[Bug 2031413] Re: Inherited NFSv4 ACLs are overwritten when moving a file
Ubuntu Foundations Team Bug Bot
2031413 at bugs.launchpad.net
Wed Aug 16 08:16:19 UTC 2023
The attachment "disable-setting-ACL-attributes.patch" seems to be a
patch. If it isn't, please remove the "patch" flag from the attachment,
remove the "patch" tag, and if you are a member of the ~ubuntu-
reviewers, unsubscribe the team.
[This is an automated message performed by a Launchpad user owned by
~brian-murray, for any issues please contact him.]
** Tags added: patch
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to glib2.0 in Ubuntu.
https://bugs.launchpad.net/bugs/2031413
Title:
Inherited NFSv4 ACLs are overwritten when moving a file
Status in glib2.0 package in Ubuntu:
New
Bug description:
Ubuntu version: 22.04
libglib2.0 version: libglib2.0-0_2.72.4-0ubuntu2.2
We are mounting an NFS share from an NFS server (FreeBSD 13). Authorization to
directories in that share is enforced through NFSv4 ACLs on the server. When
copying or moving a file to the share, it will inherit ACLs from the destination
directory.
In most of the cases this works fine. However, when we move a file that has ACLs
to a directory in the share using Nautilus or "gio move", the ACL inheritance
goes wrong. The destination file will end up with the original ACLs (the ACLs it
had in the source location) instead of the ACLs that are inherited by the
destination directory.
This behaviour changed when we upgraded from Ubuntu 20.04 to Ubuntu 22.04. In
Ubuntu 20.04 the ACL inheritance worked as expected.
I assume what happens is the following:
1. A server-side move is performed
2. The destination file is assigned ACLs (they are inherited from the destination directory)
3. glib overwrites the ACLs of the destination file with the original ACLs
To workaround the issue we patched glib and removed a call to
g_file_set_attributes_from_info, see the attached patch. This brings the
expected behaviour but may have unintended side effects.
Steps to reproduce:
1. on the server (FreeBSD): prepare two directories A and B and assign the following NFSv4 ACLs:
# file: A
# owner: root
# group: wheel
user:alice:rwx--daARWc--s:fd-----:allow
owner@:rwxp-daARWc--s:fd-----:allow
group@:------a-R-c--s:fd-----:allow
everyone@:------a-R-c--s:fd-----:allow
# file: B
# owner: root
# group: wheel
user:alice:rwx--daARWc--s:fd-----:allow
user:bob:rwx--daARWc--s:fd-----:allow
owner@:rwxp-daARWc--s:fd-----:allow
group@:------a-R-c--s:fd-----:allow
everyone@:------a-R-c--s:fd-----:allow
Note the inheritance flags (fd), which indicate that files in the
directories will inherit the ACLs.
2. on the client (Ubuntu): mount the NFS share to /mnt using credentials of user "alice"
3. on the client: echo "hello world" > /mnt/A/test.txt
4. on the server: list the ACLs of A/test.txt:
# file: A/test.txt
# owner: alice
# group: wheel
user:alice:rw---daARWc--s:------I:allow
owner@:rw-p-daARWc--s:------I:allow
group@:------a-R-c--s:------I:allow
everyone@:------a-R-c--s:------I:allow
5. on the client: gio move /mnt/A/test.txt /mnt/B/test.txt
6. on the server: list the ACLs of B/test.txt
# file: B/test.txt
# owner: alice
# group: wheel
user:alice:rw---daARWc--s:------I:allow
owner@:rw-p-daARWc--s:------I:allow
group@:------a-R-c--s:------I:allow
everyone@:------a-R-c--s:------I:allow
We expected an ACE for user bob, but it is missing.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glib2.0/+bug/2031413/+subscriptions
More information about the foundations-bugs
mailing list