Bug 1002635

Summary: Inheritable permission i.e. "Include inheritable permissions from this object's parent" does not work
Product: [Red Hat Storage] Red Hat Gluster Storage Reporter: Lalatendu Mohanty <lmohanty>
Component: sambaAssignee: Jose A. Rivera <jarrpa>
Status: CLOSED EOL QA Contact: Lalatendu Mohanty <lmohanty>
Severity: medium Docs Contact:
Priority: high    
Version: 2.1CC: dpal, jhoffer, rjoseph, sbhaloth
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: ntacl
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-12-03 17:22:26 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Lalatendu Mohanty 2013-08-29 15:54:20 UTC 
Description of problem:

Inheritable permission i.e. "Include inheritable permissions from this object's parent" does not work while setting inheritable acls for directories/folder on Gluster samba share.


Version-Release number of selected component (if applicable):

[root@bvt-rhs1 ~]# rpm -qa | grep samba
samba-common-3.6.9-160.1.el6rhs.x86_64
samba-winbind-krb5-locator-3.6.9-160.1.el6rhs.x86_64
samba-domainjoin-gui-3.6.9-160.1.el6rhs.x86_64
samba-winbind-clients-3.6.9-160.1.el6rhs.x86_64
samba-3.6.9-160.1.el6rhs.x86_64
samba-glusterfs-3.6.9-160.1.el6rhs.x86_64
samba-client-3.6.9-160.1.el6rhs.x86_64
samba-doc-3.6.9-160.1.el6rhs.x86_64
samba-debuginfo-3.6.9-160.1.el6rhs.x86_64
samba-winbind-3.6.9-160.1.el6rhs.x86_64
samba4-libs-4.0.0-55.el6.rc4.x86_64
samba-swat-3.6.9-160.1.el6rhs.x86_64
samba-winbind-devel-3.6.9-160.1.el6rhs.x86_64

[root@bvt-rhs1 ~]# rpm -qa | grep gluster
glusterfs-geo-replication-3.4.0.24rhs-1.el6rhs.x86_64
glusterfs-debuginfo-3.4.0.24rhs-1.el6rhs.x86_64
gluster-swift-container-1.8.0-6.11.el6rhs.noarch
samba-glusterfs-3.6.9-160.1.el6rhs.x86_64
glusterfs-3.4.0.24rhs-1.el6rhs.x86_64
glusterfs-fuse-3.4.0.24rhs-1.el6rhs.x86_64
glusterfs-server-3.4.0.24rhs-1.el6rhs.x86_64
glusterfs-api-3.4.0.24rhs-1.el6rhs.x86_64
gluster-swift-proxy-1.8.0-6.11.el6rhs.noarch
gluster-swift-account-1.8.0-6.11.el6rhs.noarch
gluster-swift-plugin-1.8.0-6.el6rhs.noarch
vdsm-gluster-4.10.2-23.0.1.el6rhs.noarch
glusterfs-libs-3.4.0.24rhs-1.el6rhs.x86_64
glusterfs-rdma-3.4.0.24rhs-1.el6rhs.x86_64
gluster-swift-1.8.0-6.11.el6rhs.noarch
gluster-swift-object-1.8.0-6.11.el6rhs.noarch

How reproducible:

Always

Steps to Reproduce:

1. Mount a gluster volume/samba share on win7 client

2. Create a hierarchy of folders and files. 

3. Right client on the parent folder -> select properties-> go to security tab -> go to Advanced (Security Settings) -> Change permissions (i.e. add permission for a group)
 Now you can see below two options with check boxes against them.

     a. Include inheritable permissions from this object's parent

     b. Replace all child object permissions with inheritable permissions from this object

4. select "Include inheritable permissions from this object's parent" and save it.

5. Check the permissions of parent folder, sub-folders, files if they have the recently added permission

Actual results:

The parent folder has the permission but the sub-folders and files don't have the new added acl.

Expected results:

All folders and files inside the parent folder should have the new acl set.

Additional info:

The other option "Replace all child object permissions with inheritable permissions from this object" In step-3 works as expected.

With XFS also I get the same result as glusterfs samba share.

Not sure if I need to add below settings to smb.conf
 inherit permissions = Yes
 inherit acls = Yes
 map acl inherit = Yes
Comment 2 Ira Cooper 2014-09-03 12:40:41 UTC 
We're working on upgrading samba, assigning to Jose as part of that project, may be reassigned.
Comment 3 Vivek Agarwal 2015-12-03 17:22:26 UTC 
Thank you for submitting this issue for consideration in Red Hat Gluster Storage. The release for which you requested us to review, is now End of Life. Please See https://access.redhat.com/support/policy/updates/rhs/

If you can reproduce this bug against a currently maintained version of Red Hat Gluster Storage, please feel free to file a new report against the current release.