Problems with Munki Repo on SMB Share

[OPUS IT]

I have set up an Ubuntu 22 LTS Server with Apache2 and Samba and I am having a hard time actually saving something to the repo.

- Created Munki Repository folder structure in /srv/munki_repo

- Created Linux system user 'munki' with no home and no login

- Added 'munki' to Samba users

- Configured SMB share for /srv/munki_repo

SMB share config:

[munki_repo]
    comment = Munki Repo
    path = /srv/munki_repo
    read only = no
    browseable = yes
    veto files = /._*/.DS_Store/
    guest ok = no
    valid users = munki
    admin users = munki
    force user = munki
    force group = munki
    sharename = munki_repo

My Munki machine is a Mac Mini with 15.7.2 and Munki 6.7

- Configured munkiimport with repo smb://munkiserver/munki_repo

- SMB share successfully mounts directly in Finder (before munkiimport run)

- SMB share is successfully mounted by munkiimport (if it's not mounted), it asks for user and password

- munkiimport exits with error when trying to import a test package

- Also tried file:///Volumes/munki_repo as repo path in config when the SMB share is mounted, same error

- Adjusted the permissions in /srv/munki_repo (owner and group 'munki', even 777 as test)

munkiimport output:

Copying TestApp-1.2.1.dmg to repo...
Error importing /Users/admin/Desktop/TestApp-1.2.1.dmg: Unexpected error when copying /Users/admin/Desktop/TestApp-1.2.1.dmg to pkgs/pkgs/TestApp-1.2.1.dmg: Error Domain=NSCocoaErrorDomain Code=513 "“TestApp-1.2.1.dmg” couldn’t be copied because you don’t have permission to access “pkgs”." UserInfo={NSSourceFilePathErrorKey=/Users/admin/Desktop/TestApp-1.2.1.dmg, NSUserStringVariant=(
    Copy
), NSDestinationFilePath=/Volumes/munki_repo/pkgs/TestApp-1.2.1.dmg, NSFilePath=/Users/admin/Desktop/TestApp-1.2.1.dmg, NSURL=file:///Users/admin/Desktop/TestApp-1.2.1.dmg, NSUnderlyingError=0x6000025700f0 {Error Domain=NSPOSIXErrorDomain Code=1 "Operation not permitted"}}

I always get this error, no matter what I try. There is no documentation on how to set up a SMB share correctly for munki. Any advice?

[Mike Solin]

Are you able to copy files to /Volumes/munki_repo/pkgs via the Finder? I'd start there.

Mike

--

https://mikesolin.com

--
You received this message because you are subscribed to the Google Groups "munki-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to munki-discus...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/munki-discuss/1d135815-d911-4a15-853c-ae6f0ad7022fn%40googlegroups.com.

[OPUS IT]

Yes, i can copy files to the SMB share via the Finder and I can also copy/create files with Terminal. Only the munkiimport command fails with this error.

[Gregory Neagle]

"Operation not permitted" often implies PPPC/TCC permission issues. Does Terminal have permissions to access files on network volumes?

Sent from my iPhone

On Nov 12, 2025, at 7:46 AM, OPUS IT <tec...@opus-marketing.de> wrote:

Yes, i can copy files to the SMB share via the Finder and I can also copy/create files with Terminal. Only the munkiimport command fails with this error.

To view this discussion visit https://groups.google.com/d/msgid/munki-discuss/dc77986d-3164-4fa7-9b8a-de21733fbbfan%40googlegroups.com.

[OPUS IT]

Hi Greg,

The Mac in question is not managed, there are no PPPC configuration profiles but the Terminal app is listed in Full Disk Access in System Preferences (not in Local Network, but this works anyways).

[Gregory Neagle]

So I’d like to focus on this bit from your munkiimport output:

Copying TestApp-1.2.1.dmg to repo...
Error importing /Users/admin/Desktop/TestApp-1.2.1.dmg: Unexpected error when copying /Users/admin/Desktop/TestApp-1.2.1.dmg to pkgs/pkgs/TestApp-1.2.1.dmg: Error 

Unless you chose to add a subdirectory named “pkgs” inside the “pkgs” directory, this seems odd.

Can you show us:

1) The output of `sudo managedsoftwareupdate —show-configuration` (feel free to redact sensitive items)

2) A full transcript of a `munkiimport` session demonstrating the issue

3) if the SMB share is mounted, the output of `ls -al /Volumes/munki_repo` and `ls -al /Volumes/munki_repo/pkgs`

-Greg

[OPUS IT]

Sorry, Greg, I replied to you directly instead of to the conversation. Did not realize it does not appear here this way. Can you reply to my message in the conversation?

[Gregory Neagle]

I am not sure what you are referring to. I’ve seen no other replies.

-Greg

--
You received this message because you are subscribed to the Google Groups "munki-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to munki-discus...@googlegroups.com.

To view this discussion visit https://groups.google.com/d/msgid/munki-discuss/13c07bd7-dfff-4874-93d5-f05417169250n%40googlegroups.com.

[Gregory Neagle]

Scratch that: found it.

[Gregory Neagle]

Munkiimport output:

admin@srv-macos ~ % sudo /usr/local/munki/munkiimport /Users/admin/Desktop/TestApp-1.2.1.dmg
Analyzing installer item...
Could not read existing catalogs: Could not read 'all' catalog: Error getting contents from /Volumes/munki_repo/catalogs/all

That’s a clue, perhaps. Does catalogs/all exist in the repo? It might not yet if you’ve never imported anything successfully.

           Item name: TestApp
        Display name: 
         Description: 
             Version: 1.2.1
            Category: 
           Developer: 
  Unattended install: False
Unattended uninstall: False
            Catalogs: default

Import this item? [y/N] y
Upload item to subdirectory: 
Path pkgsinfo/ does not exist. Create it? [y/N] y

That’s also a clue. It cannot read the contents of /Volumes/munki_repo

No existing product icon found.
Attempt to create a product icon? [y/N] y
Attempting to extract and upload icon...
Imported icons/TestApp.png

Did that actually work? Does icons/TestApp.png exist in the repo? IOW, did it actually successfully upload an icon to that directory?

Copying TestApp-1.2.1.dmg to repo...
Error importing /Users/admin/Desktop/TestApp-1.2.1.dmg: Unexpected error when copying /Users/admin/Desktop/TestApp-1.2.1.dmg to pkgs/pkgs/TestApp-1.2.1__1.dmg: Error Domain=NSCocoaErrorDomain Code=513 "“TestApp-1.2.1.dmg” couldn’t be copied because you don’t have permission to access “pkgs”." UserInfo={NSSourceFilePathErrorKey=/Users/admin/Desktop/TestApp-1.2.1.dmg, NSUserStringVariant=(
    Copy
), NSDestinationFilePath=/Volumes/munki_repo/pkgs/TestApp-1.2.1__1.dmg, NSFilePath=/Users/admin/Desktop/TestApp-1.2.1.dmg, NSURL=file:///Users/admin/Desktop/TestApp-1.2.1.dmg, NSUnderlyingError=0x60000132d7d0 {Error Domain=NSPOSIXErrorDomain Code=1 "Operation not permitted"}}

The pkgs/pkgs bit is still confusing and unexpected, especially since the error also lists this: NSDestinationFilePath=/Volumes/munki_repo/pkgs/TestApp-1.2.1__1.dmg Can we see the configuration for the `munkiimport` tool?

admin@srv-macos ~ % ls -al /Volumes/munki_repo
total 240
drwx------  1 admin  staff  16384 12 Nov 15:42 .
drwxr-xr-x  8 root   wheel    256 12 Nov 15:42 ..
-rwx------  1 admin  staff    101 12 Nov 14:16 .htaccess
-rwx------  1 admin  staff     44 12 Nov 14:12 .htpasswd
drwx------  1 admin  staff  16384 11 Nov 14:36 catalogs
drwx------  1 admin  staff  16384 12 Nov 14:28 client_resources
drwx------  1 admin  staff  16384 12 Nov 17:46 icons
drwx------  1 admin  staff  16384 11 Nov 14:37 manifests
drwx------  1 admin  staff  16384 12 Nov 17:46 pkgs
drwx------  1 admin  staff  16384 11 Nov 14:37 pkgsinfo

admin@srv-macos ~ % ls -al /Volumes/munki_repo/pkgs
total 64
drwx------  1 admin  staff  16384 12 Nov 17:46 .
drwx------  1 admin  staff  16384 12 Nov 15:42 ..
-rwx------  1 admin  staff      0 12 Nov 16:31 TestApp-1.2.1.dmg

Strange thing, the user and group are not the ones set in the Samba config.

If i look at the munki_repo folder on the server, i get the output below.

opusadmin@srv-munki:/srv/munki_repo$ ls -la /srv/munki_repo/
total 40
drwxr-xr-x 8 munki munki 4096 Nov 12 14:42 .
drwxr-xr-x 4 root  root  4096 Nov 11 11:54 ..
drwxr-xr-x 2 munki munki 4096 Nov 11 13:36 catalogs
drwxr-xr-x 3 munki munki 4096 Nov 12 13:28 client_resources
-rwxr-xr-x 1 munki munki  101 Nov 12 13:16 .htaccess
-rwxr-xr-x 1 munki munki   44 Nov 12 13:12 .htpasswd
drwxr-xr-x 2 munki munki 4096 Nov 12 16:46 icons
drwxr-xr-x 2 munki munki 4096 Nov 11 13:37 manifests
drwxr-xr-x 2 munki munki 4096 Nov 12 16:46 pkgs
drwxr-xr-x 2 munki munki 4096 Nov 11 13:37 pkgsinfo

I think those client-side user/group/mode mappings are as expected.

To view this discussion visit https://groups.google.com/d/msgid/munki-discuss/8F45A365-F290-420A-8348-73C4B51CA69A%40mac.com.

[Gregory Neagle]

FWIW I set up a test Munki repo on an SMB share here and was able to use Munki 6.7's munkiimport and Munki 7.0.3’s munkiimport to import packages without issues.

-Greg

To view this discussion visit https://groups.google.com/d/msgid/munki-discuss/99E9A25A-1F39-472E-8439-189D8D07DE91%40mac.com.

[OPUS IT]

Hi Greg, sorry I was out of office a couple of days. Now I am back on this problem.

Could not read existing catalogs: Could not read 'all' catalog: Error getting contents from /Volumes/munki_repo/catalogs/all

I am setting this up as a new repo, so it's blank. Only the default folders inside munki_repo exist. (Demonstration Setup). I guess all files are created during import (if it would succeed).

Attempt to create a product icon? [y/N] y
Attempting to extract and upload icon...
Imported icons/TestApp.png

Yes, the icon is saved successfully in icons. Here the ls output from the mounted share on the Mac /Volumes/munki_repo/icons.

-rwx------  1 admin  staff  17090 19 Nov 14:27 TestApp.png

The Disk Image file of the App to be imported is created in pkgs, but with 0 bytes in size.

-rwx------  1 admin  staff      0 19 Nov 14:27 TestApp-1.2.1.dmg

The i configured munkiimport with:

admin@srv-macos ~ % munkiimport --configure

Repo URL (example: afp://munki.example.com/repo): smb://srv-munki/munki_repo
pkginfo extension (Example: .plist):
pkginfo editor (examples: /usr/bin/vi or TextMate.app; leave empty to not open an editor after import): Visual Studio Code.app
Default catalog to use (example: testing): default
Repo access plugin (defaults to FileRepo): 

admin@srv-macos ~ %

I can create files in the pkgs folder of the share with Finder and also with Terminal:

admin@srv-macos ~ % touch /Volumes/munki_repo/pkgs/farts             
-rwx------  1 admin  staff      0 19 Nov 14:36 farts

I tested munkiimport with another SMB share on a Windows Server, this worked as expected, so I guess the SMB configuration on Ubuntu is at fault.

Mac directory listing of the Windows share:

drwx------@ 1 admin  staff  16384 19 Nov 15:03 catalogs
drwx------@ 1 admin  staff  16384 12 Nov 14:28 client_resources
drwx------@ 1 admin  staff  16384 19 Nov 15:03 icons
drwx------@ 1 admin  staff  16384 11 Nov 14:37 manifests
drwx------@ 1 admin  staff  16384 19 Nov 15:03 pkgs
drwx------@ 1 admin  staff  16384 19 Nov 15:03 pkgsinfo

Mac directory listing of the Ubuntu share:

drwx------  1 admin  staff  16384 11 Nov 14:36 catalogs
drwx------  1 admin  staff  16384 12 Nov 14:28 client_resources

drwx------  1 admin  staff  16384 19 Nov 14:27 icons

drwx------  1 admin  staff  16384 11 Nov 14:37 manifests

drwx------  1 admin  staff  16384 19 Nov 14:57 pkgs

drwx------  1 admin  staff  16384 11 Nov 14:37 pkgsinfo

The only difference are the extended attributes. ls -l@ shows this:

drwx------@ 1 admin  staff  16384 19 Nov 15:03 catalogs
com.apple.FinderInfo    -1
drwx------@ 1 admin  staff  16384 12 Nov 14:28 client_resources
com.apple.FinderInfo    -1
drwx------@ 1 admin  staff  16384 19 Nov 15:03 icons
com.apple.FinderInfo    -1
drwx------@ 1 admin  staff  16384 11 Nov 14:37 manifests
com.apple.FinderInfo    -1
drwx------@ 1 admin  staff  16384 19 Nov 15:03 pkgs
com.apple.FinderInfo    -1
drwx------@ 1 admin  staff  16384 19 Nov 15:03 pkgsinfo
com.apple.FinderInfo    -1

[Marnin Goldberg]

Do you see this issue if you use Munki 6 vs Munki 7? 

Do any of the files on the SMB share show as hidden? Check with: ls -lO /Volumes/munki-repo/catalogs 

Marnin

To view this discussion visit https://groups.google.com/d/msgid/munki-discuss/34620fd6-0046-475c-847d-479107d52327n%40googlegroups.com.

[OPUS IT]

Found the problem. I did not suspect this line in Samba configuration

veto files = /.DS_Store/._*/

This was to prevent creation of .DS_Store files and resource fork files (._filename.ext >> ._*)

The ._* has lead to the errors in munkiimport. I don't know why. I removed the part of the veto files regex and now munkiimport can write to the share.