Bug 1031783 - NT ACL : User is able to change the ownership of folder
NT ACL : User is able to change the ownership of folder
Product: Red Hat Gluster Storage
Classification: Red Hat
Component: samba (Show other bugs)
Unspecified Unspecified
high Severity medium
: ---
: ---
Assigned To: Poornima G
Depends On:
Blocks: 1035040 1040355
  Show dependency treegraph
Reported: 2013-11-18 13:27 EST by surabhi
Modified: 2016-02-23 04:08 EST (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Known Issue
Doc Text:
If Red Hat Storage volumes are exported by samba, NT ACLs set on folders by Microsoft Windows clients does not behave as expected.
Story Points: ---
Clone Of:
: 1040355 (view as bug list)
Last Closed: 2015-12-03 12:12:31 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description surabhi 2013-11-18 13:27:35 EST
Description of problem:
A user from a group which is part of domain in active directory and is not an administrator is able to change the ownership of the folder to another user of the same domain or another domain.For files it does not allows which is as expected.
Tried on xfs share and windows share : In both the cases the user is not allowed to change ownership of folders and files to another user.
Only if the user is administrator should be able to change the ownership of the object.

Version-Release number of selected component (if applicable):
[root@dhcp159-237 ~]# rpm -qa | grep glusterfs

How reproducible:

Steps to Reproduce:
1. Set the vfs_objects= acl_xattr glusterfs in smb.conf
2. Mount a samba share on windows7 client
3. Login as a domain user1 and create a folder on the share
4. click on properties--> security tab -->advanced --> owner--> try to change the ownership of the folder to another user/group if there is user present in the list or add a user or group from domain.
5.repeat the same steps for files.

Actual results:
user1 is able to change the ownership of folder created on samba share.

Expected results:
It should not be allowed to change the ownership of folder if it is not the administrator.

Additional info:
When tried the same steps with administrator login, it is allowed to change ownership for both folders and files and the behaviour is same on xfs share as well as windows share.
But with user1 login only on samba share it is behaving differently.On xfs and windows share it is not allowing.
Comment 2 Lalatendu Mohanty 2013-11-19 01:21:41 EST
This bug is present in RHS2.1U1 also. Will try the same steps on RHS2.1 and confirm if it is also present there (which likely to be present as the implementation is same for rhs2.1 and rhs2.1U1)
Comment 3 Shalaka 2014-01-03 03:59:54 EST
Please add doctext for this known issue.
Comment 4 Poornima G 2014-01-03 06:14:04 EST
Since NT ACL is not supported feature, there is no doc text required for this bug.
Comment 5 Shalaka 2014-02-19 02:19:20 EST
Please review the edited doc text and sign off.
Comment 6 Poornima G 2014-02-19 04:30:47 EST
Doc text looks good.
Comment 7 Vivek Agarwal 2015-12-03 12:12:31 EST
Thank you for submitting this issue for consideration in Red Hat Gluster Storage. The release for which you requested us to review, is now End of Life. Please See https://access.redhat.com/support/policy/updates/rhs/

If you can reproduce this bug against a currently maintained version of Red Hat Gluster Storage, please feel free to file a new report against the current release.

Note You need to log in before you can comment on or make changes to this bug.