrwt 6 root wheel 204 Jul 31 22:59 .. -rwxrwxrwx 1 root wheel 6148 Jul 31 22:31 .DS_Store -rwxrwxrwx 1 root wheel 62 Jan 30 2008 desktop.ini drwxrwxrwx 1 root wheel 16384 Apr 1 2009 microsoft -rwxrwxrwx 1 root wheel 0 Jul 31 22:54 rootfile # su - fred <-- become fred again fred $ ls -al /tmp/sup <-- try again, since mount is 777 ls: /tmp/sup: Permission denied <-- nope (!) fred $ ls -la /tmp/ <-- try to see mount point perms ls: sup: Permission denied <-- can't even see them (!) total ### drwxrwxrwt 6 root wheel 204 Jul 31 22:59 . drwxr-xr-x 7 root wheel 238 Jul 19 12:45 .. srw-rw-rw- 1 root wheel 0 Jul 19 12:46 .aksusb [..tmp files..] --------------------------------------------------------------------------- END OF TIGER SCREEN HISTORY |