File permissions issue on OS X El Capitan and SMB share

Question

Since we upgraded to OSX El Capitan we experienced some strange file permissions errors with our SMB server.

We have a ubuntu server machine hosting our working files over a SMB shared folder to each of our Mac workstations. We use Git over SMB with SourceTree to build our websites (convenient to share the same database and files), since we upgraded to OS X El Capitan the file permissions are not the same and Git marks every files changed as their perms switched from 0664 to 0775 (or 0644 to 0755).

For example, here is the ls -la output using SSH on our dev server

➜  CashierTheme git:(develop) ls -la
total 72
drwxrwsr-x  9 nestorwww nestorwww  4096 oct.  12 23:42 .
drwxrwsr-x  6 nestorwww nestorwww  4096 avril 14 17:33 ..
-rw-rw-r--  1 nestorwww nestorwww 12261 oct.  12 23:42 CashierThemeApp.php
-rw-rw-r--  1 nestorwww nestorwww    56 oct.  12 23:42 composer.json
-rw-rw-r--  1 nestorwww nestorwww   352 oct.  12 23:42 config.yml
drwxrwsr-x  2 nestorwww nestorwww  4096 oct.  12 23:42 Controllers
-rw-rw-r--  1 nestorwww nestorwww   170 oct.  12 23:42 .editorconfig
drwxrwsr-x  2 nestorwww nestorwww  4096 oct.  12 23:42 Entities
drwxrwsr-x  4 nestorwww nestorwww  4096 oct.  12 23:42 Forms
drwxrwsr-x  8 nestorwww nestorwww  4096 oct.  12 23:42 .git
-rw-rw-r--  1 nestorwww nestorwww    35 oct.  12 23:42 .gitignore
-rw-rw-r--  1 nestorwww nestorwww  1060 oct.  12 23:42 LICENSE.md
-rw-rw-r--  1 nestorwww nestorwww  1819 oct.  12 23:42 README.md
drwxr-sr-x  2 nestorwww nestorwww  4096 oct.  12 23:42 Repositories
drwxrwsr-x  6 nestorwww nestorwww  4096 oct.  12 23:42 Resources
drwxrwsr-x 10 nestorwww nestorwww  4096 oct.  12 23:42 static

Files permissions are OK. Then, here is the ls -la from our SMB share folder (from my Mac):

➜  CashierTheme git:(develop) ✗ ls -la
total 328
drwx------  1 ambroisemaupate  staff  16384 12 oct 23:42 .
drwx------  1 ambroisemaupate  staff  16384 14 avr 17:33 ..
-rwx------  1 ambroisemaupate  staff    170 12 oct 23:42 .editorconfig
drwx------  1 ambroisemaupate  staff  16384 12 oct 23:43 .git
-rwx------  1 ambroisemaupate  staff     35 12 oct 23:42 .gitignore
-rwx------  1 ambroisemaupate  staff  12261 12 oct 23:42 CashierThemeApp.php
drwx------  1 ambroisemaupate  staff  16384 12 oct 23:42 Controllers
drwx------  1 ambroisemaupate  staff  16384 12 oct 23:42 Entities
drwx------  1 ambroisemaupate  staff  16384 12 oct 23:42 Forms
-rwx------  1 ambroisemaupate  staff   1060 12 oct 23:42 LICENSE.md
-rwx------  1 ambroisemaupate  staff   1819 12 oct 23:42 README.md
drwx------  1 ambroisemaupate  staff  16384 12 oct 23:42 Repositories
drwx------  1 ambroisemaupate  staff  16384 12 oct 23:42 Resources
-rwx------  1 ambroisemaupate  staff     56 12 oct 23:42 composer.json
-rwx------  1 ambroisemaupate  staff    352 12 oct 23:42 config.yml
drwx------  1 ambroisemaupate  staff  16384 12 oct 23:42 static

So when I enter the git status command on the dev server, everything is OK:

➜  CashierTheme git:(develop) git status
Sur la branche develop
Votre branche est à jour avec 'origin/develop'.

rien à valider, la copie de travail est propre

And… here is the git status output from the SMB share:

➜  CashierTheme git:(develop) ✗ git status
On branch develop
Your branch is up-to-date with 'origin/develop'.
Changes not staged for commit:
  (use "git add <file>..." to update what will be committed)
  (use "git checkout -- <file>..." to discard changes in working directory)

    modified:   .editorconfig
    modified:   .gitignore
    modified:   CashierThemeApp.php
    modified:   Controllers/ContactController.php
    modified:   Controllers/InvoiceController.php
    modified:   Controllers/PaymentController.php
    modified:   Controllers/PostingController.php
    modified:   Controllers/QuoteController.php
    modified:   Entities/BankOperationTrait.php
    modified:   Entities/Contact.php
    modified:   Entities/Invoice.php
    modified:   Entities/Letter.php
    modified:   Entities/PayableInterface.php
    modified:   Entities/Payment.php
    modified:   Entities/Posting.php
    modified:   Entities/PostingObject.php
    modified:   Entities/Quote.php
    modified:   Forms/ContactSelectorType.php
    modified:   Forms/ContactType.php
    modified:   Forms/DataTransformer/ContactToNumberTransformer.php
    modified:   Forms/Filters/ContactFilterType.php
    modified:   Forms/Filters/PostingFilterType.php
    modified:   Forms/Filters/QuoteFilterType.php
    modified:   Forms/InvoiceStatusType.php
    modified:   Forms/InvoiceType.php
    modified:   Forms/PaymentType.php
    modified:   Forms/PostingObjectType.php
    modified:   Forms/PostingObjectUnitType.php
    modified:   Forms/PostingType.php
    modified:   Forms/QuoteStatusType.php
    modified:   Forms/QuoteType.php
    modified:   LICENSE.md
    modified:   README.md
    modified:   Repositories/PostingRepository.php
    modified:   Resources/config/.gitignore
    modified:   Resources/config/fonts.default.xml
    modified:   Resources/config/pdf_stylesheet.default.xml
    modified:   Resources/firewalled-routes.yml
    modified:   Resources/imports/roles.rzt
    modified:   Resources/imports/settings.rzt
    modified:   Resources/routes.yml
    modified:   Resources/translations/messages.en.xlf
    modified:   Resources/translations/messages.fr.xlf
    modified:   Resources/views/404.html.twig
    modified:   Resources/views/admin/test.html.twig
    modified:   Resources/views/base.html.twig
    modified:   Resources/views/baseAnonymous.html.twig
    modified:   Resources/views/blocks/filters.html.twig
    modified:   Resources/views/blocks/paidtotals.html.twig
    modified:   Resources/views/blocks/totals.html.twig
    modified:   Resources/views/blocks/totals.xml.twig
    modified:   Resources/views/blocks/waitingtotals.html.twig
    modified:   Resources/views/contacts/edit.html.twig
    modified:   Resources/views/contacts/list.html.twig
    modified:   Resources/views/dashboard/list.html.twig
    modified:   Resources/views/forms.html.twig
    modified:   Resources/views/invoices/edit.html.twig
    modified:   Resources/views/invoices/list.html.twig
    modified:   Resources/views/invoices/view.xml.twig
    modified:   Resources/views/modules/navigation-elements.html.twig
    modified:   Resources/views/modules/navigation.html.twig
    modified:   Resources/views/payments/edit.html.twig
    modified:   Resources/views/payments/list.html.twig
    modified:   Resources/views/pdfbase.xml.twig
    modified:   Resources/views/quotes/edit.html.twig
    modified:   Resources/views/quotes/list.html.twig
    modified:   Resources/views/quotes/view.xml.twig
    modified:   Resources/views/tabledforms.html.twig
    modified:   composer.json
    modified:   config.yml
    modified:   static/Gruntfile.js
    modified:   static/bower.json
    modified:   static/css/main.less
    modified:   static/css/normalize.less
    modified:   static/css/postings/commons.less
    modified:   static/css/style.less
    modified:   static/css/style.min.css
    modified:   static/css/vars.less
    modified:   static/css/vendor.less
    modified:   static/css/vendor.min.css
    typechange: static/css/widgets/debugpanel.less
    modified:   static/css/widgets/nav.less
    modified:   static/fonts/fontawesome-webfont.woff2
    modified:   static/js/main.js
    modified:   static/js/vendor/jquery-2.1.3.min.js
    modified:   static/js/vendor/uikit.min.js
    modified:   static/package.json
    modified:   static/public/cashier-theme.08d1e458.min.js
    modified:   static/public/config/assets.config.php
    modified:   static/public/style.7474e8a1.css
    modified:   static/public/vendor-cashier-theme.1a8458ff.min.js
    modified:   static/public/vendor.03b81695.css

no changes added to commit (use "git add" and/or "git commit -a")

With the git diff:

diff --git a/.editorconfig b/.editorconfig
old mode 100644
new mode 100755
diff --git a/.gitignore b/.gitignore
old mode 100644
new mode 100755
diff --git a/CashierThemeApp.php b/CashierThemeApp.php
old mode 100644
new mode 100755
diff --git a/Controllers/ContactController.php b/Controllers/ContactController.php
old mode 100644
new mode 100755

Etc, etc

And last snippet, here is my SMB share configuration where I explicitly tell to use 0644 for files and 0755 for directories.

[DevWebServer]
   path = /var/www
   force group = myuser
   force user = myuser
   browsable = yes
   writeable = yes
   create mask = 0644
   directory mask = 0755
   force create mode = 0644
   force directory mode = 0755
   hide dot files = no
   guest ok = no
   public = no
   veto files = /._*/.DS_Store/.AppleDouble
   delete veto files = yes

We didn’t have any issue before with OS X Yosemite.

• Does anyone experienced this issue since you upgraded to OS 10.11?
• Does anyone knows a workaround to stick with the same permissions from server to SMB share?
• Did I forgot something in my SMB share configuration?

For those who wonder why we use Git over SMB, it’s because we work with many people at the same time building websites. Having a copy on each on our workstations would be a pain to sync databases and documents files.

Thanks for reading and your time.

Answer 1

This work for me

[Shared]
    comment = Folder Shared
    path = /path
    unix extensions = no
    force group = root
    force user = root
    browsable = yes
    writeable = yes
    create mask = 0644
    directory mask = 0755
    force create mode = 0644
    force directory mode = 0755
    hide dot files = no
    guest ok = no
    public = no
    valid users = @users

Answer 2

This issue still persists after upgrading to OS X 10.11.1.

As a partial workaround, you can share the files using SSHFS instead of SMB. SSHFS preserves the permissions, however it have several drawbacks:

• Issues when multiple users write the same files.
• No support for native extended attributes, ACLs etc.
• Slower than SMB.

See also discussion on Apple Support Communities: https://discussions.apple.com/message/29104711

Answer 3

You can also try using a recent (4.2 or later) version of Samba that supports SMB2 and enabling vfs_fruit on the share. This will add support to Apple's AAPL extension for SMB2 which should work better that the Unix extensions for SMB1/CIFS.

Answer 4

TL;DR version:

mount_smbfs -f 0644 -d 0755 //<user@host/share> <share>

Long version:

I know this thread is old, but this is still a relevant problem. In my case, I'm using git over CIFS to work with a remote working tree on a virtual Linux instance. The git repository actually exists on my host system but I have the checkout on the remote system. This is so I can develop my Linux specific application on macOS using a VM but keep the git repository in the host.

Anyway, I was experiencing the same issue as the OP. Git detected changes in the file mode, wanting to commit the files with execute bits since the share driver created regular files with execute permissions by default. To work around this, I figured out how to mount the share manually using the mount_smbfs command. The key options are -f and -d for file mode and directory mode respectively.

For the record, I'm using macOS 10.11.6 "El capitan".

Answer 5

Try to disable unix extensions using the following statement in your Ubuntu's smb.conf file:

unix extensions = no

Then restart Samba and see if the problem persists.

Answer 6

Change your user account password to a local password if you have now switched to using your apple ID login credentials. WINS and file share does not work with your iCloud login credentials.