6

Since we upgraded to OSX El Capitan we experienced some strange file permissions errors with our SMB server.

We have a ubuntu server machine hosting our working files over a SMB shared folder to each of our Mac workstations. We use Git over SMB with SourceTree to build our websites (convenient to share the same database and files), since we upgraded to OS X El Capitan the file permissions are not the same and Git marks every files changed as their perms switched from 0664 to 0775 (or 0644 to 0755).

For example, here is the ls -la output using SSH on our dev server

➜  CashierTheme git:(develop) ls -la
total 72
drwxrwsr-x  9 nestorwww nestorwww  4096 oct.  12 23:42 .
drwxrwsr-x  6 nestorwww nestorwww  4096 avril 14 17:33 ..
-rw-rw-r--  1 nestorwww nestorwww 12261 oct.  12 23:42 CashierThemeApp.php
-rw-rw-r--  1 nestorwww nestorwww    56 oct.  12 23:42 composer.json
-rw-rw-r--  1 nestorwww nestorwww   352 oct.  12 23:42 config.yml
drwxrwsr-x  2 nestorwww nestorwww  4096 oct.  12 23:42 Controllers
-rw-rw-r--  1 nestorwww nestorwww   170 oct.  12 23:42 .editorconfig
drwxrwsr-x  2 nestorwww nestorwww  4096 oct.  12 23:42 Entities
drwxrwsr-x  4 nestorwww nestorwww  4096 oct.  12 23:42 Forms
drwxrwsr-x  8 nestorwww nestorwww  4096 oct.  12 23:42 .git
-rw-rw-r--  1 nestorwww nestorwww    35 oct.  12 23:42 .gitignore
-rw-rw-r--  1 nestorwww nestorwww  1060 oct.  12 23:42 LICENSE.md
-rw-rw-r--  1 nestorwww nestorwww  1819 oct.  12 23:42 README.md
drwxr-sr-x  2 nestorwww nestorwww  4096 oct.  12 23:42 Repositories
drwxrwsr-x  6 nestorwww nestorwww  4096 oct.  12 23:42 Resources
drwxrwsr-x 10 nestorwww nestorwww  4096 oct.  12 23:42 static

Files permissions are OK. Then, here is the ls -la from our SMB share folder (from my Mac):

➜  CashierTheme git:(develop) ✗ ls -la
total 328
drwx------  1 ambroisemaupate  staff  16384 12 oct 23:42 .
drwx------  1 ambroisemaupate  staff  16384 14 avr 17:33 ..
-rwx------  1 ambroisemaupate  staff    170 12 oct 23:42 .editorconfig
drwx------  1 ambroisemaupate  staff  16384 12 oct 23:43 .git
-rwx------  1 ambroisemaupate  staff     35 12 oct 23:42 .gitignore
-rwx------  1 ambroisemaupate  staff  12261 12 oct 23:42 CashierThemeApp.php
drwx------  1 ambroisemaupate  staff  16384 12 oct 23:42 Controllers
drwx------  1 ambroisemaupate  staff  16384 12 oct 23:42 Entities
drwx------  1 ambroisemaupate  staff  16384 12 oct 23:42 Forms
-rwx------  1 ambroisemaupate  staff   1060 12 oct 23:42 LICENSE.md
-rwx------  1 ambroisemaupate  staff   1819 12 oct 23:42 README.md
drwx------  1 ambroisemaupate  staff  16384 12 oct 23:42 Repositories
drwx------  1 ambroisemaupate  staff  16384 12 oct 23:42 Resources
-rwx------  1 ambroisemaupate  staff     56 12 oct 23:42 composer.json
-rwx------  1 ambroisemaupate  staff    352 12 oct 23:42 config.yml
drwx------  1 ambroisemaupate  staff  16384 12 oct 23:42 static

So when I enter the git status command on the dev server, everything is OK:

➜  CashierTheme git:(develop) git status
Sur la branche develop
Votre branche est à jour avec 'origin/develop'.

rien à valider, la copie de travail est propre

And… here is the git status output from the SMB share:

➜  CashierTheme git:(develop) ✗ git status
On branch develop
Your branch is up-to-date with 'origin/develop'.
Changes not staged for commit:
  (use "git add <file>..." to update what will be committed)
  (use "git checkout -- <file>..." to discard changes in working directory)

    modified:   .editorconfig
    modified:   .gitignore
    modified:   CashierThemeApp.php
    modified:   Controllers/ContactController.php
    modified:   Controllers/InvoiceController.php
    modified:   Controllers/PaymentController.php
    modified:   Controllers/PostingController.php
    modified:   Controllers/QuoteController.php
    modified:   Entities/BankOperationTrait.php
    modified:   Entities/Contact.php
    modified:   Entities/Invoice.php
    modified:   Entities/Letter.php
    modified:   Entities/PayableInterface.php
    modified:   Entities/Payment.php
    modified:   Entities/Posting.php
    modified:   Entities/PostingObject.php
    modified:   Entities/Quote.php
    modified:   Forms/ContactSelectorType.php
    modified:   Forms/ContactType.php
    modified:   Forms/DataTransformer/ContactToNumberTransformer.php
    modified:   Forms/Filters/ContactFilterType.php
    modified:   Forms/Filters/PostingFilterType.php
    modified:   Forms/Filters/QuoteFilterType.php
    modified:   Forms/InvoiceStatusType.php
    modified:   Forms/InvoiceType.php
    modified:   Forms/PaymentType.php
    modified:   Forms/PostingObjectType.php
    modified:   Forms/PostingObjectUnitType.php
    modified:   Forms/PostingType.php
    modified:   Forms/QuoteStatusType.php
    modified:   Forms/QuoteType.php
    modified:   LICENSE.md
    modified:   README.md
    modified:   Repositories/PostingRepository.php
    modified:   Resources/config/.gitignore
    modified:   Resources/config/fonts.default.xml
    modified:   Resources/config/pdf_stylesheet.default.xml
    modified:   Resources/firewalled-routes.yml
    modified:   Resources/imports/roles.rzt
    modified:   Resources/imports/settings.rzt
    modified:   Resources/routes.yml
    modified:   Resources/translations/messages.en.xlf
    modified:   Resources/translations/messages.fr.xlf
    modified:   Resources/views/404.html.twig
    modified:   Resources/views/admin/test.html.twig
    modified:   Resources/views/base.html.twig
    modified:   Resources/views/baseAnonymous.html.twig
    modified:   Resources/views/blocks/filters.html.twig
    modified:   Resources/views/blocks/paidtotals.html.twig
    modified:   Resources/views/blocks/totals.html.twig
    modified:   Resources/views/blocks/totals.xml.twig
    modified:   Resources/views/blocks/waitingtotals.html.twig
    modified:   Resources/views/contacts/edit.html.twig
    modified:   Resources/views/contacts/list.html.twig
    modified:   Resources/views/dashboard/list.html.twig
    modified:   Resources/views/forms.html.twig
    modified:   Resources/views/invoices/edit.html.twig
    modified:   Resources/views/invoices/list.html.twig
    modified:   Resources/views/invoices/view.xml.twig
    modified:   Resources/views/modules/navigation-elements.html.twig
    modified:   Resources/views/modules/navigation.html.twig
    modified:   Resources/views/payments/edit.html.twig
    modified:   Resources/views/payments/list.html.twig
    modified:   Resources/views/pdfbase.xml.twig
    modified:   Resources/views/quotes/edit.html.twig
    modified:   Resources/views/quotes/list.html.twig
    modified:   Resources/views/quotes/view.xml.twig
    modified:   Resources/views/tabledforms.html.twig
    modified:   composer.json
    modified:   config.yml
    modified:   static/Gruntfile.js
    modified:   static/bower.json
    modified:   static/css/main.less
    modified:   static/css/normalize.less
    modified:   static/css/postings/commons.less
    modified:   static/css/style.less
    modified:   static/css/style.min.css
    modified:   static/css/vars.less
    modified:   static/css/vendor.less
    modified:   static/css/vendor.min.css
    typechange: static/css/widgets/debugpanel.less
    modified:   static/css/widgets/nav.less
    modified:   static/fonts/fontawesome-webfont.woff2
    modified:   static/js/main.js
    modified:   static/js/vendor/jquery-2.1.3.min.js
    modified:   static/js/vendor/uikit.min.js
    modified:   static/package.json
    modified:   static/public/cashier-theme.08d1e458.min.js
    modified:   static/public/config/assets.config.php
    modified:   static/public/style.7474e8a1.css
    modified:   static/public/vendor-cashier-theme.1a8458ff.min.js
    modified:   static/public/vendor.03b81695.css

no changes added to commit (use "git add" and/or "git commit -a")

With the git diff:

diff --git a/.editorconfig b/.editorconfig
old mode 100644
new mode 100755
diff --git a/.gitignore b/.gitignore
old mode 100644
new mode 100755
diff --git a/CashierThemeApp.php b/CashierThemeApp.php
old mode 100644
new mode 100755
diff --git a/Controllers/ContactController.php b/Controllers/ContactController.php
old mode 100644
new mode 100755

Etc, etc

And last snippet, here is my SMB share configuration where I explicitly tell to use 0644 for files and 0755 for directories.

[DevWebServer]
   path = /var/www
   force group = myuser
   force user = myuser
   browsable = yes
   writeable = yes
   create mask = 0644
   directory mask = 0755
   force create mode = 0644
   force directory mode = 0755
   hide dot files = no
   guest ok = no
   public = no
   veto files = /._*/.DS_Store/.AppleDouble
   delete veto files = yes

We didn’t have any issue before with OS X Yosemite.

  • Does anyone experienced this issue since you upgraded to OS 10.11?
  • Does anyone knows a workaround to stick with the same permissions from server to SMB share?
  • Did I forgot something in my SMB share configuration?

For those who wonder why we use Git over SMB, it’s because we work with many people at the same time building websites. Having a copy on each on our workstations would be a pain to sync databases and documents files.

Thanks for reading and your time.

Ambroise Maupate
  • 171
  • 1
  • 1
  • 4
  • initial question was asked on Stack Overflow: http://stackoverflow.com/questions/33090925/file-permissions-issue-on-os-x-el-capitan-and-smb-share but off-topic according to StackOverflow guidelines. – Ambroise Maupate Oct 13 '15 at 16:18
  • 3
    I don't think you understand how git works. Everyone is supposed to have a copy of the repository on their local workstations. – Michael Hampton Oct 13 '15 at 16:21
  • 2
    I think I understand how git works. But like I said it's not possible to have a copy per user when you need to keep the same database and files. We already tested it with some external developers, it's a pain to work synced on website dev and content management this way. – Ambroise Maupate Oct 13 '15 at 17:18
  • I tried to add `unix extensions = no` to my smb.conf. The permissions are now the same on the server and the share but *Git* always see different permissions (644 --> 755). – Ambroise Maupate Oct 14 '15 at 07:28
  • We have a similar setup using mercurial, and this is causing us problems too. I have previously set the server to ignore execute bit permissions, with a similar create mask. I have tried to mount the repo using the mount command using the noexec flag, bypassing the finder, and permissions are still wrong: The user:execute bit is still set. Something has changed at a low level I think. – Richard Cross Oct 20 '15 at 10:36
  • Yes, it's definitely a bug in OS X smb client. 644 permissions are seen as 755 when mounted on El Capitan. This is causing us some problems too. – Tobia Oct 26 '15 at 16:11
  • same problem here - setting git's filemode to false isn't helping ignore the problem either – Naseer Nov 09 '15 at 18:47
  • Seems to still be a problem with macOS Sierra 10.12.5. – Sean Leather May 23 '17 at 12:53

6 Answers6

2

This work for me

[Shared]
    comment = Folder Shared
    path = /path
    unix extensions = no
    force group = root
    force user = root
    browsable = yes
    writeable = yes
    create mask = 0644
    directory mask = 0755
    force create mode = 0644
    force directory mode = 0755
    hide dot files = no
    guest ok = no
    public = no
    valid users = @users
1

This issue still persists after upgrading to OS X 10.11.1.

As a partial workaround, you can share the files using SSHFS instead of SMB. SSHFS preserves the permissions, however it have several drawbacks:

  • Issues when multiple users write the same files.
  • No support for native extended attributes, ACLs etc.
  • Slower than SMB.

See also discussion on Apple Support Communities: https://discussions.apple.com/message/29104711

Sean Leather
  • 105
  • 4
Elad
  • 11
  • 1
1

You can also try using a recent (4.2 or later) version of Samba that supports SMB2 and enabling vfs_fruit on the share. This will add support to Apple's AAPL extension for SMB2 which should work better that the Unix extensions for SMB1/CIFS.

Elad
  • 11
  • 1
  • I managed to upgrade from Samba 3 to 4.3.1. **This has fixed the Git over SMB issue for me.** Once upgraded to 4.3.1, just add `vfs objects = fruit` to your share definition and make sure to remove `unix extension = no` as it will be ignored by Samba. – Ambroise Maupate Nov 10 '15 at 18:54
  • `vfs objects = catia fruit streams_xattr` works better. – Ambroise Maupate Nov 10 '15 at 19:08
  • **This solution is not working anymore.** I had to revert to samba 4.1 using wheezy backports. Samba 4.3.1 is not stable at all and it broke my git repositories. I think it’s time for us to teach our front-devs to use Vagrant and to host their own git repos. :-( – Ambroise Maupate Nov 17 '15 at 14:16
1

TL;DR version:

mount_smbfs -f 0644 -d 0755 //<user@host/share> <share>

Long version:

I know this thread is old, but this is still a relevant problem. In my case, I'm using git over CIFS to work with a remote working tree on a virtual Linux instance. The git repository actually exists on my host system but I have the checkout on the remote system. This is so I can develop my Linux specific application on macOS using a VM but keep the git repository in the host.

Anyway, I was experiencing the same issue as the OP. Git detected changes in the file mode, wanting to commit the files with execute bits since the share driver created regular files with execute permissions by default. To work around this, I figured out how to mount the share manually using the mount_smbfs command. The key options are -f and -d for file mode and directory mode respectively.

For the record, I'm using macOS 10.11.6 "El capitan".

Roger Gee
  • 111
  • 2
  • Thanks Roger Gee for your contribution. Did you manage to set these parameters permanently using /etc/nsmb.conf file? – Ambroise Maupate Aug 15 '17 at 15:44
  • I have not. The man page for that config file doesn't indicate those options. Furthermore I don't know what the keys would be for these options (if any). I can only speculate (e.g. `file_mode` and `directory_mode`?), and I have not tested those. On Linux, the smbfs/cifs driver supports this functionality as mount options (e.g. `-o file_mode=0640`) whereas on macOS they are command-line flags specific to the `mount_smbfs` command. Sorry to not be any help in this area; I normally mount shares via shell aliases manually. – Roger Gee Aug 16 '17 at 17:26
  • I know this shouldn't be necessary because for months I worked with a samba volume just using the networking from the Finder. But I had a hard drive crash and reinstalled the same Debian OS on the same computer and now I can see Debian shares and list files but not write them under any circumstances. This says there's something on the remote side causing this. – John Smith Jun 14 '22 at 08:35
0

Try to disable unix extensions using the following statement in your Ubuntu's smb.conf file:

unix extensions = no

Then restart Samba and see if the problem persists.

shodanshok
  • 44,038
  • 6
  • 98
  • 162
-1

Change your user account password to a local password if you have now switched to using your apple ID login credentials. WINS and file share does not work with your iCloud login credentials.

SirLoy
  • 1