1031783 – NT ACL : User is able to change the ownership of folder

Bug 1031783 - NT ACL : User is able to change the ownership of folder

Summary: NT ACL : User is able to change the ownership of folder

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Red Hat Gluster Storage
Classification:	Red Hat Storage
Component:	samba
Sub Component:
Version:	2.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	medium
Target Milestone:	---
Target Release:	---
Assignee:	Poornima G
QA Contact:	surabhi
Docs Contact:
URL:
Whiteboard:	ntacl
Depends On:
Blocks:	1035040 1040355
TreeView+	depends on / blocked

Reported:	2013-11-18 18:27 UTC by surabhi
Modified:	2016-02-23 09:08 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Doc Type:	Known Issue
Doc Text:	If Red Hat Storage volumes are exported by samba, NT ACLs set on folders by Microsoft Windows clients does not behave as expected.
Clone Of:
Clones:	1040355 (view as bug list)
Environment:
Last Closed:	2015-12-03 17:12:31 UTC
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description surabhi 2013-11-18 18:27:35 UTC

Description of problem:
A user from a group which is part of domain in active directory and is not an administrator is able to change the ownership of the folder to another user of the same domain or another domain.For files it does not allows which is as expected.
Tried on xfs share and windows share : In both the cases the user is not allowed to change ownership of folders and files to another user.
Only if the user is administrator should be able to change the ownership of the object.

Version-Release number of selected component (if applicable):
[root@dhcp159-237 ~]# rpm -qa | grep glusterfs
samba-glusterfs-3.6.9-160.7.el6rhs.x86_64
glusterfs-3.4.0.43.1u2rhs-1.el6rhs.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Set the vfs_objects= acl_xattr glusterfs in smb.conf
2. Mount a samba share on windows7 client
3. Login as a domain user1 and create a folder on the share
4. click on properties--> security tab -->advanced --> owner--> try to change the ownership of the folder to another user/group if there is user present in the list or add a user or group from domain.
5.repeat the same steps for files.

Actual results:
user1 is able to change the ownership of folder created on samba share.

Expected results:
It should not be allowed to change the ownership of folder if it is not the administrator.

Additional info:
When tried the same steps with administrator login, it is allowed to change ownership for both folders and files and the behaviour is same on xfs share as well as windows share.
But with user1 login only on samba share it is behaving differently.On xfs and windows share it is not allowing.

Comment 2 Lalatendu Mohanty 2013-11-19 06:21:41 UTC

This bug is present in RHS2.1U1 also. Will try the same steps on RHS2.1 and confirm if it is also present there (which likely to be present as the implementation is same for rhs2.1 and rhs2.1U1)

Comment 3 Shalaka 2014-01-03 08:59:54 UTC

Please add doctext for this known issue.

Comment 4 Poornima G 2014-01-03 11:14:04 UTC

Since NT ACL is not supported feature, there is no doc text required for this bug.

Comment 5 Shalaka 2014-02-19 07:19:20 UTC

Please review the edited doc text and sign off.

Comment 6 Poornima G 2014-02-19 09:30:47 UTC

Doc text looks good.

Comment 7 Vivek Agarwal 2015-12-03 17:12:31 UTC

Thank you for submitting this issue for consideration in Red Hat Gluster Storage. The release for which you requested us to review, is now End of Life. Please See https://access.redhat.com/support/policy/updates/rhs/

If you can reproduce this bug against a currently maintained version of Red Hat Gluster Storage, please feel free to file a new report against the current release.

Note You need to log in before you can comment on or make changes to this bug.