Bug#456186: netatalk: permissions for directories created by OSX 10.5 different than with 10.4
Tim Miller Dyck
Version: 2.0.3-4
Severity: important
We use a group id bit set on the parent directory of our Netatalk file
share and a staff group to share files between different users in a
workgroup. With OSX 10.4 (Tiger), directories are created with the
expected permissions. With OSX 10.5 (Panther), directories are missing
group read and write bits.
Permissions on parent directory:
rwxrws--- 41 editor cmstaff 4096 2007-12-13 08:36 .
Examples of child folders created from the two operating systems:
....
drwxrws--- 3 edassist cmstaff 4096 2007-12-13 08:35 from10.4
drwx--S--- 3 editor cmstaff 4096 2007-12-13 08:36 from10.5
....
This issue has been discussed on the netatalk mailing list (see
http://sourceforge.net/mailarchive/forum.php?thread_name=5DC31CD8-CEB3-4C83-887E-1F637DE28400%40joerhodes.com&forum_name=netatalk-admins)
) and there is a patch available that users report fixes this problem
introduced with OS X 10.5.
I'd like to request that the patch be incorporated into the Debian
package as this is a big incompatibility for our 10.5-based users.
Thanks,
Tim Miller Dyck
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-5-k7
Locale: LANG=en_CA.utf8, LC_CTYPE=en_CA.utf8 (charmap=UTF-8)
Versions of packages netatalk depends on:
ii libc6 2.3.6.ds1-13etch2 GNU C Library: Shared libraries
ii libcupsys2 1.2.7-4etch1 Common UNIX Printing System(tm) -
ii libdb4.2 4.2.52+dfsg-2 Berkeley v4.2 Database Libraries [
ii libgssapi4-heimdal 0.7.2.dfsg.1-10 Libraries for Heimdal Kerberos
ii libkrb5-17-heimdal 0.7.2.dfsg.1-10 Libraries for Heimdal Kerberos
ii libpam-modules 0.79-4 Pluggable Authentication Modules f
ii libpam-runtime 0.79-4 Runtime support for the PAM librar
ii libpam0g 0.79-4 Pluggable Authentication Modules l
ii libslp1 1.2.1-6.2 OpenSLP libraries
ii libwrap0 7.6.dbs-13 Wietse Venema's TCP wrappers libra
ii netbase 4.29 Basic TCP/IP networking system
ii perl 5.8.8-7etch1 Larry Wall's Practical Extraction
Versions of packages netatalk recommends:
ii db4.2-util 4.2.52+dfsg-2 Berkeley v4.2 Database Utilities
ii lsof 4.77.dfsg.1-3 List open files
pn rc <none> (no description available)
ii slpd 1.2.1-6.2 OpenSLP Server (slpd)
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Jonas Smedegaard
Hash: SHA1
On Thu, Dec 13, 2007 at 09:11:03AM -0500, Tim Miller Dyck wrote:
>This issue has been discussed on the netatalk mailing list (see
>http://sourceforge.net/mailarchive/forum.php?thread_name=5DC31CD8-CEB3-4C83-887E-1F637DE28400%40joerhodes.com&forum_name=netatalk-admins)
>) and there is a patch available that users report fixes this problem
>introduced with OS X 10.5.
>
>I'd like to request that the patch be incorporated into the Debian
>package as this is a big incompatibility for our 10.5-based users.
Agreed.
I'll have a go at incorporating a snapshot of recent netatalk
development.
Thanks for the detailed explanation of the problem.
- Jonas
- --
Jonas Smedegaard <jo...@jones.dk> http://www.jones.dk/~jonas/
IT-guide dr. Jones <d...@jones.dk> http://dr.jones.dk/ +45 40843136
Debian GNU/Linux <j...@debian.org> http://www.debian.org/
GnuPG(1024D/C02440B8): 9A98 C6EB C098 9ED0 3085 ECA9 9FB0 DB32 C024 40B8
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHYXDUn7DbMsAkQLgRAmTIAJwM6CbmIZ/UCVCE6IWjhEGVmBqMEQCfQSdo
MgLO7/2WeFibpnkwDIDL9hY=
=/3py
-----END PGP SIGNATURE-----
Jonas Smedegaard
Hash: SHA1
On Thu, Dec 13, 2007 at 03:23:22PM -0500, Tim Miller Dyck wrote:
> Thanks Jonas, that would be great! I can test if that would be helpful. We
> are a mixed 10.4 / 10.5 group here.
>
> I'm running an entirely from-stable Etch server (in terms of libraries,
> etc.), plus all current Etch updates, of course.
Please respond to the bugreport address instead of me personally: We
want to keep open about problems, and also the problem solving :-)
I have now made available some experimental packages compiled against
openssl here:
deb http://debian.jones.dk/ etch netatalk
Packages are available for i386 and amd64. I can build for powerpc too
if needed - other archs you need to rebuild yourself.
Please report back if this solves your problems.
Kind regards,
- Jonas
- --
Jonas Smedegaard <jo...@jones.dk> http://www.jones.dk/~jonas/
IT-guide dr. Jones <d...@jones.dk> http://dr.jones.dk/ +45 40843136
Debian GNU/Linux <j...@debian.org> http://www.debian.org/
GnuPG(1024D/C02440B8): 9A98 C6EB C098 9ED0 3085 ECA9 9FB0 DB32 C024 40B8
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHcnT2n7DbMsAkQLgRAp+8AJ9xgwRXPiIhdPSVGWb7kehiV7fOpQCdEMzz
s5Qj2Y/f814xXdWMdCVERV0=
=khKV
Tim Miller Dyck
This was tested from an OSX 10.5.1 and a 10.4.11 client. Permissions
on created folders are now the same for both OSes. Thank you!
Notes:
- The change required was to add "perm:0770 option:upriv" to each
share line in /etc/netatalk/AppleVolumes.default.
- The working options keyword is "option" (singular), which is
different from the documentation in the file itself and in the
AppleVolumes.default man page, both of which say the keyword is
"options".
Regards,
Tim Miller Dyck
Jonas Smedegaard
Hash: SHA1
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
package netatalk
clone 456186 -1
retitle 456186 netatalk: keyword "option" but documented as "options"
thanks
On Wed, Dec 26, 2007 at 05:20:43PM -0500, Tim Miller Dyck wrote:
> I confirm this test build resolved the permissions problem for us. This was
> tested from an OSX 10.5.1 and a 10.4.11 client. Permissions on created
> folders are now the same for both OSes. Thank you!
Well, thank you - for the help with this! :-)
> Notes:
> - The change required was to add "perm:0770 option:upriv" to each share
> line in /etc/netatalk/AppleVolumes.default.
> - The working options keyword is "option" (singular), which is different
> from the documentation in the file itself and in the AppleVolumes.default
> man page, both of which say the keyword is "options".
that's interesting.
I'll preserve this as a separate bug.
(I tried locating the place in the source code to verify the actual name
used, but got lost finding ny way around...)
Oh, and another peculiarity: I discovered yesterday that despite my
promises, the unofficial test binaries I provided was _not_ compiled
against openssl. Some claim that MacOS 10.5.1 does not work at all
without it - but you succeeded anyway. Did you recompile, or are you
willing to reveal your working authentication setup?
Kind regards,
- Jonas
- - --
Jonas Smedegaard <jo...@jones.dk> http://www.jones.dk/~jonas/
IT-guide dr. Jones <d...@jones.dk> http://dr.jones.dk/ +45 40843136
Debian GNU/Linux <j...@debian.org> http://www.debian.org/
GnuPG(1024D/C02440B8): 9A98 C6EB C098 9ED0 3085 ECA9 9FB0 DB32 C024 40B8
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHdh+9n7DbMsAkQLgRAswqAKCNO5qkmpzl2ihgaCcxlS3hMOfWJACeK0mu
MB1rgBZySm2Z3xodIyAMkK4=
=dW+8
- -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHdiBin7DbMsAkQLgRAspLAJ0cublQEPItBlD6w7dSBBnpnHbqUwCaAyVj
H6J35SsEHj+9F1Pm/Gi93Bc=
=Ql7f
-----END PGP SIGNATURE-----
Tim Miller Dyck
special. Certainly no recompilation. Here's the details on what I
installed:
ii netatalk 2.0.3-8~test1 AppleTalk user binaries
-rw-r--r-- 1 root root 718452 2007-12-26 10:42 /var/cache/apt/archives/
netatalk_2.0.3-8~test1_i386.deb
# md5sum /var/cache/apt/archives/netatalk_2.0.3-8~test1_i386.deb
6792e123dcb1ffd26a47547469f4a1db /var/cache/apt/archives/
netatalk_2.0.3-8~test1_i386.deb
I certainly am using encryption:
AFPD_UAMLIST="-U uams_dhx.so"
However, my uams_dhx.so file is back from May:
-rw-r--r-- 1 root root 11492 2007-05-05 20:26 /usr/lib/netatalk/
uams_dhx.so
9d657391828872c73b75485345fe1cfa /usr/lib/netatalk/uams_dhx.so
My guess is that your build of Netatalk is using this older module,
which I did compile myself.
Regards,
Tim
On 29-Dec-07, at 5:24 , Jonas Smedegaard wrote:
>
> Oh, and another peculiarity: I discovered yesterday that despite my
> promises, the unofficial test binaries I provided was _not_ compiled
> against openssl. Some claim that MacOS 10.5.1 does not work at all
> without it - but you succeeded anyway. Did you recompile, or are you
> willing to reveal your working authentication setup?
Tim Miller Dyck
I am puzzled by this. It worked fine and I did not do anything
special. Certainly no recompilation. Here's the details on what I
installed:
ii netatalk 2.0.3-8~test1 AppleTalk user binaries
-rw-r--r-- 1 root root 718452 2007-12-26 10:42 /var/cache/apt/archives/
netatalk_2.0.3-8~test1_i386.deb
# md5sum /var/cache/apt/archives/netatalk_2.0.3-8~test1_i386.deb
6792e123dcb1ffd26a47547469f4a1db /var/cache/apt/archives/
netatalk_2.0.3-8~test1_i386.deb
I certainly am using encryption:
AFPD_UAMLIST="-U uams_dhx.so"
However, my uams_dhx.so file is back from May:
-rw-r--r-- 1 root root 11492 2007-05-05 20:26 /usr/lib/netatalk/
uams_dhx.so
9d657391828872c73b75485345fe1cfa /usr/lib/netatalk/uams_dhx.so
My guess is that your build of Netatalk is using this older module,
which I did compile myself.
Regards,
Tim
On 29-Dec-07, at 5:24 , Jonas Smedegaard wrote:
>
> Oh, and another peculiarity: I discovered yesterday that despite my
> promises, the unofficial test binaries I provided was _not_ compiled
> against openssl. Some claim that MacOS 10.5.1 does not work at all
> without it - but you succeeded anyway. Did you recompile, or are you
> willing to reveal your working authentication setup?
--