automount triggered by some root process with 700 permissions
| Originator: | michalm.mac | ||
| Number: | rdar://25058615 | Date Originated: | 9.3.2016 |
| Status: | Closed | Resolved: | Behaves correctly |
| Product: | OS X | Product Version: | 10.11.3 |
| Classification: | Serious Bug | Reproducible: | Always |
Summary: Hello I have set up automount for my Mac mini media center like this: auto_master: /- auto_plex -nobrowse,hidefromfinder,nosuid auto_plex: /mnt/share1 -fstype=afp afp://user:pass@Konzerva.local:/share1 /mnt/share2 -fstype=afp afp://user:pass@Konzerva.local:/share2 When I reboot computer some root process triggers automount so shares get mounted with 700 permisions: drwx------@ 1 root wheel 364 Mar 7 22:33 share1 drwx------@ 1 root wheel 670 Feb 14 20:41 share2 /mnt is in in Spotlight exceptions (System Preferences -> Spotlight -> Privacy) and it does not help My current solution to this problem is to umount all shares in /mnt directory manually or via script. Next time they are triggered by correct user. Steps to Reproduce: 1. Setup automount as described in description 2. Reboot computer Expected Results: Automount is NOT triggerd by some root process Actual Results: Automount IS triggerd by some root process Version: OS X 10.11.3 OS X 10.10.5 Notes: Problem and workarounds also desribed in this thread https://discussions.apple.com/thread/4927134?tstart=0 Configuration: Attachments:
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!
My comments
Wow. Thank you so much for this detailed explanation. I put it into testing at once. If everything is OK I'll mark this as resolved.
Looks good. Thank you again. This issue has been verified as resolved and can be closed.
Apple Developer Relations
This issue behaves as intended based on the following:
It works as expected and to achieve what you want, you will need to use indirect map.
Add following line into auto_master:
/mnt auto_plex -nobrowse,hidefromfinder,nosuidCreate /etc/auto_plex and add following lines:
share1 -fstype=afp afp://user:pass@Konzerva.local:/share1 share2 -fstype=afp afp://user:pass@Konzerva.local:/share2Reboot a machine.Here is the experement that show how it works with following setup:
bash-3.2$ cat /etc/auto_masterAutomounter master map
+auto_master # Use directory service /net -hosts -nobrowse,hidefromfinder,nosuid /home auto_home -nobrowse,hidefromfinder /Network/Servers -fstab /- auto_direct_afp -nobrowse,hidefromfinder,nosuid /mnt1 auto_indirect_afp -nobrowse,hidefromfinder,nosuid bash-3.2$ cat /etc/auto_direct_afp /mnt/share1 -fstype=afp afp://autmount-test:test@storax.local:/afps /mnt/share2 -fstype=afp afp://autmount-test:test@storax.local:/afps bash-3.2$ cat /etc/auto_indirect_afp share1 -fstype=afp afp://autmount-test:test@storax.local:/afps share2 -fstype=afp afp://autmount-test:test@storax.local:/afps bash-3.2$
This is just after reboot: bash-3.2$ id uid=501(autmount-test) gid=20(staff) groups=20(staff),12(everyone) bash-3.2$ mylocal$ mount /dev/disk0s2 on / (hfs, local, journaled) devfs on /dev (devfs, local, nobrowse) /dev/disk0s4 on /Volumes/test (hfs, local, journaled) /dev/disk0s7 on /Volumes/data (hfs, local, journaled) map -hosts on /net (autofs, nosuid, automounted, nobrowse) map auto_home on /home (autofs, automounted, nobrowse) map -fstab on /Network/Servers (autofs, automounted, nobrowse) map auto_direct_afp on /mnt/share1 (autofs, nosuid, automounted, nobrowse) map auto_direct_afp on /mnt/share2 (autofs, nosuid, automounted, nobrowse) map auto_indirect_afp on /mnt1 (autofs, nosuid, automounted, nobrowse) <————————————— NOTE: only top level trigger gets planted. //autmount-test@storax.local/afps on /mnt/share1 (afpfs, nodev, nosuid, automounted, nobrowse) <—— This is mounted as expected by root //autmount-test@storax.local/afps on /mnt/share2 (afpfs, nodev, nosuid, automounted, nobrowse) bash-3.2$ cd /mnt1/share bash-3.2$ cd .. bash-3.2$ ls -ald share1 dr-x------ 1 autmount-test wheel 264 May 17 13:59 share1 bash-3.2$ mount /dev/disk0s2 on / (hfs, local, journaled) devfs on /dev (devfs, local, nobrowse) /dev/disk0s4 on /Volumes/test (hfs, local, journaled) /dev/disk0s7 on /Volumes/data (hfs, local, journaled) map -hosts on /net (autofs, nosuid, automounted, nobrowse) map auto_home on /home (autofs, automounted, nobrowse) map -fstab on /Network/Servers (autofs, automounted, nobrowse) map auto_direct_afp on /mnt/share1 (autofs, nosuid, automounted, nobrowse) map auto_direct_afp on /mnt/share2 (autofs, nosuid, automounted, nobrowse) map auto_indirect_afp on /mnt1 (autofs, nosuid, automounted, nobrowse) //autmount-test@localhost.local/afps on /mnt/share1 (afpfs, nodev, nosuid, automounted, nobrowse) //autmount-test@localhost.local/afps on /mnt/share2 (afpfs, nodev, nosuid, automounted, nobrowse) //autmount-test@localhost.local/afps on /mnt1/share1 (afpfs, nodev, nosuid, automounted, nobrowse, mounted by autmount-test) <—— NOTE: now you have a mount done by a user, and it’s mounted with accessible permissions. bash-3.2$
Please update your bug report to let us know if this is still an issue for you.