Red Hat Bugzilla – Bug 1032543
NT ACL:User not able to write on a file when user has Explicit permission for write but the group has deny acls for write
Last modified: 2015-12-03 12:23:17 EST
Description of problem:
A user which has explicit write permissions on a file is not able to write on that file where the group to which it belongs is denied permission to write.It is respecting the inherited permission from group than the explicit permission on the user.
Tested on each of following:
On glusterfs-Samba share with acl_xattr: The user is not able to write on that file even though it has permissions to write.
On Xfs-samba share with acl_xattr : The user is able to write with the same acl set as above.
On Windows share:
the user is able to write with the same acl set as above.
To read more on Permission Precedence:
1.Permissions applied directly to an object (explicit permissions) take precedence over permissions inherited from a parent (for example from a group).
2.Although Deny permissions generally take precedence over allow permissions, this is not always the case. An explicit "allow" permission can take precedence over an inherited "deny" permission.
The hierarchy of precedence for the permissions can be summarized as follows, with the higher precedence permissions listed at the top of the list:
Version-Release number of selected component (if applicable):
[root@dhcp159-237 ~]# rpm -qa | grep glusterfs
Steps to Reproduce:
1.Create a folder, create a file inside the folder
2.Set read,list folder content ,read and execute and deny acl for write permissions on Group1 and read,read and execute on user1.
3.Go to the file and set explicitly allow write for the user1.
4.Login to another machine with user1 login and try to write on that file.
The user1 is not able to write on the file even when it has write permissions.
The user1 should be able to write.
Thank you for submitting this issue for consideration in Red Hat Gluster Storage. The release for which you requested us to review, is now End of Life. Please See https://access.redhat.com/support/policy/updates/rhs/
If you can reproduce this bug against a currently maintained version of Red Hat Gluster Storage, please feel free to file a new report against the current release.