Some time ago, I got rid of my home 'server' (a Buffalo LinkStation hacked to run linux) when the hard drive died. This managed file shares, email, and backing up critical data to offsite storage (rsync.net - a no frills remote filesystem that I highly recommend for techies)
The email moved into the cloud (first a VPS, now Google Apps for Domains) but I didn't want to use all my bandwidth and limited offsite storage for unimportant things like music. No problem I thought, I'll just set up a folder on each machine that everyone has access to and regularly sync between them.
Now all my machines run linux (Ubuntu) and I thought this would be easy but it turns out there is no widely accepted way of sharing files between users on linux. Checking out the Ubuntu forums showed quite a few requests for some means of doing this but no real solution. If you simply set permissions on a given folder (like you would in Windows, say), it won't work the way you expect as any new files created will have their permissions set based on the user that created the file rather than inheriting permissions from their parent folder.
File ACLs (and permissions generally) are the only things I've found that I prefer in Windows over Linux...
However, after some research I discovered the 'Sticky Bit' (or more specifically, SetGID). This does quite a few things, depending on what context it is used in, but for our purposes we can use it to ensure that new files do inherit permissions from their parent
First step to set this up is to create a group to use for controlling access to this shared folder, in this example I have called the group shared-access, but obviously, call it whatever you want.
sudo addgroup shared-access
Add your user accounts to this group
sudo usermod -aG shared-access <username>
Set permissions on the shared folders (I am using a folder call shared that I have created under /mnt)
sudo chgrp -R shared-access /mnt/shared/
sudo chmod -R g+sw /mnt/shared
This gives the group write access and forces all files to inherit the group's permissions
Monday 14 March 2011
Friday 4 March 2011
How To Automatically Connect To Network Shares On Login To A Mac
EDIT: Please see my new article for a better way to do this:
http://www.vuzzlevuzz.org/2011/10/how-to-automatically-connect-to-network.html
Been getting a bit hands on with Macs lately...
One of my clients employs quite a few freelancers on short term bases and they, understandably, need access to network shares. Now on windows it's easy to configure this in a login script but there does not seem to be anyway to do this for Mac clients (on a Windows Active Directory domain at least, Open Directory can do it I understand).
At first research seemed to indicate that using a login hook to run a shell script to mount the share was the way to go, but when I tried it I found that the drive gets mapped as root rather than the logged in user - not what we want at all.
The solution I finally hit upon was to use a launchd agent.
Launchd is a system for running various things when certain events occur and is the Mac replacement for the common Unix startup scripts, rc.d, init.d, etc. On cursory inspection it seems quite flexible in what it can do, but the bit that I'm interested in allows a script to be run whenever any user logs in - this lets me mount the network share at login even for a user that has never logged into the machine, and with the correct credentials to boot.
In order to make this easy to modify at a later date I set up a shell script to be run by launchd that, instead of mounting the shares directly, instead mounts the Windows server's NETLOGON share and executes a Mac specific logon script which then mounts the end user shares. This allows me to manage what shares are mounted centrally, without having to modify every machine if I want to change something, and is analogous to the windows logon script and so easy for other engineers to understand and support.
To set this up on a Mac you need 3 files:
org.vuzzlevuzz.mapfolders.plist
Configure OSXLogon.sh as appropriate for your environment and place in the server NETLOGON share
There are a couple of caveats with this - I'm working to resolve them but at the moment they are not important for the place I am using this. Will post a follow up if I get them sorted out, but for now be aware of the following:
Mac OS X Reference Library: Creating launchd Daemons and Agents
http://www.vuzzlevuzz.org/2011/10/how-to-automatically-connect-to-network.html
Been getting a bit hands on with Macs lately...
One of my clients employs quite a few freelancers on short term bases and they, understandably, need access to network shares. Now on windows it's easy to configure this in a login script but there does not seem to be anyway to do this for Mac clients (on a Windows Active Directory domain at least, Open Directory can do it I understand).
At first research seemed to indicate that using a login hook to run a shell script to mount the share was the way to go, but when I tried it I found that the drive gets mapped as root rather than the logged in user - not what we want at all.
The solution I finally hit upon was to use a launchd agent.
Launchd is a system for running various things when certain events occur and is the Mac replacement for the common Unix startup scripts, rc.d, init.d, etc. On cursory inspection it seems quite flexible in what it can do, but the bit that I'm interested in allows a script to be run whenever any user logs in - this lets me mount the network share at login even for a user that has never logged into the machine, and with the correct credentials to boot.
In order to make this easy to modify at a later date I set up a shell script to be run by launchd that, instead of mounting the shares directly, instead mounts the Windows server's NETLOGON share and executes a Mac specific logon script which then mounts the end user shares. This allows me to manage what shares are mounted centrally, without having to modify every machine if I want to change something, and is analogous to the windows logon script and so easy for other engineers to understand and support.
To set this up on a Mac you need 3 files:
org.vuzzlevuzz.mapfolders.plist
1 <?xml version="1.0" encoding="UTF-8"?>
2 <!DOCTYPE plist PUBLIC -//Apple Computer//DTD PLIST 1.0//ENhttp://www.apple.com/DTDs/PropertyList-1.0.dtd>
3 <plist version="1.0">
4 <dict>
5 <key>Label</key>
6 <string>org.vuzzlevuzz.mapfolders</string>
7 <key>Program</key>
8 <string>/Library/Scripts/mapfolders.sh</string>
9 <key>RunAtLoad</key>
10 <true/>
11 </dict>
12 </plist>
mapfolders.sh
1 #!/bin/bash
2 mkdir /Volumes/NETLOGON
3 /sbin/mount -t smbfs //servername/NETLOGON /Volumes/NETLOGON
4 /Volumes/NETLOGON/OSXLogon.sh
5 /sbin/umount /Volumes/NETLOGON
OSXLogon.sh
1 /bin/mkdir /Volumes/sharename
2 /sbin/mount -t smbfs //servername/sharename /Volumes/sharename
NOTE: The line numbers are just to make it clear when lines have been wrapped
Copy org.vuzzlevuzz.mapfolders.plist to /Library/LaunchAgents and make it executable:
sudo chmod +x /Library/LaunchAgents/org.vuzzlevuzz.mapfolders.plistCopy mapfolders.sh to /Library/Scripts
Configure OSXLogon.sh as appropriate for your environment and place in the server NETLOGON share
There are a couple of caveats with this - I'm working to resolve them but at the moment they are not important for the place I am using this. Will post a follow up if I get them sorted out, but for now be aware of the following:
- The drives do not unmount when the user logs off
- If another user logs in they will not have their drives mapped
- If one user restarts the machine and then someone else logs in, it will work correctly
Mac OS X Reference Library: Creating launchd Daemons and Agents
Problem saving Office 2011 files to Windows 2008 shares
One of my clients just had a problem with opening Excel files on a network share. When double clicking on a file they get the following error:
2 windows file servers, one running Windows 2003, the other 2008
Office files can be opened on the Windows 2003 shares but not on the Windows 2008 ones
All other files can be opened fine on the Windows 2008 server
So, I went to another Mac, running Office 2004 and it all works fine. I then looked at a third Mac running Office 2011 - this can open office files from both servers fine too.
I finally tracked the problem down to the way the shares had been mounted - as soon as I mounted the Windows 2008 share via AFP rather than SMB it all worked.
Note that the Windows 2003 shares work fine with Office 2011 mapped via SMB and the Windows 2008 shares work fine via SMB when using Office 2004,
So the problem was specifc to Office 2011 connecting to a Windows 2008 share via SMB
Connect to the share via AFP and you are good to go!
'<filename>' could not be found. Check the spelling of the file name, and verify that the file location is correct. If you are trying to open the file from your list of most recently used files on the File menu, make sure that the file has not been renamed, moved, or deleted.Problem machine Mac OSX running Office 2011
2 windows file servers, one running Windows 2003, the other 2008
Office files can be opened on the Windows 2003 shares but not on the Windows 2008 ones
All other files can be opened fine on the Windows 2008 server
So, I went to another Mac, running Office 2004 and it all works fine. I then looked at a third Mac running Office 2011 - this can open office files from both servers fine too.
I finally tracked the problem down to the way the shares had been mounted - as soon as I mounted the Windows 2008 share via AFP rather than SMB it all worked.
Note that the Windows 2003 shares work fine with Office 2011 mapped via SMB and the Windows 2008 shares work fine via SMB when using Office 2004,
So the problem was specifc to Office 2011 connecting to a Windows 2008 share via SMB
Connect to the share via AFP and you are good to go!
Subscribe to:
Posts (Atom)