Changes to /Volumes permissions prevent use of mount command

Originator:matt
Number:rdar://27812516 Date Originated:12-Aug-2016
Status: Resolved:
Product:macOS Product Version:10.12
Classification: Reproducible:Yes
 
Summary:
To use the mount command, the mount point must first exist.
For a mounted network drive to appear correctly in Finder and on the Desktop, the mount point must be within /Volumes.
However with the changes of permissions from 1777 (drwxrwxrwx) to 1755 (drwxr-xr-x), to create a new mount point within /Volumes requires sudo permissions.
This makes the process impossible (AFAIK) to achieve via automation scripts, or via applications making requests to mount network drives, as the application I develop does.

Steps to Reproduce:
1. Open Terminal
2. Execute `mkdir /Volumes/TestFolder`

Expected Results:
The folder /Volume/TestFolder to be created.

Actual Results:
Permission Deined error

Version:
mac OS 10.12 Developer Beta 1 through 4.
I'd try beta 5, but well, that update process is completed borked right now.

Notes:
If this permissions change is to remain permanent, can you please provide instructions for mounting a network drive via Terminal, without the need of sudo, or modifier sudoers.

Comments

horrible

This is a horrible, stupid change. Just how does it enhance security?

By arlojmiller at Nov. 24, 2016, 2:57 p.m. (reply...)

Apple have closed the case with the following response:

This issue behaves as intended based on the following:

It was requested by security, you can no longer create items in /Volumes unless root.

We are now closing this bug report.

If you have questions about the resolution, or if this is still a critical issue for you, then please update your bug report with that information.

Please be sure to regularly check new Apple releases for any updates that might affect this issue.


Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!