VMware Communities
skytekgraphics
Contributor
Contributor
‎08-26-2009 01:54 PM

Problems when accessing shared folder (using OS X ACLs) with apache under Ubuntu 9.04

Hi Folks,

short intro, bug details following below:

-

I started evaluating Fusion 2 for Mac today and am impressed. Importing my current Parallels images and installation of out of the box-appliances worked great without any problems.

I am freelancer for several customers and have a lot of local web environments installed which I would like to separate into clean virtual boxes for much more efficient maintenance. Final goal is to get rid of my current MacPort installations and various config files to have apache.conf and php.ini tweaked for each project.

So I started setting up a VM with Ubuntu 9.04 server and managed to install vmware-tools (thanks to chrysaor.info) and changed /etc/fstab allowing to access my shared folders properly (thanks to "robind").

Problem details:

-

According to customer SLAs I store all my project data in encrypted sparse bundles, which I can mount easily whenever I need them. In order to allow apache processes (using MacPorts currently) to read and write those mounted drives (e.g. /Volumes/ProjectXYZ ) I am using ACLs to allow any needed access (e.g. user: www, group: staff, read, write, etc... for /Volumes/ProjectXYZ/webapp/filestowrite ).

When sharing this folder /Volumes/ProjectXYZ/webapp with read/write access from MacOSX to Fusion VM, I can touch and alter files using my current ubuntu login or as root. So far so good.

Problem is that apache (running within this VM) is not able to write any kind of data within the shared folder (my mounted sparse bundle within MacOS) cause user "www-data" is not allowed to write within shared mount point /mnt/hgfs/projectxyz/webapp/filestowrite (using rwx-syntax). I do not want giving free access to anyone in this directory, only apache users. I tried mounting this shared directory with acl features, but this was not possible. Using setfacl is also not possible, cause not supported here.

I need to have my sparse bundle as master on my MacOSX to use my development IDE, subversion etc.

Possible solutions I can think of:

-

a) Having everything rsynced via scp upon a watch trigger (really don't like that idea in focus of constant development and build processes)

b) Creating a dummy user on MacOSX and trying to grant additional ACLs (even if I don't know it would even recognized by shared folder within the VM)

c) Give up ACLs (also not really my favorite choice)

d) Running apache and all attached processes within the VM as root (ugghr)

e) Other sharing methods (sambe, ssh, etc.) directly over VM Guest

Any ideas how I can solve this?

Environment:

Mac OS X Leopard 10.5.8, VMWare Fusion 2.0.5, VM Guest: Ubuntu 9.04 Server

Sum up:

Mac: Using mounted encrypted sparse bundle with web application

VMFusion: Sharing folder with web application

VMGuest: Apache can't write into folder

Would really appreciate, if someone could drop a line.

Bests,

Felix

0 Kudos
1 Reply
skytekgraphics
Contributor
Contributor
‎08-28-2009 04:00 AM

Thanks to Jeroen Keppens, following workaround was sufficient:

edit /etc/fstab and use webserver uid/gui to mount shared directory.

.host:/ /mnt/hgfs vmhgfs defaults,ttl=5,uid=33,gid=33 0 0

this might lead to some security issues, but solves my problem for now, since VMs apache can be configured to allow requests only from my local ip or nat device.

Any hints to get acls invoked would be appreciated nonetheless Smiley Happy

Bests,

Felix

0 Kudos