Previous 1 2 Next 18 Replies Latest reply: Jul 10, 2013 7:52 AM by webdevii
Chazz Layne Level 1 Level 1 (0 points)

First, an open letter to Apple:

 

Dear (cr)Apple,

 

Your own support technicians have acknowledged that there is a serious bug in Lion Server that causes permissions to become corrupted, which has been present since the initial release of 10.7. Despite doing my due diligence in applying updates as they are released, this problem still strikes randomly and without warning, bringing our company's production to a halt every time. Per your own technicians admission there is currently no way to prevent the corruption from happening, making our server little more than a ticking timebomb with an unpredictable fuse. The best any of your staff have been able to offer is advising me to reset all permissions on all files and directories back to default, remove all shares, and delete all users and groups, then reboot and set them all back up. This is downright absurd! As if that wasn't bad enough, this "fix" only works part of the time. When it doesn't work, your staff advises me to wipe the server completely and start over from scratch. Seriously?

 

I suppose you can't expect much more than that when you pay $50 for a "server". Any idea when you are going to get your proverbial poop together and fix your critically flawed product?

 

 

 

And now a few questions for the Support Community:

 

So has anyone managed to find a workaround for Apple's auto-corrupt "feature" they've added to file system permissions and sharing?

 

What about the part where you have to add a user/group two-to-ten times before it will finally stick in the Sharing & Permissions list? And the part where when it finally does stick, you have to change the Privilege to what you want another two-to-ten times before that will finally stick?

 

I'm almost afraid to ask, but is there a way to get Server.app > Storage and Finder > (shared item) > Get Info > Sharing & Permissions to agree so I don't have to set them both up separately, twice, to keep from immediately getting corrupted permissions?

 

Of course, I could always use terminal, but then I could have just bought a PC and installled Ubuntu Server...

 

 

 

The Backstory (for those who feel like an amusing read):

 

Originally, I had our shiny new Lion Mini server set up as an Open Directory box to manage our users and groups as well as our various file shares. This resulted in the above summarized problem occurring within a matter of hours. After quite literally days spent on the phone with Apple Support, and involvement by several different technicians and supervisors, the consensus was that I needed to format the drive and re-install from scratch. At the time I didn't think much of it since it was a brand new Mini server with a brand new OS (we were one of the first to try out Lion Server), and I hadn't done too much work getting it set up yet -- so I followed the advise and all appeared well... for about a day.

 

Then it happened again. More hours, technicians, supervisors and another format/reinstall went by, this time with the added advice that I forgo our plans to have an Open Directory server and just use the built-in users/groups. Since we're a smallish company, I again acquiesced and (re)built the server, from scratch, again, following Apple Support's recommendation to the letter. This appeared to work great, so over the course of several months we slowly moved terabytes of data from all of our workstations onto the server and began enjoying the extra productivity having a central repository afforded us.

 

Naturally, it happened again right after I finally got everything set up (files and shares that is, I had lost interest in iCal, iChat and AB server by this time). Fortuantely I was already running backups so it was a quick (hours instead of days) matter to rebuild the server, again.

 

Thank goodness they didn't screw up Time Machine.

 

So here I am again with a growing list of users that can't do their jobs because they can't open their files and/or can't save their files. This has all worked fine for about a month, and nothing has changed during that time. The server just decided on it's own that it will ignore all the permissions that have been laid down.

 

I suppose, in truth, real Lions do indeed act this way in the wild...



Mac Mini Server, Mac OS X (10.7.2), Lion Server
  • Mark23 Level 3 Level 3 (975 points)

    Thanks for sharing, I enjoyed reading your story.

     

    I bought a Mac Mini Server with Lion pre-installed. It worked the way it was supposed to for about about 10 minutes and than it decided it was done for today. Looking for answers to the behaviour of the Mac Mini Server I ended up here. After having read your story, my answer to the crapy engineering on Apple's part is that I'll let the Mac be returned and the payment be reimbursed.

     

    Lion Server was released way too early in my humble opinion.

  • 2rodee Level 1 Level 1 (15 points)

    You are not the lone ranger in this Lion fiasco Chazz...  Sorry to say.

  • Mark23 Level 3 Level 3 (975 points)

    I fixed all my problems by making sure my DNS was solid and resetting Apache.

    The following articles were used:

     

    http://labs.hoffmanlabs.com/node/1436

    https://discussions.apple.com/thread/3212286?start=0&tstart=0

     

    Solid DNS appearantly is the foundation on which everything falls back in OS X Server.

     

    Hope this helps anyone...

     

    Mark

     

    p.s. The Mac Mini Server is NOT going back. 10.7.3 is also close to release, so I'm confident that it'll all work out for the better.

  • Chazz Layne Level 1 Level 1 (0 points)

    Thanks for the input Mark. Did DNS actually help prevent the corruption of user permissions? I've been avoiding both DNS and DHCP on the Lion server because of the gigantic mess it caused last time (the original plan was for it to act like a Windows Domain Controller, only for a network of Macs).

     

    This issue has become so bad that we're abandoning all the additional functionality this "server" was supposed to provide, and sticking to just file sharing and FileMaker (neither of which work right now, because the permissions won't hold).

  • Mark23 Level 3 Level 3 (975 points)

    Hi Chazz,

     

    My DHCP isn't handled by the OS X Lion Server either, but the DNS should be the way the first link describes, just read it from Step-by-Step onwards.

     

    The only thing I did outside the zones tab in Server Admin involved adding Google's DNS servers (8.8.8.8 and 8.8.4.4) and my router to forwarder IP Adresses.

     

    Then as per Hoffman's directions for testing I entered the (DNS) server's IP as the only DNS server within Network preferences at my administration computer.

     

    Clearly Apple has a lot to do before Mr. Hoffman get's out of work...

     

    Another helpful resuorce turned out to be http://help.apple.com/advancedserveradmin/mac/10.7/

     

    HTH

  • Mark23 Level 3 Level 3 (975 points)

    Hi all,

     

    It turned out that my mail server didn't work the way it should, corrupted files, etc -- all because I tried too many options to fix what essentially wasn't even broken, I just had to fix DNS.

     

    Running a 10.7.2 combo update didn't fix anything for me, nor did fixing permissions through Disk Utility.

     

    DNS should be set the correct way both internally (local network), and if you have it, with a domain name hosting provider. If Lion Server can not find a DNS server on the same subnet as the lion server installation, it sets up the DNS service on Lion Server at install-time

     

    If you want to be reachable from the outside, make sure the router has all corresponding ports open (port forwarding) at your router and that your external DNS is ok (at Godaddy for example). Set one A-record (e.g. server.example.com) and CNAME records for all others (e.g. mail.example.com) if you want to point them to the same machine.

     

    Ports that need to be open for a service to work:

    http://help.apple.com/advancedserveradmin/mac/10.7/#apdCA9A73CE-5F0C-4BDC-93E8-2 952C362FA3E

     

     

    MAKE BACKUPS OF ALL IMPORTANT DATA BEFORE PROCEEDING

     

    After doing all this work, I rebooted and held the alt-key while booting physically on the server (I hooked it up on a monitor, keyboard and mouse), after which I could choose the Recovery partition to boot from. Within recovery I chose Disk Utility, selected the partition, clicked the erase tab and erased the partition.

     

    Then I quit Disk Utility, came back to the previous screen, there I chose to re-install Lion. Since this is a Mac Mini Server (as purchased from the Online Store) it bypasses the App Store completely and just reinstalls Lion Server.

     

    Because my DNS is now in a far better condition than it was before (I dare not say that it is good just yet ) installing Lion also configured all services in the correct manner.

     

    From being in the verge of quiting on Lion Server, to the best feeling in the world because everything now works all thanks to a solid DNS, I didn't think that DNS would be such a big issue

     

    Hope this helps!

  • Chazz Layne Level 1 Level 1 (0 points)

    Ugh... starting on this today. Fortunately, the terabytes of shared files are on an external firewire array. All I have to do is rebuild the server from scratch. Again.

  • Mark23 Level 3 Level 3 (975 points)

    That is very fortunate indeed

  • Chazz Layne Level 1 Level 1 (0 points)

    Permissions have been applying and removing themselves at random all day. Over a matter of seconds I could command-I, command-W, command-I and watch them change around... craziness.

     

    I did make some progress though: I finally have control over the DNS again (I couldn't get into it before with Server Admin due to an "unknown" error). This required completely wiping out the config(s) for it via terminal, fairly simple to do after a quick refresher courtesy of http://www.johnkitzmiller.com/blog/2011/9/28/how-to-start-fresh-with-dns-in-os-x -server-v-107-lion.html.

     

    With access to DNS once more, I've completed a Hoff-style setup of the system. I'll begin stripping and reapplying permissions tomorrow.

  • Chazz Layne Level 1 Level 1 (0 points)

    Permissions finally seem to be holding, and for the first time I can open our FileMaker database without a permissions issue.

     

    It still takes several, dozens, or even hundreds of times to get a user/group to stick in the permissions list, and about the same to get their permissions level to change, but at least now when it finally does stick it stays put.

     

    Thanks Mark!

  • Mark23 Level 3 Level 3 (975 points)

    It is good to hear that (a part of) your problems are finally solved, as were mine

     

    Are the problems you are still having FileMaker-related?

  • Chazz Layne Level 1 Level 1 (0 points)

    Nope, they're all still Lion-related.

     

    FileMaker simply wouldn't let us edit the database due to write errors. Now that the permissions are straight it works fine (except IWP, but I haven't tackled the Apache fixes linked above just yet).

  • Mark23 Level 3 Level 3 (975 points)

    wrong article...

  • Chazz Layne Level 1 Level 1 (0 points)

    Yep, a heart-of-Unix is about the only thing saving this "server" from a one-way ticket back to Apple.

     

     

    Liberal use of chmod -R -N, followed by new permissions from scratch has things pretty much normalized now.

Previous 1 2 Next