What is the correct way to share directories with Ubuntu running in a Virtual Box VM with correct permissions?

In VirtualBox, what is the best way to share a directory between an OS X host and Ubuntu guest?

  • Host: Mac OS X 10.7.3
  • Guest: Ubuntu 12.04
  • Guest has a shared directory mounted via VirtualBox settings with Access=Full and Auto-Mount=Yes.

The problem with this setup is illustrated below. In my shared directory, I can't change the permissions at all (not a permissions denied error, but they just don't take effect).

Ubuntu 12.04 (guest):

% ls -l
total 0
-rwxrwx--- 1 root vboxsf 0 Apr 17 21:56 1
-rwxrwx--- 1 root vboxsf 0 Apr 17 21:56 10
-rwxrwx--- 1 root vboxsf 0 Apr 17 21:56 2
-rwxrwx--- 1 root vboxsf 0 Apr 17 21:56 3
-rwxrwx--- 1 root vboxsf 0 Apr 17 21:56 4
-rwxrwx--- 1 root vboxsf 0 Apr 17 21:56 5
-rwxrwx--- 1 root vboxsf 0 Apr 17 21:56 6
-rwxrwx--- 1 root vboxsf 0 Apr 17 21:56 7
-rwxrwx--- 1 root vboxsf 0 Apr 17 21:56 8
-rwxrwx--- 1 root vboxsf 0 Apr 17 21:56 9

Mac OS X 10.7.3 (host):

$ ls -l
total 0
-rw-r--r--  1 <my-mac-user>  staff  0 Apr 17 21:56 1
-rw-r--r--  1 <my-mac-user>  staff  0 Apr 17 21:56 10
-rw-r--r--  1 <my-mac-user>  staff  0 Apr 17 21:56 2
-rw-r--r--  1 <my-mac-user>  staff  0 Apr 17 21:56 3
-rw-r--r--  1 <my-mac-user>  staff  0 Apr 17 21:56 4
-rw-r--r--  1 <my-mac-user>  staff  0 Apr 17 21:56 5
-rw-r--r--  1 <my-mac-user>  staff  0 Apr 17 21:56 6
-rw-r--r--  1 <my-mac-user>  staff  0 Apr 17 21:56 7
-rw-r--r--  1 <my-mac-user>  staff  0 Apr 17 21:56 8
-rw-r--r--  1 <my-mac-user>  staff  0 Apr 17 21:56 9

If I chmod on the guest, nothing changes:

% chmod +x 1 | ls -l 1 # guest
-rwxrwx--- 1 root vboxsf 0 Apr 17 21:56 1

If I chmod on the host, it changes on the host but not on the guest:

$ chmod +x 1 | ls -l 1 # host
-rwxrwx--x  1 <my-mac-user>  staff  0 Apr 17 21:56 1

% ls -l 1 # guest
-rwxrwx--- 1 root vboxsf 0 Apr 17 21:56 1

Solution 1:

I've figured it out!

To reproduce:

  1. Shutdown the VM, add shared folders in VBox's settings (Permanent=Yes, Auto-Mount=No)
  2. Start the VM
  3. From a terminal, run umask && id as the normal user to get something like this:

    002 # this is your umask
    uid=1000(luser) gid=1000(luser) groups=1000(luser),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),109(lpadmin),124(sambashare),125(vboxsf)
    
  4. sudo mkdir -p /media/sf_src # src is the shared directory

To mount the src directory as a test:

sudo mount.vboxsf -o umask=002,gid=1000,uid=1000 src /media/sf_src 
                           |   |        |        |   |-> where to mount
                           |   |        |        |       the file
                           |   |        |        |-> name of the shared dir
                           |   |        |            (in VBox settings)
                           |   |        |
                           \   |        /
                        from the `id` command

To automatically mount it on login, edit /etc/fstab and add the following:

src /media/sf_src vboxsf umask=002,gid=1000,uid=1000

Solution 2:

The problem -- permission issues in vbox/ubuntu accessing a OSX shared drive

joe_public@joe_public-ubuntu-VirtualBox:/$ ls /media/sf_shared
ls: cannot open directory /media/sf_shared: Permission denied

The goal is a simple way to to share directories between Mac and Ubuntu environments. Unfortunately the examples that I have seen so far seem to be a bit more complex than they actual need to be, and don't really explain what the real problem that needs to be solved. I'll attempt to to handle both of those issues here.

The environment here is a Mac running OSX 10.9.5, with Virtual Box 4.3.16 executing Ubuntu-14.04.1 with Guest extensions installed. September 2014 stuff.

I think that the entire problem here is that the uid of the directories on the Mac, and in Ubuntu must match — The default gid’s assigned for user and groups are different between OSX and Ubuntu, and that’s where the trouble lies.

To access a file, one must either own it, or be a member of the group that owns it. And as access is actually based on the id number of the group, not the group name, all that is necessary is to create a common group number on both sides, that the users belong to.

That’s exactly what the solution below does. Don’t be mislead by the length of what’s written, it’s actually very simple. There are just lots and lots of examples of what’s going on.

I’m going to be flipping between OSX and VBOX consoles here (mac and virtual-box/ubuntu) within this doc — make sure you understand which window your in.

Final note: The solution shown below is based on establishing a common group id between the OSX and Ubuntu environments, so that the file permissions work. There may be other, more modern solutions. This one is really simple and understandable, and runs on bare bones basic unadorned installations.

OSX: —————

Note that is was done on a fresh out of the box 10.9.5 Mac, with nothing on it, not connected to a corporate network, nothing fancy running on it other than stock software. This is as simple as it gets.

When I did the default install on the Mac, joe_public is the admin user, and his uid was set to 501.

Joes-MacBook-Pro:/ joe_public$ id
uid=501(joe_public) gid=20(staff) groups=20(staff),999(vboxsf),401(com.apple.sharepoint.group.1),12(everyone),61(localaccounts),79(_appserverusr),80(admin),81(_appserveradm),98(_lpadmin),501(access_bpf),33(_appstore),100(_lpoperator),204(_developer),398(com.apple.access_screensharing),399(com.apple.access_ssh)

Notice that the uid is 501 — this is the default first account id on OSX — nothing special

I created a few directories that I want to share on the Mac side — Note that I did not put them under my user directory for backup reasons.

Joes-MacBook-Pro:/ joe_public$ mkdir /vdisk
Joes-MacBook-Pro:/ joe_public$ mkdir /vdisk/shared
Joes-MacBook-Pro:/ joe_public$ mkdir /vdisk/public 
Joes-MacBook-Pro:/ joe_public$ mkdir /vdisk/images

Joes-MacBook-Pro:vdisk joe_public$ ls -al
total 0
drwxr-xr-x   5 joe_public  admin   170 Oct  8 01:08 .
drwxrwxr-t  36 root        admin  1292 Oct  6 02:26 ..
drwxrwxrwx   2 joe_public  admin    68 Oct  6 01:08 images
drwxr-xr-x   3 joe_public  admin   102 Oct  8 01:07 public
drwxrwxrwx   4 joe_public  admin   136 Oct  8 00:45 shared

VBOX: ——————

Simple default virtual box and ubuntu installation - again, joe_public is the default admin created when I installed ubuntu.

Please note once again, that the name space between the OSX and Ubuntu is completely different. There is absolutely no relationship between the two names here.

joe_public@joe_public-ubuntu-VirtualBox:/media/sf_shared$ id
uid=1000(joe_public) gid=1000(joe_public)   groups=1000(joe_public),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),108(lpadmin),124(sambashare)

Created three mount points, using Virtual Box's Setting -> Shared Folders gui.

Name      Path              Auto-mount  Access
images    /vdisk/images     Yes         Full
public    /vdisk/pubic      Yes         Read-only
shared    /vdisk/shared     Yes         Full

NOTE: I actually had to reboot my session for all these mount points to come up.

joe_public@joe_public-ubuntu-VirtualBox:~$ mount | grep vboxsf
shared on /media/sf_shared type vboxsf (gid=999,rw)
public on /media/sf_public type vboxsf (gid=999,rw)
images on /media/sf_images type vboxsf (gid=999,rw)

Notice that the gid for these is 999 — this is the vboxsf group.

joe_public@joe_public-ubuntu-VirtualBox:~$ grep 999 /etc/group
vboxsf:x:999

This was assigned automagicly by Virtual Box version 4.3.16 for us. The vbox documentation shows ways how to change this if you mount the path manually through the command line, but who’s going to remember that — Simply take the defaults that the GUI forces on us..

But it doesn't work (expected at this point -- that's what we are trying to solve)

joe_public@joe_public-ubuntu-VirtualBox:/$ ls /media/sf_shared
ls: cannot open directory /media/sf_shared: Permission denied

Note that at this point joe_public is not a member of that vboxsf group — and that’s going to be a problem until we fix it. FYI: These are the default groups assigned to the account when it is created.

joe_public@joe_public-ubuntu-VirtualBox:/media$ grep joe_public /etc/group
adm:x:4:syslog,joe_public
cdrom:x:24:joe_public
sudo:x:27:joe_public
dip:x:30:joe_public
plugdev:x:46:joe_public
lpadmin:x:108:joe_public
joe_public:x:1000:
sambashare:x:124:joe_public

So what we have at this point (we haven’t done anything yet to fix it)

•   On mac,   joe_public gid is 501
•   On linux, joe_public gid is 1000
•   On linux, vboxfs gid is 999
•   On mac,   vboxsf does not exist

We don’t want to change the gid of the user joe_public on either side, as that’s a pain in the ass on already installed systems, and doesn’t solve this for other users. The simplest solution is to make a matching group id — vboxsf — on the mac side, and make sure that joe_public is a member of it on both sides.

So, still on vbox/ubuntu, make joe_public a member of the 999 vboxsf group

joe_public@joe_public-ubuntu-VirtualBox:/$ sudo usermod -a -G vboxsf joe_public
joe_public@joe_public-ubuntu-VirtualBox:/$ grep 999 /etc/group
vboxsf:x:999:joe_public

I think I logged out of my account and back in again here after I did this.

OSX: —————

Now we need to create a vboxsf group on the mac. I doubt that the name actually makes a difference here — it’s the 999 group id that’s important. Please remember that the directory system name spaces (as well as user names) are different between the host and the VM operating systems. But just to make life sane, we all call it vboxsf on the mac. Same reasoning why joe_public is used a user name on both sides.

OSX doesn’t have a simple add group command like linux does — so use the dscl command to do this in multiple steps. Please see the mac os documentation for more details on this. Notice that we create the vboxsf group, and add joe_public to that group here.

sudo dscl . -create /Groups/vboxsf
sudo dscl . -create /Groups/vboxsf name vboxsf
sudo dscl . -create /Groups/vboxsf passwd "*”
sudo dscl . -create /Groups/vboxsf gid 999
sudo dscl . -create /Groups/vboxsf GroupMembership joe_public

So, at this point, we should have

•   On mac, joe_public gid is 501
•   On linux, joe_public gid is 1000
•   On linux, vboxfs gid is 999
•   On mac, vboxsf gid is 999
•   On linux, joe_public is member of vboxsf 
•   On mac, joe_public is member of vboxsf

The proof here is if it works — so that’s the next step

VBOX: ——————

cd into our directory and touch a file

joe_public@joe_public-ubuntu-VirtualBox:/$ cd /media/sf_shared
joe_public@joe_public-ubuntu-VirtualBox:/media/sf_shared$ touch foo

Check that we created a file successfully.

joe_public@joe_public-ubuntu-VirtualBox:/media/sf_shared$ ls -al
total 4
drwxrwx--- 1 root vboxsf  102 Oct  8 00:44 .
drwxr-xr-x 5 root root   4096 Oct  8 00:30 ..
-rwxrwx--- 1 root vboxsf    0 Oct  8 00:44 foo

OSX: —————

Joes-MacBook-Pro:shared joe_public$ cd /vdisk/shared
Joes-MacBook-Pro:shared joe_public$ ls -al
total 0
drwxrwxrwx  3 joe_public  vboxsf  102 Oct  8 00:44 .
drwxr-xr-x  6 joe_public  admin   204 Oct  8 00:17 ..
-rw-r--r--  1 joe_public  vboxsf    0 Oct  8 00:44 foo

Joes-MacBook-Pro:shared joe_public$ touch bar
Joes-MacBook-Pro:shared joe_public$ ls -al
total 0
drwxrwxrwx  4 joe_public  vboxsf  136 Oct  8 00:45 .
drwxr-xr-x  6 joe_public  admin   204 Oct  8 00:17 ..
-rw-r--r--  1 joe_public  vboxsf    0 Oct  8 00:45 bar

VBOX: ——————

joe_public@joe_public-ubuntu-VirtualBox:/media/sf_shared$ ls -al
total 4
drwxrwx--- 1 root vboxsf  136 Oct  8 00:45 .
drwxr-xr-x 5 root root   4096 Oct  8 00:30 ..
-rwxrwx--- 1 root vboxsf    0 Oct  8 00:45 bar
-rwxrwx--- 1 root vboxsf    0 Oct  8 00:44 foo

It all appears to be working..

VBOX: —————— FINAL VERIFICATION

What we are checking out here is that this whole thing depend upon the user joe_public being a member of the vboxsf group — and the simplest way is simply removing joe_public from the group

Removing user joe_public from group vboxsf

joe_public@joe_public-ubuntu-VirtualBox:~$ sudo gpasswd -d joe_public vboxsf
log out/in ubuntu

Seeing if we can access it our directory -- and we can't, and this proves that is a group permission problem

joe_public@joe_public-ubuntu-VirtualBox:/$ ls /media/sf_shared
ls: cannot open directory /media/sf_shared: Permission denied

Add user back into vboxsf

joe_public@joe_public-ubuntu-VirtualBox:/$ sudo usermod -a -G vboxsf joe_public
log out/in ubuntu

It works again !

joe_public@joe_public-ubuntu-VirtualBox:~$ ls -al /media/sf_shared
total 4
drwxrwx--- 1 root vboxsf  170 Oct  8 01:48 .
drwxr-xr-x 6 root root   4096 Oct  8 01:25 ..
-rwxrwx--- 1 root vboxsf    0 Oct  8 00:45 bar
-rwxrwx--- 1 root vboxsf    0 Oct  8 00:44 foo

VBOX: -- ONE MORE PROBLEM -- symbolic links in vbox -------

If you go into /media/sf_shared, you will find that symbolic links in shared directories simply don't work. This is a really big problem if you are trying to set up a full linux development environment on a shared drive.

joe_public@joe_public-ubuntu-VirtualBox:/media$ cd sf_images
joe_public@joe_public-ubuntu-VirtualBox:/media/sf_images$ ls
joe_public@joe_public-ubuntu-VirtualBox:/media/sf_images$ mkdir test
joe_public@joe_public-ubuntu-VirtualBox:/media/sf_images$ ln -s test test2
ln: failed to create symbolic link ‘test2’: Read-only file system

By default, symbolic links aren't supported on virtual box shares. See below for explanations. Basically as I understand it, symbolic links are a security hole that were "fixed" in Virtual Box by disabling support for them in the 4.1.8 time frame (2011). I'm running 4.3.16 here...

https://www.virtualbox.org/ticket/10085

http://ahtik.com/blog/fixing-your-virtualbox-shared-folder-symlink-error/

Fortunately there is a back door to re-enable it, via the Host's VBoxManage command. Like always, please understand the security holes here that you may be opening. I'm on a stand-alone development machine, so this doesn't appear to be a problem.

OSX: ------------

Joes-MacBook-Pro:shared pbradstr$ VBoxManage setextradata Ubuntu VBoxInternal2/SharedFoldersEnableSymlinksCreate/shared 1   

Note: Ubuntu is my vm's name, and shared is the shared directory name.

You can get the vm name like this:

Joes-MacBook-Pro:shared pbradstr$ VBoxManage list vms
"Ubuntu" {8461045a-1cee-4d44-8148-05920a47cee0}
Joes-MacBook-Pro:shared pbradstr$

And the shared folders name, either via the Virtual Box gui, or

Joes-MacBook-Pro:shared pbradstr$ VBoxManage showvminfo Ubuntu | grep -A 5 "Shared folders"
Shared folders:  

Name: 'shared', Host path: '/vdisk/shared' (machine mapping), writable
Name: 'public', Host path: '/vdisk/public' (machine mapping), readonly
Name: 'images', Host path: '/vdisk/images' (machine mapping), writable

I rebooted the entire virtual box system here, I didn't figure out the minimum requirement for it to take.

Anyway, to test this, go back to you vbox window

VBOX: ---------

joe_public@joe_public-ubuntu-VirtualBox:/media/sf_images$ ln -s test test2

No error -- and to verify

joe_public@joe_public-ubuntu-VirtualBox:/media/sf_shared$ ls -ald test*
drwxrwx--- 1 root vboxsf 102 Oct  8 11:33 test
lrwxrwx--- 1 root vboxsf   4 Oct  8 13:10 test2 -> test

OSX: ----------

And back on the mac side -- just to prove it all works

Joes-MacBook-Pro:shared pbradstr$ ln -s test test3
Joes-MacBook-Pro:shared pbradstr$ ls -ald test*
drwxr-xr-x  4 joe_public  admin  136 Oct  8 13:20 test
lrwxr-xr-x  1 joe_public  admin    4 Oct  8 13:10 test2 -> test
lrwxr-xr-x  1 joe_public  admin    4 Oct  8 13:21 test3 -> test

Please note, I have only tested this on a OSX host, and Ubuntu virtual box client. The references that I listed above seemed to indicate that there might be an issue running a Windows based host.

EXERCISE LEFT FOR THE STUDENT ———————

The benefit of the method listed above is that it can run on a stand-along machine, with no network access. But if you think about this, this name-verses-id issue has got to be a common problem between any heterogeneous computing environments.

What other solutions are available where solutions to that problem are available? — Things like Active Directory (a Microsoft product) and the like might be able to solve this. It would be interesting to obtain a collection of those solutions and compare there various features and tradeoffs.