Finder + ACLs over AFP Mounted Remote Volume

Hey Guys!
My Finder is not able to display ACLs on files coming from an AFP mounted volume. The ACLs are there -- ``ls -lef'' displays them correctly. If there some obvious thing here that I'm missing?
regards,
P

Yes, sort of. Whenever you're doing an "opportunistic mount" where the server and client are not joined to the same directory domain, permissions masking will take place. When masking is in effect, it maps access from the currently logged-in user (session owner) on the client to the server share point based on the name and password entered after choosing Go > Connect to Server.
When dealing with masked permissions, this will be the case:
* On the client-side, the Finder Info windows may or may not correctly show all ACLs and POSIX permissions of items on the share point. They may simply display effective access - e.g. "you can only read" - without further detail. This depends on the protocol. Typically AFP share points will show correct server-side ACLs and POSIX permissions.
* On the client-side, listing (ls) the contents of the share point via Terminal will indicate that the session owner has full control and is the "POSIX owner" with others' access at zero (0700). These are the masked permissions, not the real ones.
* On the server, permissions listed via ls in Terminal or Server Admin's File Sharing section will be the correct ones.
--Gerrit

Similar Messages

  • Server 10.4, Older Clients, and ACLs over AFP

    What's the deal with ACLs in 10.4.5 and old clients (e.g. 10.3 clients)? Should 10.3 clients respect ACLs, or should they be default to the POSIX permissions when logged in to the server using AFP in Finder? What about an OS 9 client over Appletalk?
    Quicksliver G4   Mac OS X (10.4.5)  

    I can confirm that server-side Effective Permissions, including ACLs, are utilized by pre-Tiger systems. With that in mind, though, note that Mac OS X 10.2 through 10.3.9 and earlier may show fake "POSIX" permissions in their Info windows (usually in the form of an owner that "changes"). Mac OS 9 systems may show something unexpected as well.
    Mac OS X 10.4 uses AFP 3.2, which supports a maximum volume size of at least 16 TB; that's the maximum file size as well. Since the AppleShare client 3.8.8 and 3.8.9 in Mac OS 9.1 and 9.2.2 were designed for AFP 2.2, the maximum volume size will be 2.0 TB; likewise, the maximum vile size is 2.0 GB. See the File Sharing limitations for Mac OS 9 in this document for more details: http://docs.info.apple.com/article.html?artnum=15460
    Likewise, Mac OS 9 uses Mac OS Roman name encoding for English language systems. For all systems, Mac OS X uses Unicode file name encoding. One side effect of this is that Mac OS 9 systems will truncate file names to 31 characters, and non-Roman characters (for English systems) may not display correctly.*
    Further, the AFP process in Mac OS X and Mac OS X Server is not configured to support transport connections using the AppleTalk protocol. This is not new to Mac OS X 10.4 Tiger, even though client support for AFP over AppleTalk has been removed in Mac OS X 10.4. That is, all Mac OS X Server systems have utilized TCP/IP for transport since Mac OS X 10.0. Thus, your client systems need to have TCP/IP networking configured.
    Mac OS X 10.2 and later can browse for your server using multicast DNS (mDNS/Rendezvous/Bonjour). To enable browsing for your server from Mac OS 9 systems, the easiest thing to do is to enable AppleTalk for the server's primary Ethernet interface. This will allow all systems to browse for (locate) your server more easily. Earlier versions of Mac OS X Server supported SLP broadcasting, which is a TCP/IP-based server announcement supported by Mac OS 9 through Mac OS X 10.4.x.
    * The HFS+ filesystem supports 255-character Unicode names, but that feature was not utilized until the release of Mac OS X 10.0, even though HFS+ was introduced in Mac OS 8.1.
    --Gerrit

  • How can I set ACLs on MAC remote volumes.

    Hi,
    I am having Mac OS X 10.5 leopard as server and 10.4 as client. I have mounted 10.5 server from 10.4 remotely through Apple Filing Protocol(Basically an AFP mount). On the remote mounted volumes I am unable to enable/set the ACLs right now. But I have already enabled the ACLs on 10.5 local volumes before I mount them from different clients.
    "sudo fsaclctl -p </Volumes/MACVOL1> -e" is the command used to enable ACLs on the remote MAC Volumes. This one throwed ENOT SUPPORT error. It should not be due to any file system differences, as both are having same file system.
    *Basically I want to see an ACL(AFP's FPGetACL/FPSetACL) request going on wire from a MAC client to contact the MAC server.*
    I have tried the option of workgroup manager. There the sharing option was dimmed out after the authentication part. And I was unable to add the remote server in the server admin part. I have tried all the options that were suggested in various threads. But nothing worked out.
    I am looking out for some simpler solution to see the ACL request coming from a Mac client directing to a MAC server.
    Thanks,
    Yogesh.

    Any suggestions please...

  • Searches within InDesign Have Stopped Working on AFP Mounted Volumes On OS X 10.9

    I have run into a new problem since using InDesign CC on a Mac running Mavericks, the search function has ceased working on AFP mounted volumes. For example, when placing an image, if I navigate to a pot of images on my server and then tap in part of the file name within the search field there is nothing found, even though the file name I am searching for is there.
    I have spoken to Adobe technical support who said "well I do apologize for your inconvenience however adobe does not support if the file is on the network. We would be happy to help you if there is any issue with Search if the files are located locally". Slightly frustrating answer!
    This issue looks to be related to the Mavericks operating system as I have Macs running OS X 10.8 which are fine, it is only the OS X 10.9 Macs that have this problem. Is anyone else having these issues?

    I have no problem on two Macs running Mac OS X 10.9.2 with InDesign CC 9.2.
    Have you started by restoring your preferences. Here's how:
    Trash, Replace, Reset, or Restore the application Preferences
    If you use the delete folder method, remember that in OS X 10.9, the <Home> library his hidden. In the Finder, hold down the Option key, and choose Go > Library to make it visible.

  • Have Mac OS 10.7.4 installed on an iMac-3.1 GHz Intel Core i5...the Finder will not find file on Windows mounted volumes...what setting should we be using...tried the same settings as our iMac 10.6.8-did not work!

    Have Mac OS 10.7.4 installed on an iMac-3.1 GHz Intel Core i5...the Finder will not find files on Windows mounted volumes...what setting should we be using...tried the same/working settings as our iMac 10.6.8...did not work for 10.7.4!

    Added note: We are tring to find files on Windows 2008 Server Standard...

  • A better way to make Automator mount a volume?

    I made an Automator application, using the Record function, to mount a volume on a drive connected to my Mini. I also made a similar one to eject it. I use them as Calendar-triggered events as part of my backup scheme.
    They work well ... until I restart the Mini, when occasionally my two connected drives will mount in a different order. What happens then is that the sequence of mouse clicks recorded in Automator don’t find the correct volume.
    I wonder if there’s a better way to automate the mounting of a currently ejected disc (and later its ejection). Automator, as far as I can see, does not have the actions I need. It has Ask For/Connect to/Get specified Servers, but they seem only to be for network-connected stuff.
    Anyone know a better way?

    Welcome to Unix. 
    The key part of that shell script code is the test for the existence of the mount point (if [ -e /Volumes/dbamp ]), followed by a conditional block that — in the "else" section involved when the mount point wasn't found — creates it, and then mounts an AFP file system on that mount point.  Most of the rest of the baggage in that script is used to get the mysqldump database dumps over onto the target disk, once it's been mounted.
    Here's a very quick overview of the basics of scripting , Apple's introduction to the command line manual, there's a generic bash intro (which is good, but doesn't line up exactly with how bash is implemented on OS X) and O'Reilly has some reasonable books on bash and bash scripting.  Once you know and are comfortable with the basics, there are advanced bash guides available.

  • MCX Login Items: Mounting Server Volumes

    I noticed that when you set up a policy for a user,group or computer to mount a remote volue at login, you will get a Finder error if the volume can't be mounted for some reason (i.e.; the server is down, the volume is not available etc. This can be handy for troubleshooting.
    Is there a way to surpress the error, so my mobile users dont get an error when the remote volumes are unavailable?
    Example: A lot of my Mac users will have laptops, and thus sometimes they will be away from our LAN. I want they to still be bound to OD and have cached MCX settings when they are on the road. However, I dont want the users to get "Volume could not be found" errors.
    Message was edited by: Daniel Stranathan

    I think you should be able to use AppleScript to mount the volume, put that code inside a "try" construct, and leave the "on error" blank. Like this:
    try
    tell "Finder"
    mount volume "afp://[user]:[passwd]@[server hostname or IP]:/[sharepoint]"
    end tell
    on error
    -- do nothing
    end try
    I haven't tried this, but thought it might work.

  • Time machine backups to remote volumes

    Hi all,
    Been having trouble with backing up a Lion system onto a remote (network) volume.  The idea is basically to back up a (client) Mac onto a disk hosted by another Mac (the backup server).
    I can get the initial backup to work:
    1. share the disk to back up to on the backup server via File Sharing, and ensure to use an administrator account at the client Mac to log onto in order for it to see the backup disk.
    2. mount the backup disk over the network onto the client Mac.
    3. get Time Machine to select that network disk as a backup disk.
    4. start the backup.
    All this works, and I am left with a good initial backup.  However, subsequent backups fail with the following message after the client Mac is next rebooted:
    The syslog shows some rather perculiar difficulty in managing its backup disks:
    15/12/11 11:44:31.309 PM com.apple.backupd: Starting standard backup
    15/12/11 11:44:31.436 PM com.apple.backupd: Attempting to mount network destination URL: afp://Tony%20Kavadias@L%C3%B3rien._afpovertcp._tcp.local/Rivendell
    15/12/11 11:44:31.792 PM com.apple.backupd: Mounted network destination at mountpoint: /Volumes/Rivendell-1 using URL: afp://Tony%20Kavadias@L%C3%B3rien._afpovertcp._tcp.local/Rivendell
    15/12/11 11:45:10.045 PM com.apple.backupd: Failed to eject volume /Volumes/Rivendell-1 (FSVolumeRefNum: -104; status: -47; dissenting pid: 0)
    15/12/11 11:45:10.046 PM com.apple.backupd: Waiting 60 seconds and trying again.
    15/12/11 11:46:10.108 PM com.apple.backupd: Network destination already mounted at: /Volumes/Rivendell-1
    15/12/11 11:46:46.912 PM com.apple.backupd: Failed to eject volume /Volumes/Rivendell-1 (FSVolumeRefNum: -104; status: -47; dissenting pid: 0)
    15/12/11 11:46:46.913 PM com.apple.backupd: Waiting 60 seconds and trying again.
    15/12/11 11:47:46.967 PM com.apple.backupd: Network destination already mounted at: /Volumes/Rivendell-1
    15/12/11 11:48:23.618 PM com.apple.backupd: Failed to eject volume /Volumes/Rivendell-1 (FSVolumeRefNum: -104; status: -47; dissenting pid: 0)
    15/12/11 11:48:23.618 PM com.apple.backupd: Giving up after 3 retries.
    15/12/11 11:48:33.630 PM com.apple.backupd: Backup failed with error: 21
    More digging around leads to the observation that /Volumes/Rivendell-1 (the filesystem that Time Machine mounts from the backup server) is now stuck and cannot be unmounted—to get rid of it, I have to reboot the client Mac.  And that the sparse disk image file Annuminas.sparsebundle is mounted read-only when Time Machine attempts to mount it for writing subsequent backups to!
    The only way I can recover is to erase the backup and start another initial one, but that defeats the purpose of having a continuously running Time Machine backup.
    The client Mac is running Mac OS X 10.7.2 Lion, while the backup server is running Mac OS X 10.6.8 Snow Leopard.  The latter is really just using AFP services to export a disk to the network, whereas Lion is using Time Machine to make backups on the network disk.
    Any help or ideas would be greatly appreciated.  Many thanks,
    —tonza

    Oh... discovered something odd... the Time Machine Backups volume (that is the volume that is mounted from the Annuminas.sparseimage file on the fileserver) is being mounted read-only!
    /dev/disk0s2 on / (hfs, local, journaled)
    devfs on /dev (devfs, local, nobrowse)
    map -hosts on /net (autofs, nosuid, automounted, nobrowse)
    map auto_home on /home (autofs, automounted, nobrowse)
    afp_000000004oMw0oYHtK1bbUQr-1.2d000004 on /Volumes/Rivendell (afpfs, nobrowse)
    /dev/disk1s2 on /Volumes/Time Machine Backups (hfs, local, nodev, nosuid, read-only)
    How is Time Machine going to write to a read-only volume?!  This is not making any sense!
    If there is one thing I do know about the BSD kernel is that filesystems are mounted read-only if it has been detected by the filesystem driver that a volume is marked dirty or corrupt.  Another thing I'll do is check via Disk Utility that Time Machine Backups needs to be fixed.  If Time Machine is indeed making faulty sparse images, it may be due to Snow Leopard's AFP server after all.
    —tonza

  • Copy files from mounted pc volume to mac

    Hi all,
    I have a problem with the following script:
    var xmlfile = File.openDialog("Choose XML");
    var result = File(xmlfile).copy("~/Desktop/" + xmlfile.name);
    This result is false (can't be copied) when the file is an a mounted PC Volume. (/Users/Public/Documents/)
    In applescript this works fine:
    tell application "Finder"   
         set xmlfile to (choose file)
         move xmlfile to desktop
    end tell
    The source is on the same Volume.
    Does javascript have a problem with accessing remote volumes?
    Can someone help?
    Kind regards,
    Michel

    Answered in your other thread. Please don't double post, it can lead to people wasting their time answering a question which has already been answered in the other thread.

  • Mounting Remote Shares with the Same Name

    I am accessing shares on remote servers and can mount volumes with no problems initially, using command+k and setting the Server Address to smb://ServerNameOrIP/SharePoint. This mounts a volume with the name of the share point. The problem I've run into is at work I need to mount 2 volumes on 2 different servers with the same share point name. These are shared servers, and for unrelated reasons the folder names on either server can not be changed. This doesn't work well for me. It creates the first volume with the name "Share" and a second one that in finder appears to be called "Share" as well, but if I use "Get Info" or in Terminal run ls /Volumes I can see that it actually gets mounted as "Share-1".
    Is it possible to change the name of one (or both) of these mounts? Mostly so I can see which one I'm on when browsing though Finder. I changed some settings in Finder so that the title bar allows me to see whether I'm on "Share" or "Share-1" but that doesn't actually tell me what server I'm on. Any ideas?

    I just discovered this after trying frivolously to get 2 shares of the same name from 2 different NAS drives to auto mount ....
    limitation with autofs or something ? it should really be painless, as it is in windows. but it seems on the mac side, OS X won't allow shares with the same name to auto mount ....

  • InDesign CS4 (ver.6) can not package all images from afp mounted server

    I'm experiencing an issue on multiple Intel Mac's running OS 10.6.8 when packaging files some of the server based art does not collect.
    In some folers some of the art collects and in the same folder some other files don't.
    The missing files are generally .jpg or .eps and it's a combination of these files that are not being collected.
    Images are sometimes shared between users but the missing images do not appear to be open elsewhere.
    The docuemtns are stored across several AFP mounted server hosted on a Windows 2004 Server running ExtremeZIP to allow AFP cpnnection.
    Moving the files to different volumes on the server does not appear to resolve this issue.
    Any thoughts or questions? Apologies if this isn't clear.

    I just had this happen again with a new InDeslgin CS4 file, I took the missing images and relinked them to a new folder I just created on my desktop and it still does nt collect these files. So not only the server, but now my desktop, and it's not just my computer, I can reproduce on other macs in 10.6.8
    I convertd the files from .EPS (from Photoshop: they're flattned) to .PDF (from Apple Preview) and relinked them, and I was not able to package either.
    I did find the solution:
    I checked off "Include Fonts and Links Hidden and Non-Printing Content"
    even though these items were on visible layers and not on the pasteboard they were excluded before I checked it off.
    Thanks for your help!

  • Auto-mounting AFS volumes

    I've read there are two 'ways' of doing it, 'dynamically', and 'statically'. Which way do I want to do it, the following, and how do I do it, exacly?
    I've got GNU Linux servers tarfu, snafu and fubar. Each server is sharing at least 1 volume via netatalk. I have had to mount these volumes after I login since I set up the system about a year ago. I noticed that the "connect at startup" (or whatever it was called) checkbox present from OS ~ through OS 9 was missing, and figured, "oh well. I'll live without it", well, Now I am done living without it.
    I want to mount shares at a) boot time or b) login time.
    How?
    I have scoured google for decent instructions, but all I came up with was this: http://www.bombich.com/mactips/automount.html
    Not very helpful. There are no Auth options, which I require, and the instructions just aren't written very well.
    Does anyone have any instructions, a blow-by-blow document telling me just how to do what I want to do?

    What about applescript ??
    I set up an applescript for a client yesterday, that i made into an application... which i told to load on login... would that help ??
    My script is below (you'll need to copy into 'Script Editor') and save as an application after cutomising it:
    COPY FROM HERE:
    tell application "Finder"
    if (exists disk "sharename") then
    set volumemounted to true
    display dialog "'sharename' is already mounted on the Desktop" buttons {"OK"}
    if volumemounted = "true" then
    quit
    end if
    else
    try
    mount volume ("afp://username:[email protected]/sharename")
    display dialog "'sharename' was mounted on your desktop." & return & return & "Happy Sharing!" buttons {"OK"}
    on error
    display dialog "There was an error mounting the 'sharename' Disk. Check the disk is connected to its computer and turned on." buttons {"OK"}
    end try
    set volumemounted to true
    end if
    end tell
    COPY TO HERE
    You'll need to customise the parts in bold...
    Ask if you need further clarification...
    Cheers.
    Macbook 17" Duo2   Mac OS X (10.4.8)  

  • Creating DMGs mountable over AFP

    Hi there,
    I`m wondering how to create a DMG file, that is mountable via AFP over the Internet.
    Here is the situation.
    We have our own server with network drives shared over FTP / AFP.
    From multiple locations we access the server (Mac OS X Leopard Server) to get data from it via AFP (mount drives in Finder).
    One of the drives stores our software.
    And when there`s a software that is not freeware, we got used to make a DMG file from the App (or installer) + text file with serial number and sometimes other stuff like manual in PDF.
    When I take for instance Toast 9 from Roxio and put their DMG on the server, I can mount it without copying the whole 230 MB file to my computer. Only via internet. And it gets mounted within seconds. Even on my 4 Mbit/s internet connection.
    But when I create compressed DMG file without encryption in Disk Utility (I use the option to create new disk image from folder) and put such a DMG on the network drive, it takes really long to mount it. It seems to me like with such a DMG the Finder needs to cache it somehow, i.e. Finder needs to copy the file first to my computer and then mount it.
    It can be seen also through Activity Monitor and the Network Traffic tab, that system is transferring some data with full speed of my internet connection.
    Can somebody give me an advice, how to create a DMG file, that can be mounted via internet, without the need of being first cached locally?
    Thanks a lot...

    Google the search terms "encrypted NAS" and see if anything there is of any help to you.

  • Mounting Server Volumes Via Startup Items

    I'm going crazy here trying to figure out what's going on with my wireless AirPort network!!!
    While trying to set up the first G4 iBook (10.4.2) from an Apple wireless cart I've discovered that I can't get a server volume to automatically mount at startup. I'm connecting to an AirPort Extreme base station. The iBook has no problem detecting and connecting to the base station and allowing an Internet connection and you can manually connect to a file server. But if I add a server volume to the Startup Items I can't get it to mount the volume at startup.
    Here's some stuff I've done to try to isolate the problem but nothing seems to point to a solution:
    - If I connect via Ethernet, it works everytime - so the issue is definately AirPort related.
    - Since I have 3 other independent AirPort networks (Extreme & Dual Ethernet) I tried connecting to them - no help.
    - After startup is finished I can connect manually (Go/Connect to Server).
    - Here's a real stumper... If I log out (not a reboot) & log back in - the volumes mount!!!
    - Up until now I had my personal eMac (10.3.9) connecting and mounting the same volumes via one of my previously mentioned AirPort networks with no problems. In trying to solve this problem I cleared out my Startup Items, Keychains, etc. - now I can't get it to work either.
    - I tried setting a new user in case it was some fouled up user setting - no help.
    - I've cleared out and set up Keychains & Startup Items numerous times - no help.
    - I disabled security - no help.
    So in my opinion I've ruled out the following by process of elimination:
    - System hardware - problem exists with eMac & iBook
    - OS - problem exists with 10.3.9 & 10.4.2
    - Base station - problem exists across differing base stations (Extreme & Dual Ethernet) & differing networks
    - Users - problem exists with new user
    - Security - problem exists with security disabled
    Here's the one thing that seems evident....
    The connection to any Airport network takes a momentary delay during startup - enough to cause to Startup Items (server volumes) not to mount. Since I can connect to the server manually shows that the AirPort connection is good. Logging out & then back in uses an AirPort connection that is already established and then will mount the Startup Items (server volumes).
    I've seen some Internet posts that suggest using scripts to somehow delay certain Startup Items from executing until an AirPort connection is established - I would rather avoid that mess. There's got to be a better solution! This seems to me like a very basic function that shouldn't take scripts or other such voodoo!
    I'm all out of ideas.....
    Dave

    Hi Dave,
    I recently had the same problem. I think a recent update messed up the way I was using applescript to mount drives. I would get messages while the script ran that would indicate things timing out while looking for drives. After reading through a lot of forums I found that this script worked for me:
    tell application "Finder"
         mount volume "afp://user:[email protected]/VolumeName"
    end tell
    This is for mounting a Mac server volume. I think you use smb:// for a win server.
    Let me know if this works for you.
    Herb

  • Unusually access over AFP since 10.4.6

    Hello,
    since we upgraded our clients and our XServe to OS 10.4.6, there is unusually much more access to the shared folder of the XServe. I checked it with fs_usage on the clients and on the server. On the clients you can see, if the shared folder is connected, the Finder is doing much access to this folder (but all applications are closed) and this never stops.
    On the server it looks like a permanent scan of the folders over AFP.
    The shared folder on the server is an XSAN-Volume and now the performance of AFP goes completely down
    Has someone an idea, what the Finder of the clients is doing now and how I can stop this?
    Mac OS X (10.4.6)
    XServe   Mac OS X (10.4.6)  

    Nice, a .DS_Store file was the reason! I have deleted all .DS_Store files on the shared Volume and now it works fine!
    Now, I will disable the .DS_Store files on Networkvolumes. Therefor I found this:
    http://forum.onmac.net/archive/index.php/t-334.html
    Thanks - Jan
    Mac OS X (10.4.6)

Maybe you are looking for