Bug 1032543
| Summary: | NT ACL:User not able to write on a file when user has Explicit permission for write but the group has deny acls for write | ||
|---|---|---|---|
| Product: | [Red Hat Storage] Red Hat Gluster Storage | Reporter: | surabhi <sbhaloth> |
| Component: | samba | Assignee: | Ira Cooper <ira> |
| Status: | CLOSED EOL | QA Contact: | surabhi <sbhaloth> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 2.1 | CC: | grajaiya, lmohanty, rjoseph, sdharane |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | ntacl | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2015-12-03 17:23:17 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Thank you for submitting this issue for consideration in Red Hat Gluster Storage. The release for which you requested us to review, is now End of Life. Please See https://access.redhat.com/support/policy/updates/rhs/ If you can reproduce this bug against a currently maintained version of Red Hat Gluster Storage, please feel free to file a new report against the current release. |
Description of problem: A user which has explicit write permissions on a file is not able to write on that file where the group to which it belongs is denied permission to write.It is respecting the inherited permission from group than the explicit permission on the user. Detailed description: Tested on each of following: On glusterfs-Samba share with acl_xattr: The user is not able to write on that file even though it has permissions to write. On Xfs-samba share with acl_xattr : The user is able to write with the same acl set as above. On Windows share: the user is able to write with the same acl set as above. **************************************** To read more on Permission Precedence: 1.Permissions applied directly to an object (explicit permissions) take precedence over permissions inherited from a parent (for example from a group). 2.Although Deny permissions generally take precedence over allow permissions, this is not always the case. An explicit "allow" permission can take precedence over an inherited "deny" permission. The hierarchy of precedence for the permissions can be summarized as follows, with the higher precedence permissions listed at the top of the list: Explicit Deny Explicit Allow Inherited Deny Inherited Allow Version-Release number of selected component (if applicable): [root@dhcp159-237 ~]# rpm -qa | grep glusterfs samba-glusterfs-3.6.9-160.7.el6rhs.x86_64 glusterfs-3.4.0.43.1u2rhs-1.el6rhs.x86_64 How reproducible: Always Steps to Reproduce: 1.Create a folder, create a file inside the folder 2.Set read,list folder content ,read and execute and deny acl for write permissions on Group1 and read,read and execute on user1. 3.Go to the file and set explicitly allow write for the user1. 4.Login to another machine with user1 login and try to write on that file. Actual results: The user1 is not able to write on the file even when it has write permissions. Expected results: The user1 should be able to write. Additional info: