Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Question:

Question: Automount share as non ROOT or SYSTEM user!

The most annoying bug I've found yet!


I have two machines, an iMac and a Mac Book Pro.


The MBP was an upgrade from 10.6.8 to 10.7 the iMac was a full reinstall (erased the drive and booted off a flash installer I made for 10.7)


The MBP was previously configured (in 10.6x) to automount a few AFP shares from my local NAS. This had been working perfectly. After upgrading to lion, the entries in /etc/fstab were still there and the shares are still functioning fine.


I added the EXACT entries from the fstab file on the MBP to the fstab on the iMac. Now when the iMac boots the AFP shares are automounted by the system/root user and therefore are not accessible to any normal (admin) user on the iMac. No matter what I try I can't get it to automount those shares as a non system/root user. Clearly something changed with AFP configuration in Lion, yet the upgraded MBP still funcitons as it did before, so some new default automount / autofs setting has changed yet it wasn't touched in the upgrade. I'm wondering if anyone is aware of an AFP or Automount or autoFS setting I can try changing on the iMac to get this working?


To test things further, I changed the FSTYPE in fstab from afp to cifs just to test and it still mounts the shares as the root/system user. Yet if I use mount_afp or mount_smbfs it will obviously mount those shares as the user that is running the command, which is desirable. The only problem in doing this is if I disconnect from the network or the share drops it will not automatically reconnect and I'd have to run the command again.

iMac, Mac OS X (10.7), Extreme 2.8ghz 16GB RAM

Posted on

Reply

Page content loaded

Aug 16, 2011 2:56 PM in response to abricko In response to abricko

I used these instructions to attempt the same thing. I got the same results described above: the share mounts, but only root can get into it. Instead of being owned by the user account and the "staff" group (which is what you get if you use Command-K in the Finder to mount a share), the automount directories are owned by root/wheel. Try to Chown the shares to yourself and nothing happens. No error, and no chown.


I called Apple for help and they said that anything involving command-line stuff is user-supported. :-(


I'll post back if I fingure anything out.

Aug 16, 2011 2:56 PM

Reply Helpful

Aug 22, 2011 2:18 PM in response to abricko In response to abricko

FYI -- I was just now able to "wake up" the mounts and have them be visible again by issuing an 'automount -vc' command in the shell as root. It took a minute or two for the folders to all become visible, but they are now accessible. I don't know how long it will last, since they seem to go to sleep after a while. Maybe it's a workaround until something more robust gets figured out...?

Aug 22, 2011 2:18 PM

Reply Helpful

Aug 22, 2011 2:36 PM in response to abricko In response to abricko

It seems to work fine here. I normally use MacFUSE but I was able to get AFP working too. The big difference is that SSH actually has more capability because Keychain provides ssh-agent. I can therefore login without hard-coding a password anywhere. That isn't as easy to do with AFP. It may be possible, but not easy.


Can you list what your config files look like?

Aug 22, 2011 2:36 PM

Reply Helpful

Nov 7, 2011 7:02 AM in response to hugoduraes In response to hugoduraes

hugoduraes wrote:


So, how can we warn Apple about this issue?


I'm not an expert on auto-mounting by any means. So if this is something to warn Apple about or is more of a make this nicer feature request, is left up to someone who is.


As always, to contact Apple: www.apple.com/feedback

Nov 7, 2011 7:02 AM

Reply Helpful

Nov 7, 2011 8:35 AM in response to hugoduraes In response to hugoduraes

I suggest starting your own thread to discuss whatever problem you are having. The original poster has one out of two machines misconfigured. We have not been able to reproduce any problem so there is not yet anything to report to Apple. If you explain your issue in more detail, we may be able to find out what is wrong.

Nov 7, 2011 8:35 AM

Reply Helpful

Dec 2, 2011 6:21 PM in response to abricko In response to abricko

Possible Fix that I found from different posts across the Internet.


I was originally mounting AFP shares from my NAS by putting the following line in my /etc/fstab file


(hostname):(share) (mount_point) url automounted,url==afp://(username):(password)@(hostname)/(share) (mount_point) 0 0


This was on an MacMini with 10.6, on my laptop with 10.7 I tried the same line and it gave me the permissions issue as abricko had. Now my MacMini is also giving me issues when it reboots. Researching the vast Internet I found the suggestion of creating a seperate auto_afp file for Autofs to use so here is what I did.


Create and set permissions

$ sudo touch /etc/auto_afp

$ sudo chmod 600 /etc/auto_afp


Open for editting

$ sudo vi /etc/auto_afp


Place the following style entry for your NAS

(local_mountpoint) -fstype=afp afp://(username):(password)@(hostname)/(share)


Make autofs aware of auto_afp

$ sudo vi /etc/auto_master


Add the following line

/- auto_afp -nosuid


Restart autofs

$ sudo automount -vc


This "seems" have worked for me. I completely unmounted everything, made these changes and the share appeared at my mount point and I could access it as my user (mountpoint permissions are 700 user:wheel).



Hope this helps someone.


Message was edited by: bmorgenthaler

Dec 2, 2011 6:21 PM

Reply Helpful

Dec 2, 2011 7:08 PM in response to etresoft In response to etresoft

etresoft wrote:


Nice post! Do you know how to remove the password from the file? I have a link to another thread that uses C code. It would be nice if Lion had something built-in.


Unfortunately I do not, mount_afp doesn't support a -o credetials=/some/file/some/where like mount_cifs does so you can't put that into the auto_afp file.


That best protection for this setup is the chmod 600 on the file so only your admins can read it. Unfortunately if everyone is an admin, eh not so good.

Dec 2, 2011 7:08 PM

Reply Helpful
User profile for user: abricko

Question: Automount share as non ROOT or SYSTEM user!