MacOS – How to reliably keep network share connected for a specific user using automount

automountmacosNetworksmb

I've got a Synology NAS and a Mac mini running Plex and XBMC, which streams content from the NAS. The MM frequently loses the connection to the NAS, for several reasons (e.g. after updating/rebooting the NAS, network problems, OS X problems).

After trying several solutions for this issue, I finally came across the built-in automount tool, which is supposed to reconnect network drives when the connection is lost. I set it up, and it seemed to work. But there's one annoying problem:

I'm not sure how to phrase this, but automounted shares seem to enter some kind of not-really-connected state from time to time. When the share is traversed, it immediately connects. That's fine, but the share is mounted only for the user who accessed it.

I've got two user accounts: TV, which runs Plex and XBMC and needs to access the share, and Admin, which I use for management tasks. Occasionally, I use the Admin account to connect to the NAS as well, but I'm using the Finder for that. There's no need for a permanent connection.

For some reason I don't understand, sometimes, the automounted share is mounted for the Admin account. Which means the TV account is unable to access the share (Permission denied). I can umount the share with Admin and ls it with TV to mount it for the latter, but after some time, Admin has the permissions again.

How can I fix this? How do I have to set up the permissions so that TV is the only account who can access the automounted share?

Here's what my automount files look like:

auto_master

Permissions: -rw-r--r-- 1 root wheel

+auto_master      # Use directory service
/net              -hosts     -nobrowse,hidefromfinder,nosuid
/home             auto_home  -nobrowse,hidefromfinder
/Network/Servers  -fstab
/-                -static
/-                auto_nas   -nosuid,noowners

auto_nas

Permissions: -rw------- 1 root staff

/NAS -fstype=smbfs,soft smb://TV:@192.168.1.56/Files

/NAS (the mount point)

Permissions: drwx------@ 1 TV wheel

The MM is running Yosemite (10.10.3).

Best Answer

Assuming you do NOT want to enable the "root" user login feature and loosen up file and directory permissions enough to potentially open up your system to a significant security attack vector (and I am assuming exactly that...), as of today, Feb 7, 2017, there is no way to accomplish what you describe :(

At least not for AFP / SMB / CIFS shares (those are the only three I have tested, you may have other luck with NFS volumes but I don't run those on my network so can't confirm).

There appears to be two potential root causes. One is that sometime around Yosemite, there was some modification to the difference between using direct vs. indirect automounting functionality that caused intermittent failures when an auto mounted share was accessed by more than one user.

As of Sierra, this functionality is completely broken since the owner of the special /Volumes directory was made to be the "root" user and that user will take over ownership automatically if another user is granted ownership of any folders or files in that directory at some point. Bugs have been filed, feel free to comment and share your outrage.

In the comment section over on this blog post discussing several examples of using automount (and a few of its limitations) user "Mark" provides a complete analysis of this issue with respect to sharing auto mounted folders across multiple users.

TL;DR - it was broken somewhere around 10.10 and despite being discussed across many forums Apple has not yet acknowledged the bug or committed to a fix.

I think there is something going on with 10.11 that breaks the procedure > for mounting AFP shares into user directories. I am trying to mount afp://user:pass@myserver.local/Music to /Users/me/Test

auto_master has the line: /- auto_afp -nosuid

auto_afp has the line: /Users/me/Test -fstype=afp afp://serveuser:servepass@server.local/Music

The server mounts beautifully, but clicking on the server icon in /Users/me gives the error “The folder “Test” can’t be opened because you don’t have permission to see its contents.”

After working the problem through, I see that this is a permissions problem. The mount point has the owner and group and permissions: drwx——@ 1 root wheel 364 31 Dec 10:01 Test (Actually, it’s interesting — if I empty out my auto_afp file and reboot, this returns to a regular directory with owner/group/permissions drwx——+ 18 me staff 612 31 Dec 10:01 Test)

So the problem here is that autofs is mounting the share with root privilege, and my user cannot actually use the share. From my reading on the web, this appears to be a relatively new problem — perhaps El Capitan related?

For comparison, when I do the following (as a user, not as a system user or using ‘sudo’): Create a new folder from the finder at /Users/me called ‘Test3′ then from the terminal enter: mount -o nosuid -t afp afp://serveuser:servepass@server.local/Music /Users/me/Test3

then the server mounts beautifully (albeit with the finder name “Music”, which I would prefer to change), and has the following user/group/permissions: drwx——@ 1 me staff 364 31 Dec 10:21 Test3 and I am able to see and manipulate the contents.

So in summary, the problem is: How can I get autofs to mount a network AFP share and map it into a user directory so that the user can access it and manipulate its contents? Historically, I think this is exactly how autofs is supposed to work, but it seems that the ownership of the mapped folder by ‘root wheel’ prevents it now from being of any real use.

One more matter, while I’m at it: I have fallen back to the simple goal outlined above, but my longer-term goal is to map an external music folder to EACH user. auto_afp should look like this:

/Users/me/Test -fstype=afp afp://serveuser:servepass@server.local/Music /Users/her/Test -fstype=afp afp://serveuser:servepass@server.local/Music /Users/him/Test -fstype=afp afp://serveuser:servepass@server.local/Music

I know that I can make this mount in each users’ login items, but that’s not actually good enough to achieve my long-term needs. Long term, I need this folder mounted at boot by autofs to make it available for cloud backup.

User "Ben" commented, confirming this analysis and echoing that at least as of the time he shared his comment, there was no fix:

Using an indirect map doesn’t help either. This functionality seems to be fundamentally broken in OSX going back to at least Yosemite… I’ve dug through 3 years worth of posts of people having this same issue and as far as I can tell, there’s simply no way to share a mount point across users… what an huge, infuriating, unbelievable fail.

Thanks apple!

NOTE : I do not recommend this for any network so will not provide detailed instructions on how to do so here, but one other user on that same comment board indicated that enabling the root user login and using that to access his system would allow this to work as expected:

One option is to enable root, and logon as root. Once you do that it all starts working. Crap option, I know, but my use case is a media server on an isolated network. Only option until I can see until apple gets it head out of its arse.

This is strongly discouraged by everyone, Apple, Security Experts, etc so I do think it is a viable path around this problem. We will have to wait until Apple releases a fix.

Best Answer

Related Solutions

MacOS – Why does Lion mount a network volume twice at login

MacOS – How to you avoid error -43 when copying symlinked folder in Finder with a SAMBA share

Related Question