Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

10.5: Permissions and SMB shares in Leopard Network
In OS X 10.5, Apple added the ability to share individual folders to the Sharing preference panel. However, one needs to be aware of permission problems when attempting to share a particular folder. To illustrate this problem, I will use an example:
  1. Create folder ABC in ~/Documents
  2. Press Command-I and check the Shared Folder checkbox
  3. Click on the Enable button to enable file sharing
  4. Go to the Sharing panel in System Preferences and click on the File Sharing item
  5. Click on the Options button and enable SMB sharing by checking the Share Files and Folders using SMB checkbox (there is no need to enable SMB sharing of accounts, as we will see later)
By this step, you would expect to see folder ABC under your computer's name in Network Neighbourhood in Windows, but it's not there. In fact, you can't even access the share by mapping \computernameABC! However, if you move folder ABC to ~/Public and share it again by unchecking and then checking the Shared Folder checkbox, then ABC will become visible.

This behaviour can be explained by the fact that ~/Documents has the permission rwx------, which means other users can't even browse the contents of that folder. On the other hand, ~/Public has the permission rwxr-xr-x, which allows browsing of the folder content by any user. So in order to successfully share a folder, not only do you have to make sure it's accessible to other users, you also have to make sure its parent folder can be browsed by other users.

Another interesting thing to note is that SMB sharing for a user account is independent of individual folder sharing. Enabling it will share the home folder of the enabled account as it did in Tiger, but it's not necessary for sharing individual folders (so you no longer have to store your password in a less secure way when you enable SMB sharing).
    •    
  • Currently 1.88 / 5
  You rated: 3 / 5 (8 votes cast)
 
[41,070 views]  

10.5: Permissions and SMB shares in Leopard | 8 comments | Create New Account
Click here to return to the '10.5: Permissions and SMB shares in Leopard' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.5: Permissions and SMB shares in Leopard
Authored by: ashevin on Mar 05, '08 08:54:42AM

Rob,

Can you edit the hint to fix the UNC reference? The example should read \\computername\ABC, but the backslashes were treated as escape characters and got lost.



[ Reply to This | # ]
10.5: Permissions and SMB shares in Leopard
Authored by: b00le on Mar 05, '08 09:30:38AM
I have a different problem - I cannot write to smb shares (NTSF) on the company network. I used Dave under Tiger but the version I have does not work under Leopard, it's expensive - $70 for an upgrade! - and frankly I object to spending money to achieve what Apple should have fixed themselves several versions ago. Rather gives the lie to claims of effortless networking...

[ Reply to This | # ]
10.5: Permissions and SMB shares in Leopard
Authored by: neuralstatic on Mar 05, '08 05:11:45PM

works fine for me. i had to install leopard 3 times total to get all my networking issues straight. i'm loathe to say it, but a clean install should work fine.



[ Reply to This | # ]
10.5: Permissions and SMB shares in Leopard
Authored by: barryjaylevine on Mar 05, '08 09:56:21PM

Does this issue still exist if we're not talking about SMB shares?

---
-----
Two things in this world aren't overrated: Macintosh and Lemon Meringue Pie.



[ Reply to This | # ]
10.5: Permissions and SMB shares in Leopard
Authored by: eexit on Mar 07, '08 07:30:46PM

Hello,

Personally, I never succeed to share a folder to my Windows. I can access to my Windows directories but not the contrary.. It's me or no one succeed to proccess?

Thanks.



[ Reply to This | # ]
10.5: Permissions and SMB shares in Leopard
Authored by: dezzie on Mar 08, '08 03:37:05AM

I think the tipster is wrong about not having to enable accounts for SMB. NTLM and Mac OS X use different password hashing algorithms. So when you provide your password to SMB, it cannot verify your NTLM hash directly against the Mac's user directory.

When you enable an account for SMB, the Mac stores the NTLM hash for the user's password - this is what OS X says is less secure, which I think is a reference to NTLM hashes having fewer bits c/f Mac OS X password hashes.

Try this command: sudo cat /var/db/shadow/hash/`dscl . read users/<Your username> GeneratedUID|cut -d' ' -f2`
This displays the password hashes for your account. If your account has not been enabled for SMB, you should see a bunch of zeroes, some non-zeroes, then a load more zeroes. Those non-zeroes are your Mac OS X password hash. Now enable your account for SMB, and re-run the command. You will now see another [shorter] hash - this is your NTLM password hash. Disabling your account for SMB again will remove the NTLM hash.

If the tipster was able to access an SMB share without enabling their account for SMB, then it is not their user ID that is logging in! Perhaps they are connecting as Guest? Or [if they are using Mac OS X as the client] maybe they are logging in using AFP, or transparently via Kerberos.



[ Reply to This | # ]
10.5: Permissions and SMB shares in Leopard
Authored by: Blood-Of-A-Pirat on Apr 21, '08 05:18:15AM

I am having HUGE issues with SMB. All I want to do is share my files from my macbook to my boyfriend's PC. Is there anyone willing to give me a step by step guide on how to enable this to happen? I've been going in circles for weeks trying to figure this out. All of this FTP, SMB etc stuff is new and scary to me I haven't got a clue where to start. Somebody please help!



[ Reply to This | # ]
10.5: Permissions and SMB shares in Leopard
Authored by: msephton on May 13, '08 05:10:04AM
OK, I found the very simple solution!

If the IP address of the Mac you are trying to connect to is: 192.168.1.190
And the username of the user whose files are being shared is: foo

You should enter your smb login username as: 192.168.1.190foo
On some systems you may need a backslash before it: \192.168.1.190foo

I found this information here:
http://technojunkie.org/berniec/ridingitout/2007/11/vista-and-leopards-windows-filesharing.html

Good luck everybody!
matt

[ Reply to This | # ]