Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Can't use mount_smbfs as root?

I have a launchd job that runs a shell script on a Snow Leopard server. The shell script backs up a share on another Windows server. Works great. Part of the script, of course, is mounting the share:


mount_smbfs -d 0500 -f 0400 //'domain;login:password'@server/share mountpoint


This works fine in Snow Leopard. The same code, when run as root on LION (as required for a system level launchd job) FAILS with an authentication error. The very same code works fine when run as a local admin user.


It seems root cannot use mount_smbfs on Lion systems? What am I missing here?

Mac mini, Mac OS X (10.7.2), Server OS

Posted on Nov 29, 2011 12:38 PM

Reply
40 replies

Nov 29, 2011 1:02 PM in response to etresoft

It seems non-root users can't attach shares to mountpoints in /Volumes. Receive an "operation not permitted". So, the script as written won't work from a non-root account.


Let's ignore the fact, for the moment, that the goal is to have this run from a launchd job.


Simply speaking, when I'm su'd in as root, I can't use mount_smbfs. Admin and non-admin users work fine (provided the mountpoint is in a sensible location).

Nov 30, 2011 9:13 AM in response to etresoft

/Volumes is no more special than any other location. Root has privileges to write there, and it's a perfectly sane place to drop a mountpoint.


Ignore that.


Yes, the mount has to be performed as root, as the goal is to back up a Windows server by shell script triggered on a schedule with launchd (while no one is logged in). Worked fine in Snow.


As usual, Apple changed something, and hasn't documented it. We're left to fumble around in the dark hoping we stumble on the solution.

Nov 30, 2011 6:45 PM in response to VPAhelp

VPAhelp wrote:


/Volumes is no more special than any other location. Root has privileges to write there, and it's a perfectly sane place to drop a mountpoint.

/Volumes is special. It is owned by Autofs. Even root doesn't have full control over it because it is already managed by root via Autofs.


Yes, the mount has to be performed as root, as the goal is to back up a Windows server by shell script triggered on a schedule with launchd (while no one is logged in). Worked fine in Snow.


Why do you need root for that?


As usual, Apple changed something, and hasn't documented it. We're left to fumble around in the dark hoping we stumble on the solution.


Ah! I love commentary.


Just because something behaved as you expected in Snow Leopard doesn't mean your expectations were valid. There is no reason you need root to manually mount something on /Volumes to backup some other machine. It would be better to have the other machine login as un unprivileged user on the Mac and back itself up.

Dec 1, 2011 8:11 AM in response to etresoft

/Volumes is special. It is owned by Autofs. Even root doesn't have full control over it because it is already managed by root via Autofs.

You're mistaken. /Volumes is owned by root:admin. AutoFS is irrelevant. I should be able to define a folder as a mountpoint wherever I'd like as root, and mount a filesystem there. It's that simple. Sheez... non-root users can perform this function! root can't even mount a filesystem with mount_smbfs regardless of location of the mountpoint!! This is repeatable on multiple machines, with both Lion server and client.


Why do you need root for that?


As I said, the goal is a system-level launchd job that runs on a schedule with no user logged in. Those, as far as I can tell, by definition run as root.


Ah! I love commentary.

Glad to hear it. Your's is pretty ripe and invigorating, too.


There is no reason you need root to manually mount something on /Volumes to backup some other machine. It would be better to have the other machine login as un unprivileged user on the Mac and back itself up.

The "other machine" in question is a Win 2K8 box.


Look, I came here asking a simple question. Ignore my goals. They are clearly irrelevant to you, and if you'd perform the task at hand differently, that's fine. The long and the short of it is that if you try to run mount_smbfs as root in Lion, it will fail with an authentication error. It doesn't matter where the mountpoint is. Try it. Now, come back and give me a good reason why the root user can't or shouldn't be able to use mount_smbfs just like any other user.

Dec 1, 2011 9:49 AM in response to VPAhelp

VPAhelp wrote:


You're mistaken. /Volumes is owned by root:admin. AutoFS is irrelevant. I should be able to define a folder as a mountpoint wherever I'd like as root, and mount a filesystem there. It's that simple.

If it is that simple, why can't you do it? I'm the one telling you it is complicated. The evidence seems to be in my favour.


Sheez... non-root users can perform this function!


Then why don't you do with with something other than root?


As I said, the goal is a system-level launchd job that runs on a schedule with no user logged in. Those, as far as I can tell, by definition run as root.

Then how do you explain all those launchd processes like Apache, MySQL, Bonjour, etc, that run as something other than root?


The "other machine" in question is a Win 2K8 box.


OK. And what's your point? By all accounts, that is a powerful machine that is perfectly capable of backing up itself on its own schedule. If you want to use the Mac as the backup store, configure the Mac to provide those resources when the Windows machine wants. When backing up, it is best to keep the original system's context because it knows those things best. You can encapsulate that on a Mac server using Windows file sharing.


Look, I came here asking a simple question. Ignore my goals. They are clearly irrelevant to you, and if you'd perform the task at hand differently, that's fine. The long and the short of it is that if you try to run mount_smbfs as root in Lion, it will fail with an authentication error. It doesn't matter where the mountpoint is. Try it. Now, come back and give me a good reason why the root user can't or shouldn't be able to use mount_smbfs just like any other user.


I don't know the inner details of Lion's implementation of mount_smbfs. Nor do I care. It works if you use something other than root. Why do you care? Just use something else. What's the big deal? It is an external file system. Your root privileges won't do you any good over there. They will only get you into trouble on the local machine.

Dec 1, 2011 10:01 AM in response to etresoft

I don't know the inner details of Lion's implementation of mount_smbfs. Nor do I care. It works if you use something other than root. Why do you care? Just use something else. What's the big deal? It is an external file system. Your root privileges won't do you any good over there. They will only get you into trouble on the local machine.


Thanks for all of your antagonistic non-help.

Dec 1, 2011 12:14 PM in response to VPAhelp

Well, you need to meet me halfway here. I have asked you numerous questions, and experimented with it to find out what works and what doesn't. What have you provided? Complaints about Apple? Who does that help?


I can mount an SMB share in /Volumes from a non-root account with no problem. I wouldn't do that because that is the Finder's directory. If you mess around in some other process' playground, you are likely to experience strange things at strange times. A process that works fine and then mysteriously fails after an OS upgrade - just to pick one random example.


I would prefer to mount drives in my own locations that I control. I can't do it as root, but I really don't care. I would never, ever use root for something like that. Root is dangerous. Don't use it unless that is the only solution. In this case, it seems to be the only solution that doesn't work. I don't see the insistence on making it work.

Apr 18, 2012 4:31 PM in response to VPAhelp

It seems that etresoft is somewhat right. I, too, was skeptical, as history has always taught us to mount in /Volumes. I, too, was unable to run my old mount_smbfs scripts as root, or any other non-local admin user. Once I created a mount point OUTSIDE of /Volumes, I could them mount_smbfs as anyone, root included.

Apr 18, 2012 4:49 PM in response to jaydisc

jaydisc wrote:


Unfortunately, creating a mount point outside of /Volumes means the mount point isn't cleaned up after unmounting the disk, which seems to leave a lot of room for error and damage to the original files. Still digging for best solution…

if you have the umounting scripted, can't you just script any rmdir commands too? Once the volume is unmounted, cleanly or not, the original files aren't going to be damaged. Ideally, you could use autofs and it would take care of all that.

Apr 18, 2012 5:08 PM in response to etresoft

Two things:


1. I can't seem to recreate being able to mount, even with root now. Not sure what I did before, but I'm unable to replicate.


2. The problem with running an rmdir script is that if it DID NOT unmount successfully, you are now deleting files from the share.


Now, you keep mentioning autofs, but that's for a permanent mount, isn't it? My need is for a transient mount. I want to mount a share, back it up, and UNMOUNT it. Do you feel autofs is appropriate for this? How about an example command if so.

Can't use mount_smbfs as root?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.