Red Hat Bugzilla – Bug 1031783
NT ACL : User is able to change the ownership of folder
Last modified: 2016-02-23 04:08:00 EST
Description of problem:
A user from a group which is part of domain in active directory and is not an administrator is able to change the ownership of the folder to another user of the same domain or another domain.For files it does not allows which is as expected.
Tried on xfs share and windows share : In both the cases the user is not allowed to change ownership of folders and files to another user.
Only if the user is administrator should be able to change the ownership of the object.
Version-Release number of selected component (if applicable):
[root@dhcp159-237 ~]# rpm -qa | grep glusterfs
Steps to Reproduce:
1. Set the vfs_objects= acl_xattr glusterfs in smb.conf
2. Mount a samba share on windows7 client
3. Login as a domain user1 and create a folder on the share
4. click on properties--> security tab -->advanced --> owner--> try to change the ownership of the folder to another user/group if there is user present in the list or add a user or group from domain.
5.repeat the same steps for files.
user1 is able to change the ownership of folder created on samba share.
It should not be allowed to change the ownership of folder if it is not the administrator.
When tried the same steps with administrator login, it is allowed to change ownership for both folders and files and the behaviour is same on xfs share as well as windows share.
But with user1 login only on samba share it is behaving differently.On xfs and windows share it is not allowing.
This bug is present in RHS2.1U1 also. Will try the same steps on RHS2.1 and confirm if it is also present there (which likely to be present as the implementation is same for rhs2.1 and rhs2.1U1)
Please add doctext for this known issue.
Since NT ACL is not supported feature, there is no doc text required for this bug.
Please review the edited doc text and sign off.
Doc text looks good.
Thank you for submitting this issue for consideration in Red Hat Gluster Storage. The release for which you requested us to review, is now End of Life. Please See https://access.redhat.com/support/policy/updates/rhs/
If you can reproduce this bug against a currently maintained version of Red Hat Gluster Storage, please feel free to file a new report against the current release.