desktop-packages team mailing list archive

Thread
Date

[Bug 1464645] Re: Samba shares over gvfs do not respect ACL rules

To: desktop-packages@xxxxxxxxxxxxxxxxxxx
From: Chris J Arges <1464645@xxxxxxxxxxxxxxxxxx>
Date: Wed, 26 Aug 2015 14:35:09 -0000
Reply-to: Bug 1464645 <1464645@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Hello Dariusz, or anyone else affected,

Accepted gvfs into trusty-proposed. The package will build now and be
available at https://launchpad.net/ubuntu/+source/gvfs/1.20.3-0ubuntu1.2
in a few hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to
enable and use -proposed.  Your feedback will aid us getting this update
out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, and change the tag
from verification-needed to verification-done. If it does not fix the
bug for you, please add a comment stating that, and change the tag to
verification-failed.  In either case, details of your testing will help
us make a better decision.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance!

** Changed in: gvfs (Ubuntu Trusty)
       Status: Triaged => Fix Committed

** Tags added: verification-needed

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gvfs in Ubuntu.
https://bugs.launchpad.net/bugs/1464645

Title:
  Samba shares over gvfs do not respect ACL rules

Status in gvfs:
  Unknown
Status in gvfs package in Ubuntu:
  Fix Released
Status in gvfs source package in Trusty:
  Fix Committed

Bug description:
  [Impact]

   * It's impossible to use ACL-configured smb shares via gvfs (e.g.
  nautilus) as it logs in as an anonymous user by default.

  [Test Case]

  1. LDAP authentication for client & server.
  2. SMB server with a share accessible to a certain ACL group or user.
  3. A user (that should be allowed to access the share: is a member of a authorized group or is an authorized ACL user) accesses the share from a client using nautilus and smb:// URI.

  [Regression Potential]

   * Change already present upstream (introduced in version 1.23.90)
   * I see no risks in backporting it.

  [Other Info]
   
  Original bug description:

  Looks like the SMB backend does not support ACL rules while accessing
  remote shares.

  The scenario looks like this:
  1. LDAP authentication for client & server.
  2. SMB server with a share accessible to a certain ACL group or user.
  3. A user (that should be allowed to access the share: is a member of a authorized group or is an authorized ACL user) accesses the share from a client using nautilus and smb:// URI.

  Expected result:
  Access is granted to the resource.

  Actual result:
  Permission denied for accessing the resource in question.

  Actual result:
  No sign of ACL rules in the getfacl output.

  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: gvfs 1.20.3-0ubuntu1.1
  ProcVersionSignature: Ubuntu 3.16.0-39.53~14.04.1-generic 3.16.7-ckt11
  Uname: Linux 3.16.0-39-generic x86_64
  NonfreeKernelModules: nvidia zfs zunicode zcommon znvpair zavl
  ApportVersion: 2.14.1-0ubuntu3.11
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Fri Jun 12 13:49:37 2015
  InstallationDate: Installed on 2015-04-13 (59 days ago)
  InstallationMedia: Ubuntu 14.04.2 LTS "Trusty Tahr" - Release amd64 (20150218.1)
  SourcePackage: gvfs
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/gvfs/+bug/1464645/+subscriptions

References

[Bug 1464645] [NEW] Samba shares over gvfs do not respect ACL rules
From: Dariusz Gadomski, 2015-06-12