Bug 1032543 - NT ACL:User not able to write on a file when user has Explicit permission for write but the group has deny acls for write
NT ACL:User not able to write on a file when user has Explicit permission for...
Product: Red Hat Gluster Storage
Classification: Red Hat
Component: samba (Show other bugs)
Unspecified Unspecified
medium Severity medium
: ---
: ---
Assigned To: Ira Cooper
Depends On:
  Show dependency treegraph
Reported: 2013-11-20 06:32 EST by surabhi
Modified: 2015-12-03 12:23 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2015-12-03 12:23:17 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description surabhi 2013-11-20 06:32:38 EST
Description of problem:

A user which has explicit write permissions on a file is not able to write on that file where the group to which it belongs is denied permission to write.It is respecting the inherited permission from group than the explicit permission on the user.

Detailed description:
Tested on each of following:

On glusterfs-Samba share with acl_xattr: The user is not able to write on that file even though it has permissions to write.

On Xfs-samba share with acl_xattr : The user is able to write with the same acl set as above.

On Windows share:
the user is able to write with the same acl set as above.

To read more on Permission Precedence:

1.Permissions applied directly to an object (explicit permissions) take precedence over permissions inherited from a parent (for example from a group).

2.Although Deny permissions generally take precedence over allow permissions, this is not always the case. An explicit "allow" permission can take precedence over an inherited "deny" permission.

The hierarchy of precedence for the permissions can be summarized as follows, with the higher precedence permissions listed at the top of the list:

    Explicit Deny
    Explicit Allow
    Inherited Deny
    Inherited Allow

Version-Release number of selected component (if applicable):
[root@dhcp159-237 ~]# rpm -qa | grep glusterfs

How reproducible:

Steps to Reproduce:
1.Create a folder, create a file inside the folder
2.Set read,list folder content ,read and execute and deny acl for write permissions on Group1 and read,read and execute on user1.
3.Go to the file and set explicitly allow write for the user1.
4.Login to another machine with user1 login and try to write on that file.

Actual results:
The user1 is not able to write on the file even when it has write permissions.

Expected results:
The user1 should be able to write.

Additional info:
Comment 2 Vivek Agarwal 2015-12-03 12:23:17 EST
Thank you for submitting this issue for consideration in Red Hat Gluster Storage. The release for which you requested us to review, is now End of Life. Please See https://access.redhat.com/support/policy/updates/rhs/

If you can reproduce this bug against a currently maintained version of Red Hat Gluster Storage, please feel free to file a new report against the current release.

Note You need to log in before you can comment on or make changes to this bug.