OS X 10.9: Connecting to SMB share point can damage permissions on server side

Showing 1-37 of 37 messages
OS X 10.9: Connecting to SMB share point can damage permissions on server side Florent B. 10/23/13 4:46 AM
We're testing OS X 10.9 and SMBv2 with our NetApp storage. Our NetApp is connected to an Active Directory domain and all sharepoints use Users and Groups from the Active Directory.

When a client computer (that was bound to the AD) connects through the Finder to our NetApp it's possible to see the effective permission with correct Active Directory groups from the Information window (new in 10.9).

But when clicking or editing permission from the Finder the permission (without unloking, just clicking "custom") , the server side was edited with wrong information that correspond to nothing. Sometimes it changes groups or users with blank permission.

I can reproduce this problem with NetApp shares AND shared folders on Windows 2008 R2. This is a really dangerous bug in my opinion, because users can damage permissions without knowledge.

I opened a radar that was updated immediately by Apple, but I've no news for a few days.

Screenshots :
http://www.adminsys.ch/temp/01.jpg -> before "the click" on "Custom" on client side
http://www.adminsys.ch/temp/02.jpg -> shows the problem after the click on client side
http://www.adminsys.ch/temp/03.jpg -> shows the problem on the server side after the click

Someone can reproduce the problem ?

-Florent B.

_____________________________________________________
MacEnterprise, Inc
http://www.macenterprise.org

Subscription Options and Archives
http://lists.psu.edu/archives/macenterprise.html
Re: OS X 10.9: Connecting to SMB share point can damage permissions on server side John Slaughter 10/23/13 5:09 AM
I have a similar environment and will be testing this momentarily.


Sent from my iPhone
Re: OS X 10.9: Connecting to SMB share point can damage permissions on server side Andreas S. 10/23/13 5:45 AM
Hello,

I could reproduce the exact same behavior for a share folder on Windows 2008 R2 folder.
This is pretty scary, as I did not need local admin access to change this.

Andreas
Re: OS X 10.9: Connecting to SMB share point can damage permissions on server side Florent B. 10/23/13 6:12 AM
> I could reproduce the exact same behavior for a share folder on Windows 2008 R2 folder.
> This is pretty scary, as I did not need local admin access to change this.

It's really amazing, it's like a bug in the Apple side and/or in the SMB protocol. I don't understand how it's possible that the server changes the permissions without rights on the share, a read access is enough to crash a server.
Re: OS X 10.9: Connecting to SMB share point can damage permissions on server side Michael Weiner 10/23/13 6:17 AM
I am wondering if this is at all specific to NetApp (doubtful) or the SMBv2
protocol (more likely). We got rid of our NetApp 3020c a year ago in favor
of an EMC/Isilon product and do a lot of SMB shares for the MAC environment.

Michael
--
"A patriot must always be ready to defend his country against his
government." E. Abbey
Re: OS X 10.9: Connecting to SMB share point can damage permissions on server side John Slaughter 10/23/13 6:30 AM
I confirmed this using both the SMB:// prefix (SMB 2.x) and the CIFS:// prefix which Apple claims will default to SMB 1.x.  Both caused the permissions to become damaged, but only on systems that were AD bound.

So my guess is it's an AD bug, not specific to SMB 2.0.


-----------------------------
John Slaughter
Sr. IT Professional
Engineering & Science Computing
University of Notre Dame
574-631-2236

On Oct 23, 2013, at 9:17 AM, Michael Weiner <hun...@USERFRIENDLY.NET<mailto:hun...@USERFRIENDLY.NET>> wrote:

I am wondering if this is at all specific to NetApp (doubtful) or the SMBv2
protocol (more likely). We got rid of our NetApp 3020c a year ago in favor
of an EMC/Isilon product and do a lot of SMB shares for the MAC environment.

Michael


Re: OS X 10.9: Connecting to SMB share point can damage permissions on server side Ludovic Jacob 10/23/13 7:00 AM
I have the same problem that I resolve to remove in the keychain old password of session and reconnect, After all ACL was ok. And on Win Server 2012 (not R2) on ESXi 5.1, the speed transfer on 10.9 is now Write x2 and Read x3 (almost like an old Xserve with AFP)

I just use smb://srv..... not CIFS://

�����������������������������������������
Ludovic Jacob
Administrateur Informatique
�����������������������������������������

Grand Th��tre de Gen�ve
Bd du Th��tre 11
Case postale 5126
CH - 1211 Gen�ve 11
T�l. +41 (0)22 322 50 00
Helpdesk : +41 (0)22 322 51 94

Le 23 oct. 2013 � 15:30, John Slaughter <John.Sla...@ND.EDU> a �crit :
Re: OS X 10.9: Connecting to SMB share point can damage permissions on server side Hester, J. David (NIH/CIT) [C] 10/23/13 7:26 AM
Wait. Can you clarify? Removing an old PW fixes what?

Sent from my iPhone
Re: OS X 10.9: Connecting to SMB share point can damage permissions on server side Ludovic Jacob 10/23/13 7:32 AM
In my keychain Access, I remove all items with name SRV-FS....

Le 23 oct. 2013 � 16:26, Hester, J. David (NIH/CIT) [C] <JDavid...@NIH.GOV> a �crit :
Re: OS X 10.9: Connecting to SMB share point can damage permissions on server side Palmer, Shane D [ITSYS] 10/23/13 8:14 AM
We are using an EMC Celerra and I am seeing similar issues.  The behavior
is slightly different.  In our case instead of seeing what Florent saw in
02.jpg I am seeing that the entry doesn't disappear, but the permissions
for the entry change to "No Priveleges Info".

If I look at the permissions afterward from a Windows PC, I first get an
error "The permissions on TEST FOLDER are incorrectly ordered, which may
cause some entries to be ineffective."  I then see exactly the same
results as Florent in 03.jpg.

Shane

Shane Palmer
Information Technology Services
Iowa State University
Re: OS X 10.9: Connecting to SMB share point can damage permissions on server side John Slaughter 10/23/13 8:28 AM
That's the error I get.   Incorrectly ordered.


-----------------------------
John Slaughter
Sr. IT Professional
Engineering & Science Computing
University of Notre Dame
574-631-2236

On Oct 23, 2013, at 11:14 AM, "Palmer, Shane D [ITSYS]" <sdpa...@IASTATE.EDU<mailto:sdpalmer@IASTATE.EDU>> wrote:

We are using an EMC Celerra and I am seeing similar issues.  The behavior
is slightly different.  In our case instead of seeing what Florent saw in
02.jpg I am seeing that the entry doesn't disappear, but the permissions
for the entry change to "No Priveleges Info".

If I look at the permissions afterward from a Windows PC, I first get an
error "The permissions on TEST FOLDER are incorrectly ordered, which may
cause some entries to be ineffective."  I then see exactly the same
results as Florent in 03.jpg.

Shane

Shane Palmer
Information Technology Services
Iowa State University






On 10/23/13 8:17 AM, "Michael Weiner" <hun...@USERFRIENDLY.NET<mailto:hun...@USERFRIENDLY.NET>> wrote:

I am wondering if this is at all specific to NetApp (doubtful) or the
SMBv2
protocol (more likely). We got rid of our NetApp 3020c a year ago in favor
of an EMC/Isilon product and do a lot of SMB shares for the MAC
environment.

Michael


Re: OS X 10.9: Connecting to SMB share point can damage permissions on server side Michael Weiner 10/25/13 3:52 AM
Shane/John -

Any further information on these errors? Have you found a work around or
heard from Apple regarding a planned fix?

Regards
Michael


On Wed, Oct 23, 2013 at 11:28 AM, John Slaughter <John.Sla...@nd.edu>wrote:
OS X 10.9: Connecting to SMB share point can damage permissions on server side Alex Widner 10/25/13 4:13 PM
I am seeing a similar issue:

On our AD bound Macs when I try to edit the permissions of a file or folder on an SMB share (a share that I own) it actually just deletes the file completely. 

We are running Windows Server 2008 R2 & NetApp for our SMB shares. 

Thanks,

Alex

_____________________________________________________
MacEnterprise, Inc
http://www.macenterprise.org

Subscription Options and Archives
http://lists.psu.edu/archives/macenterprise.html

Re: OS X 10.9: Connecting to SMB share point can damage permissions on server side Hester, J. David (NIH/CIT) [C] 10/28/13 9:32 AM
Does it delete,
or just change the permissions to "hide" it?
-J David Hester, PhD
Contractor, LCG Systems
itwiki.nih.gov
byod.nih.gov
nihawconsolev.nih.gov
EMIB
NIMH
NIDCD
Re: OS X 10.9: Connecting to SMB share point can damage permissions on server side Alex Widner 10/28/13 11:21 AM
It deletes the file entirely. When I show hidden files on the Mac side it's not there.

I also ran this from the windows side:

C:>dir directory_path /A:H /B

Still nothing there.
Re: OS X 10.9: Connecting to SMB share point can damage permissions on server side Tony Skalski 10/28/13 11:33 AM
>C:>dir directory_path /A:H /B

I am not sure the above will show the file. The file is not hidden by the
'Hidden' attribute, but rather by a munged set of access control entries
that the client/server(?) has trouble deciphering.

I have recreated this issue here; the file is not visible from Macs, but I
have always been able to see it in Windows Explorer.

ajs
--
Tony Skalski
Systems Administrator
a...@stolaf.edu
507-786-3227
St. Olaf College
Information Technology
1510 St. Olaf Avenue
Northfield, MN    55057-1097
Re: OS X 10.9: Connecting to SMB share point can damage permissions on server side Taylor Price 10/28/13 11:37 AM
I don't see this happening on our shares, but we have a different setup. We
are using samba on Ubuntu LTS 12.04 as the server with openLDAP as the
authentication mechanism. Looks like the issue may be related to the smb2
implementation?

--
Taylor Price

OneHealth Solutions, Inc.
420 Stevens Avenue, Suite 200
Solana Beach, CA 92075
(858) 947-6333 x302
Re: OS X 10.9: Connecting to SMB share point can damage permissions on server side John Slaughter 10/28/13 11:42 AM
I believe it's related to Active Directory permissions.  Only AD-bound Macs cause it, and only on Windows Server-based SMB shares.



-----------------------------
John Slaughter
Sr. IT Professional
Engineering & Science Computing
University of Notre Dame
574-631-2236

On Oct 28, 2013, at 2:37 PM, Taylor Price <tpr...@ONEHEALTH.COM<mailto:tprice@ONEHEALTH.COM>> wrote:

I don't see this happening on our shares, but we have a different setup. We
are using samba on Ubuntu LTS 12.04 as the server with openLDAP as the
authentication mechanism. Looks like the issue may be related to the smb2
implementation?

--
Taylor Price

OneHealth Solutions, Inc.
420 Stevens Avenue, Suite 200
Solana Beach, CA 92075
(858) 947-6333 x302


Re: OS X 10.9: Connecting to SMB share point can damage permissions on server side Tony Skalski 10/28/13 12:11 PM
>and only on Windows Server-based SMB shares.

We (and others) are seeing this with NetApp shares too.

ajs


On Mon, Oct 28, 2013 at 1:42 PM, John Slaughter <John.Sla...@nd.edu>wrote:

> I believe it's related to Active Directory permissions.  Only AD-bound
> Macs cause it, and only on Windows Server-based SMB shares.
>
>
>
> -----------------------------
> John Slaughter
> Sr. IT Professional
> Engineering & Science Computing
> University of Notre Dame
> 574-631-2236
>
> On Oct 28, 2013, at 2:37 PM, Taylor Price <tpr...@ONEHEALTH.COM<mailto:
> tpr...@ONEHEALTH.COM>> wrote:
>
> I don't see this happening on our shares, but we have a different setup. We
> are using samba on Ubuntu LTS 12.04 as the server with openLDAP as the
> authentication mechanism. Looks like the issue may be related to the smb2
> implementation?
>
> --
> Taylor Price
>
> OneHealth Solutions, Inc.
> 420 Stevens Avenue, Suite 200
> Solana Beach, CA 92075
> (858) 947-6333 x302
>
>
> On Mon, Oct 28, 2013 at 11:21 AM, Alex Widner <awi...@icloud.com<mailto:
> awi...@icloud.com>> wrote:
>
> It deletes the file entirely. When I show hidden files on the Mac side
> it's not there.
>
> I also ran this from the windows side:
>
> C:>dir directory_path /A:H /B
>
> Still nothing there.
>
> _____________________________________________________
> MacEnterprise, Inc
> http://www.macenterprise.org
>
> Subscription Options and Archives
> http://lists.psu.edu/archives/macenterprise.html
>
>
> _____________________________________________________
> MacEnterprise, Inc
> http://www.macenterprise.org
>
> Subscription Options and Archives
> http://lists.psu.edu/archives/macenterprise.html
>
>
> _____________________________________________________
> MacEnterprise, Inc
> http://www.macenterprise.org
>
> Subscription Options and Archives
> http://lists.psu.edu/archives/macenterprise.html
>



--
Tony Skalski
Systems Administrator
a...@stolaf.edu
507-786-3227
St. Olaf College
Information Technology
1510 St. Olaf Avenue
Northfield, MN    55057-1097

Re: OS X 10.9: Connecting to SMB share point can damage permissions on server side John Slaughter 10/28/13 12:15 PM
Yes, but doesn't NetApp use Windows file permissions?


-----------------------------
John Slaughter
Sr. IT Professional
Engineering & Science Computing
University of Notre Dame
574-631-2236

On Oct 28, 2013, at 3:11 PM, Tony Skalski <a...@STOLAF.EDU<mailto:a...@STOLAF.EDU>> wrote:

and only on Windows Server-based SMB shares.

We (and others) are seeing this with NetApp shares too.

ajs


On Mon, Oct 28, 2013 at 1:42 PM, John Slaughter <John.Sla...@nd.edu<mailto:John.Sla...@nd.edu>>wrote:

I believe it's related to Active Directory permissions.  Only AD-bound
Macs cause it, and only on Windows Server-based SMB shares.



-----------------------------
John Slaughter
Sr. IT Professional
Engineering & Science Computing
University of Notre Dame
574-631-2236

On Oct 28, 2013, at 2:37 PM, Taylor Price <tpr...@ONEHEALTH.COM<mailto:tprice@ONEHEALTH.COM><mailto:
tpr...@ONEHEALTH.COM<mailto:tprice@ONEHEALTH.COM>>> wrote:

I don't see this happening on our shares, but we have a different setup. We
are using samba on Ubuntu LTS 12.04 as the server with openLDAP as the
authentication mechanism. Looks like the issue may be related to the smb2
implementation?

--
Taylor Price

OneHealth Solutions, Inc.
420 Stevens Avenue, Suite 200
Solana Beach, CA 92075
(858) 947-6333 x302


a...@stolaf.edu<mailto:a...@stolaf.edu>
507-786-3227
St. Olaf College
Information Technology
1510 St. Olaf Avenue
Northfield, MN    55057-1097

_____________________________________________________
MacEnterprise, Inc
http://www.macenterprise.org

Subscription Options and Archives
http://lists.psu.edu/archives/macenterprise.html


Re: OS X 10.9: Connecting to SMB share point can damage permissions on server side Tony Skalski 10/28/13 12:26 PM
Yep. I read "Windows Server-based SMB shares" as a share on a Windows
server.

ajs


On Mon, Oct 28, 2013 at 2:15 PM, John Slaughter <John.Sla...@nd.edu>wrote:

> Yes, but doesn't NetApp use Windows file permissions?
>
>
> -----------------------------
> John Slaughter
> Sr. IT Professional
> Engineering & Science Computing
> University of Notre Dame
> 574-631-2236
>
> On Oct 28, 2013, at 3:11 PM, Tony Skalski <a...@STOLAF.EDU<mailto:
> a...@STOLAF.EDU>> wrote:
>
> and only on Windows Server-based SMB shares.
>
> We (and others) are seeing this with NetApp shares too.
>
> ajs
>
>
> On Mon, Oct 28, 2013 at 1:42 PM, John Slaughter <John.Sla...@nd.edu
> <mailto:John.Sla...@nd.edu>>wrote:
>
> I believe it's related to Active Directory permissions.  Only AD-bound
> Macs cause it, and only on Windows Server-based SMB shares.
>
>
>
> -----------------------------
> John Slaughter
> Sr. IT Professional
> Engineering & Science Computing
> University of Notre Dame
> 574-631-2236
>
> On Oct 28, 2013, at 2:37 PM, Taylor Price <tpr...@ONEHEALTH.COM<mailto:
> tpr...@ONEHEALTH.COM><mailto:
> tpr...@ONEHEALTH.COM<mailto:tprice@ONEHEALTH.COM>>> wrote:
>
> I don't see this happening on our shares, but we have a different setup. We
> are using samba on Ubuntu LTS 12.04 as the server with openLDAP as the
> authentication mechanism. Looks like the issue may be related to the smb2
> implementation?
>
> --
> Taylor Price
>
> OneHealth Solutions, Inc.
> 420 Stevens Avenue, Suite 200
> Solana Beach, CA 92075
> (858) 947-6333 x302
>
>
> On Mon, Oct 28, 2013 at 11:21 AM, Alex Widner <awi...@icloud.com<mailto:
> awi...@icloud.com><mailto:
Re: OS X 10.9: Connecting to SMB share point can damage permissions on server side Alex Widner 10/28/13 4:12 PM
The files are not visible from Windows Explorer when tested. They are completely gone from what I can tell.  
Re: OS X 10.9: Connecting to SMB share point can damage permissions on server side Bart Reardon 10/28/13 4:20 PM
I’m having issues with DFS shares in 10.9. Maybe not related directly but apparently the SMB2 stack in Mavericks is a new Apple developed implementation with bugs.

There’s some instructions here on how to force 10.9 to use the nonApple SMB1 instead. Note that there will be performance degradation but compared to the alternative it is netter than no access

http://cammodude.blogspot.com.au/2013/10/os-x-109-mavericks-workaround-for-smb.html

Bart

_
Re: OS X 10.9: Connecting to SMB share point can damage permissions on server side Frank Saccomandi 11/5/13 3:06 PM
I have tested this with apple�s built in active directory plugin and
centrifydc and I can report that the issue is present in both cases.  I
have also discovered that if you connect with smb1 vs smb2 the client side
behavior is slightly different however the end result is a corrupt ACL on
the windows server.

When I connect with SMB2 and get info on a file or folder on a windows
share and attempt to manipulate permissions it will give me a permission
denied error and then clear all of the users and groups from the
permissions list.  When I verify the ACL on windows it will be cleared as
well.  When connecting with SMB1 the permissions list on the client will
not clear however the same access denied error occurs and the windows ACL
will have a corrupt entry.

I really hope that apple is working on a solution to this as it is likely
going to affect a great number of enterprise customers.

Have any of you found a workaround at this point?

Frank Saccomandi IV
Systems Engineer | Acadian Asset Management, LLC
260 Franklin St | Boston, MA 02110 | Office: 617-850-3371 | Fax:
617-850-3471
This e-Mail and any attachments contain privileged and confidential information of Acadian and may be accessed and read only by the intended recipients. Any further distribution or reproduction of this material by recipients, or use for any purpose not authorized by Acadian, is strictly prohibited. If you are not the intended recipient and this e-mail and attachments have been sent or passed on to you in error, please destroy the same and contact us immediately. Confidentiality and privilege are not lost by this transmission having been sent or passed on to you in error. Acadian is not liable for any damage that may be caused by viruses or transmission errors.

Acadian Asset Management LLC is registered as an investment adviser with the U.S. Securities and Exchange Commission. Registered Office: 260 Franklin Street, Boston, Massachusetts 02110. Acadian Asset Management (UK) Limited is a private limited company incorporated in England, number 05644066, and is authorised and regulated by the Financial Conduct Authority of the United Kingdom. Registered office: 36-38 Cornhill, London, EC3V3ND, United Kingdom. Acadian Asset Management (Singapore) Pte Ltd. (Registration Number: 199902125D) is a private company limited by shares organized under Singapore law and is authorized by the Monetary Authority of Singapore. Registered office: 8 Shenton Way, #37-02,  Singapore 068811.


[AAM_2010_v1.3]
Re: OS X 10.9: Connecting to SMB share point can damage permissions on server side Franson, Chris 11/6/13 4:37 AM
On Nov 5, 2013, at 18:06, Frank Saccomandi <fsacc...@ACADIAN-ASSET.COM> wrote:
>
> I really hope that apple is working on a solution to this as it is likely
> going to affect a great number of enterprise customers.

Frank,
Don�t just hope; report the bug.
-Chris
Re: OS X 10.9: Connecting to SMB share point can damage permissions on server side Florent B. 11/6/13 4:42 AM
I reported the bug at the stage of DP and I've only got one reply from Apple. I updated the case many times without news. It's incredible how this company is not reliable for businesses.

Someone has got more information from Apple ?

-Florent B.

On 6 nov. 2013, at 13:37, Franson, Chris <c.fr...@NEU.EDU> wrote:
>>
>> I really hope that apple is working on a solution to this as it is likely
>> going to affect a great number of enterprise customers.
>
> Frank,
> Don�t just hope; report the bug.
> -Chris

_____________________________________________________
MacEnterprise, Inc
http://www.macenterprise.org

Subscription Options and Archives
http://lists.psu.edu/archives/macenterprise.html
Re: OS X 10.9: Connecting to SMB share point can damage permissions on server side Michael Weiner 11/6/13 5:30 AM
We found this not to be an issue in our environment as we have been using
special NTFS ACLs as follows:

   -
      - The *permissions* we use involve denying "Take Ownership" and
      "Change Permission" rights
      - By using deny we get a minor issue with folders receiving a
      permission inheritance that is "in the wrong order"
      - This error will only appear to users running Windows Vista or later
      who right click a folder, select properties, and then click the Security
      tab.
      - If the user follows the prompts to repair the *permissions* they
      will receive a "Access Denied" error as they should.
      - The *permissions* do work as intended so this error is something to
      be aware of but don't worry about it.



On Wed, Nov 6, 2013 at 7:42 AM, Florent B. <flor...@adminsys.ch> wrote:

> I reported the bug at the stage of DP and I've only got one reply from
> Apple. I updated the case many times without news. It's incredible how this
> company is not reliable for businesses.
>
> Someone has got more information from Apple ?
>
> -Florent B.
>
> On 6 nov. 2013, at 13:37, Franson, Chris <c.fr...@NEU.EDU> wrote:
> >>
> >> I really hope that apple is working on a solution to this as it is
> likely
> >> going to affect a great number of enterprise customers.
> >
> > Frank,
> > Don’t just hope; report the bug.
> > -Chris
>
> _____________________________________________________
> MacEnterprise, Inc
> http://www.macenterprise.org
>
> Subscription Options and Archives
> http://lists.psu.edu/archives/macenterprise.html
>



--
"A patriot must always be ready to defend his country against his
government." E. Abbey
Re: OS X 10.9: Connecting to SMB share point can damage permissions on server side Tony Skalski 11/6/13 7:29 AM
I found some folks with a similar issue who corrected it by changing the
share permissions from Everyone = Full Access to Everyone = Modify. I
tested this on a test share here and it seemed to do the trick.

With share permissions set to Everyone = Modify, I could click on a
permission in Sharing & Permissions and *try* to change it, but the change
would not stick. (This is desirable here.)

With share permissions set to Everyone = Full Control, when I click on a
permission the file disappears as noted earlier, and OS X munges the
permissions (I have seen permissions "improperly ordered" and I have seen
OS X add a Deny entry for SID S-1-5-88-3-33126 or SID S-1-5-88-3-420 -
which fwiw, are related to setting the mode of the file in Microsoft's
Services for Unix).

Our (production) share permissions are set to Everyone = Full Access (we
also use Access Based Enumeration), and I won't be changing those without
more testing, but I am concerned that there may be other use cases where
this problem will appear, such as copying files between shares or folders
with different permissions as in the Apple discussion below.

http://serverfault.com/questions/498171/osx-10-8-3-creating-editing-files-on-windows-7-share-creates-weird-blocking-acco

https://discussions.apple.com/message/21569355#21569355

Those are two that I found. There may be more...

ajs


On Wed, Nov 6, 2013 at 7:30 AM, Michael Weiner <hun...@userfriendly.net>wrote:
--
Tony Skalski
Systems Administrator
a...@stolaf.edu
507-786-3227
St. Olaf College
Information Technology
1510 St. Olaf Avenue
Northfield, MN    55057-1097
Re: OS X 10.9: Connecting to SMB share point can damage permissions on server side Florent B. 12/19/13 1:52 AM
Not sure, but this issue seems to be fixed with the 10.9.1 in my first tests.

-Florent B.
Re: OS X 10.9: Connecting to SMB share point can damage permissions on server side Bruce Carter 12/19/13 5:55 AM
Our storage folks and some field people say it is still a problem here with our NetApp gear...  :-(

--
Bruce Carter, Center for Creative Computing,
University of Notre Dame, Notre Dame, IN  46556

On 12/19/13, 4:52 AM, "Florent B." <flor...@ADMINSYS.CH<mailto:florent.b@ADMINSYS.CH>> wrote:
Not sure, but this issue seems to be fixed with the 10.9.1 in my first tests.

Re: OS X 10.9: Connecting to SMB share point can damage permissions on server side Florent B. 12/19/13 6:23 AM
What are you doing to reproduce the problem now ?

-Florent B.
Re: OS X 10.9: Connecting to SMB share point can damage permissions on server side Luke Jaeger 12/19/13 6:35 AM
Is everyone reasonably confident that this problem only affects 10.9? Anyone seen it on earlier Mac OS versions?

Also, enabling "Everyone:Full Control" permission strikes me as a really, really bad idea.

Luke Jaeger | Technology Coordinator
Pioneer Valley Performing Arts Charter Public School
www.pvpa.org

On Oct 25, 2013, at 7:13 PM, Alex Widner <awi...@ICLOUD.COM> wrote:

> I am seeing a similar issue:
>
> On our AD bound Macs when I try to edit the permissions of a file or folder on an SMB share (a share that I own) it actually just deletes the file completely.
>
> We are running Windows Server 2008 R2 & NetApp for our SMB shares.
>
> Thanks,
>
> Alex
Re: OS X 10.9: Connecting to SMB share point can damage permissions on server side Bruce Carter 12/19/13 6:43 AM
I'm going to defer to John Slaughter (an engineer in our Engineering and Science Computing department who is also a member here) as he has looked at it more closely than I have.  I believe just attempting to change a permission causes our NetApp appliances to scramble the permissions for the file, making it inaccessible.

--
Bruce Carter, Center for Creative Computing,
University of Notre Dame, Notre Dame, IN  46556

On 12/19/13, 9:23 AM, "Florent B." <flor...@ADMINSYS.CH<mailto:florent.b@ADMINSYS.CH>> wrote:
What are you doing to reproduce the problem now ?

On 19 déc. 2013, at 14:55, Bruce Carter <bca...@ND.EDU<mailto:bcarter@ND.EDU>> wrote:
Our storage folks and some field people say it is still a problem here with our NetApp gear...  :-(

Re: OS X 10.9: Connecting to SMB share point can damage permissions on server side Florent B. 12/19/13 7:16 AM
Our users have not the "Full Control" and the problem was present in 10.9. Now in 10.9.1, I'm unable to reproduce exactly the same behaviors.

I've tested with 10.8 and 10.7 and the problem was not present (as I remember).

-Florent B.

On 19 d�c. 2013, at 15:35, Luke Jaeger <ad...@PVPA.ORG> wrote:

> Is everyone reasonably confident that this problem only affects 10.9? Anyone seen it on earlier Mac OS versions?
>
> Also, enabling "Everyone:Full Control" permission strikes me as a really, really bad idea.

Re: OS X 10.9: Connecting to SMB share point can damage permissions on server side John Slaughter 12/19/13 7:39 AM
I believe that it occurs under the following circumstances:

- The machine must be bound to AD for the Finder to allow the user to view/edit the permissions.
- The share must use NTFS ACLs.
- This only happens in 10.9.x.  Earlier versions, even when bound to AD, did not allow the user to edit the NTFS ACLs.
- I suspect that opendirectoryd is involved, and maybe even responsible, but I haven’t followed up on it yet.
Re: OS X 10.9: Connecting to SMB share point can damage permissions on server side Frank Saccomandi 12/20/13 12:45 PM
I just spent some time testing 10.9.1 and unfortunately the issue with
preference corruption remains.

Mac Config:
10.9.1
Bound to AD

Server:
Windows server 2008r2

Here is what I tested:

File share with share level permissions of full control for everyone.
NTFS ACL set to allow user full control
Windows ACL would become corrupt after editing on the mac


File share with share level permission of read and write (no full
control). NTFS ACL set to allow user full control
Windows ACL would become corrupt after editing on the mac

File share level permission of read and write (no full control). NTFS ACL
set to allow user read, write, modify
Permissions changes would be ignored.

With share level permissions of full control and NTFS ACL set to allow
user read, write, modify
Permissions changes would be ignored and the machine would actually return
the the login screen.  This would be quite annoying for users if they were
working on something.

I performed the aforementioned tests with both SMB1 and SMB2 (cifs:// and
smb://)

The bottom line I"s that it looks like as long as a user does not have
"full control NTFS level permissions they will be unable to corrupt the
windows ACLs.  In my opinion this is still a significant issue and it is a
shame Apple has not been more responsive  I have submitted a bug report
and was informed by apple that it was a duplicate of a previously reported
issue so they are clearly aware of this problem.

Frank Saccomandi IV
Systems Engineer | Acadian Asset Management, LLC






On 12/19/13, 10:39 AM, "John Slaughter" <John.Sla...@ND.EDU> wrote:

>I believe that it occurs under the following circumstances:
>
>- The machine must be bound to AD for the Finder to allow the user to
>view/edit the permissions.
>- The share must use NTFS ACLs.
>- This only happens in 10.9.x.  Earlier versions, even when bound to AD,
>did not allow the user to edit the NTFS ACLs.
>- I suspect that opendirectoryd is involved, and maybe even responsible,
>but I haven�t followed up on it yet.
>
>
>
>
>On Dec 19, 2013, at 9:43 AM, Bruce Carter
><bca...@nd.edu<mailto:bcarter@nd.edu>> wrote:
>
>I'm going to defer to John Slaughter (an engineer in our Engineering and
>Science Computing department who is also a member here) as he has looked
>at it more closely than I have.  I believe just attempting to change a
>permission causes our NetApp appliances to scramble the permissions for
>the file, making it inaccessible.
>
>--
>Bruce Carter, Center for Creative Computing,
>University of Notre Dame, Notre Dame, IN  46556
>
>On 12/19/13, 9:23 AM, "Florent B."
><flor...@ADMINSYS.CH<mailto:flor...@ADMINSYS.CH>> wrote:
>What are you doing to reproduce the problem now ?
>
>On 19 d�c. 2013, at 14:55, Bruce Carter
><bca...@ND.EDU<mailto:bcarter@ND.EDU>> wrote:
>Our storage folks and some field people say it is still a problem here
>with our NetApp gear...  :-(
>
>On 12/19/13, 4:52 AM, "Florent B."
><flor...@ADMINSYS.CH<mailto:flor...@ADMINSYS.CH><mailto:flor...@ADMI
>NSYS.CH>> wrote:
>Not sure, but this issue seems to be fixed with the 10.9.1 in my first
>tests.
>
>
>

This e-Mail and any attachments contain privileged and confidential information of Acadian and may be accessed and read only by the intended recipients. Any further distribution or reproduction of this material by recipients, or use for any purpose not authorized by Acadian, is strictly prohibited. If you are not the intended recipient and this e-mail and attachments have been sent or passed on to you in error, please destroy the same and contact us immediately. Confidentiality and privilege are not lost by this transmission having been sent or passed on to you in error. Acadian is not liable for any damage that may be caused by viruses or transmission errors.

Acadian Asset Management LLC is registered as an investment adviser with the U.S. Securities and Exchange Commission. Registered Office: 260 Franklin Street, Boston, Massachusetts 02110. Acadian Asset Management (UK) Limited is a private limited company incorporated in England, number 05644066, and is authorised and regulated by the Financial Conduct Authority of the United Kingdom. Registered office: 36-38 Cornhill, London, EC3V3ND, United Kingdom. Acadian Asset Management (Singapore) Pte Ltd. (Registration Number: 199902125D) is a private company limited by shares organized under Singapore law and is authorized by the Monetary Authority of Singapore. Registered office: 8 Shenton Way, #37-02,  Singapore 068811.


[AAM_2010_v1.3]
Re: OS X 10.9: Connecting to SMB share point can damage permissions on server side Palmer, Shane D [ITSYS] 2/26/14 8:52 AM
My initial few minutes of testing seem to show that the SMB permissions
corruption issue has been fixed for us after the OS X 10.9.2 update.  Can
anyone else confirm this?

Shane

Shane Palmer
Information Technology Services
Iowa State University






On 12/20/13, 2:45 PM, "Frank Saccomandi" <fsacc...@ACADIAN-ASSET.COM>
wrote:
>>On 19 déc. 2013, at 14:55, Bruce Carter
More topics »