7 Jul 2011

Looking forward to Lion

So here we are with 10.6.8, at the beginning of July with Lion and the scary new, simplified server round the corner and while I hope I've re-made the net restore images for the last time it means there are some bugs in Snow Leopard Server that will always be in Snow Leopard Server. I'm going to dedicate this post to two particularly annoying ones.

The dreaded inherited ACL duplication issue

This issue is well documented here but its still annoying.
The gist is that if your users shuffle around and duplicate a lot of nested folders, like bundles (which means pages and numbers documents, applications and others), then eventually any ACLs, including inherited ones, will be duplicated over and over again geometrically (only linearly over AFP, thank god) and quickly hit the Finder's internal limit for the number of ACLs it can handle resulting in an "Error -41" when trying to do something to the item in the finder.

The fix?
chmod -R -N ./*
Which will remove all the ACLs on items in scope. Then re-propogate.

The Hot-Desking Carbon API Kerfuffle

So you have Open Directory set up and AFP remote home folders and your users are hot desking on managed machines. Only some of the time, and sometimes completely randomly the icons on the desktop don't show up, or the Finder will prompt that the /Network/Servers/yourserver.com/Users Alias has broken and needs fixing. There are loads of other odd symptoms that come and go even between logins.

Interestingly that directory path isnt an alias at all, but a mount point being managed by OS X's automounter. The thing is that the finder is still using a Carbon API to access at least this part of the file system and unlike OS X's BSD underpinnings, which see the file system as one whole tree with other volumes attached at certain folders, the Carbon API sees each device as a separate tree. The finder literally has no ability to process that traversing a folder might also traverse a volume.

The dirty hack is that these volume traversals within the file system are presented to Carbon applications as aliases. Something seems to be being cached between users which means that while the mount point changes with the user, whatever service the Finder is using to keep track of these mountpoint to alias conversions is getting stuck and reporting the prior alias, which becomes invalid with the new user's credentials.

Long story short means that for the most part everything is fine (and in fact the finder can still read the user's home folder and make changes) but the seemingly crufty Desktop Services part of the Finder trips up and bothers my users and my support ticked system is full of "No desktop icons" reports.

My Fix?

set Apple Remote Desktop to combo update all the machines each night until I can identify which cache I need to delete with a logout hook.


Paco The Love Taco said...

Any updates on the kerfuffle? My client computers are having the same problem. Reinstalling the combo update does work, but my users are logging in and out of different machines throughout the day.

The Admin said...

Not yet, I've had another project ive been working on but when i get to the bottom of it i'll post an update.

The Admin said...

I found that the kerfuffle issues were being caused by folder redirection in the network home path. I stopped using MCXFolderRedirector and the issue cleared right up.