Stuff Yaron Finds Interesting

Technology, Politics, Food, Finance, etc.

Sharing sparse disk image bundles across OS X machines

Normally using my Mac is a simple joy. But recently I created a sparse disk image bundle on my main OS X box and wanted to share it with other OS X boxes. This is quite possible but requires some very arcane commands to make work. I explore those commands below.

My goal was to create a sparse disk image bundle file that I could share out from my machine and access from other machines. But every time I tried to load the bundle on a different machine I would get read only access. When I checked the status of the images in the Disk Utility their Disk Write Status would always show up as Read Only and if I used Get Info from the explorer to check the files inside they would show up as 'custom access'. This applied even if I had a brand new bundle with "Ignore ownership on this volume" set. I even set the permissions specifically to allow everybody to read/write the files and it didn't matter.

I then found this discussion, specifically the post from user KJK555 on 9/11/2010 at 11:55 PM. In it he outlines a set of commands to give in order to fix the problem. His commands are (reworked a little bit):

  1. Unmount the sparse bundle (which we'll call bundle.sparsebundle in the directory /Path/To)

  2. sudo chown -R root:admin /Path/To/bundle.sparsebundle

  3. sudo chmod -R =rw,+X,g=u,o=u /Path/To/bundle.sparsebundle

These commands are applied to the sparse bundle, not what's in the sparse bundle. This is an important difference. The spare bundle itself is actually a directory that contains a bunch of files called bands. These bands are where the contents of the data inside the sparse bundle are kept. If the mounting machine doesn't have the right permissions for these files then presumably write access isn't possible.

Command 2 recursively changes the ownership of the sparse bundle and all of its contents to the user root and the group admin. Command 3 recursively changes the permissions on the spare bundle and all of its contents. The command, I believe, says something like "reset the user's permission bits to read/write and then add in execute/search rights, then set the group and others permissions to be the same as the user's". The previous description presumes the user is familiar with UNIX permissions and user/group/other.

The instructions then say:

  1. Mount the sparse bundle (we'll assume it's mounted to /Volumes/Bundle)

  2. sudo chown root:admin /Volumes/Bundle

  3. sudo chmod 1777 /Volumes/Bundle

These commands apply to what's inside of the bundle. Command 2 just gives ownership of the root of the contents of the bundle to the user root in the group admin. It doesn't do so recursively however.. Command 3 also only applies to the root directory. The command 1777 is an octal encoding of UNIX permission bits. The '1' says that the directory should be 'sticky' which essentially means it can only be deleted either by the owner of the directory or by someone who has write access to it. 777 means give read/write/execute permissions to owner/group/other.

One can reasonably argue this is all fairly bad. The reason is that essentially we making the spare bundle read/writeable to everybody. In practice it isn't quite that simple. In my case, for example, only machines that have been given explicit permission to access my shared files directory can even get to the bundle. Second, the bundle itself is encrypted and permission or no the only way to access the files is with the password. In theory I should probably follow KJK555's advice from 9/19/2010 at 2:34 PM where he shows how to set the permissions to the sparse files to a named user instead of to everyone. But simplicity is a virtue and the permissions above are pretty robust and given the other protections in place I suspect I can live with the previous steps.

Leave a Reply

Your email address will not be published. Required fields are marked *