Ubuntu
gvfs package

Samba shares over gvfs do not respect ACL rules

Bug #1464645 reported by Dariusz Gadomski
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
gvfs
Expired
Medium
gvfs (Ubuntu)
Fix Released
Low
Dariusz Gadomski
Trusty
Fix Released
Low
Unassigned

Bug Description

[Impact]

 * It's impossible to use ACL-configured smb shares via gvfs (e.g. nautilus) as it logs in as an anonymous user by default.

[Test Case]

1. LDAP authentication for client & server.
2. SMB server with a share accessible to a certain ACL group or user.
3. A user (that should be allowed to access the share: is a member of a authorized group or is an authorized ACL user) accesses the share from a client using nautilus and smb:// URI.

[Regression Potential]

 * Change already present upstream (introduced in version 1.23.90)
 * I see no risks in backporting it.

[Other Info]

Original bug description:

Looks like the SMB backend does not support ACL rules while accessing remote shares.

The scenario looks like this:
1. LDAP authentication for client & server.
2. SMB server with a share accessible to a certain ACL group or user.
3. A user (that should be allowed to access the share: is a member of a authorized group or is an authorized ACL user) accesses the share from a client using nautilus and smb:// URI.

Expected result:
Access is granted to the resource.

Actual result:
Permission denied for accessing the resource in question.

Actual result:
No sign of ACL rules in the getfacl output.

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: gvfs 1.20.3-0ubuntu1.1
ProcVersionSignature: Ubuntu 3.16.0-39.53~14.04.1-generic 3.16.7-ckt11
Uname: Linux 3.16.0-39-generic x86_64
NonfreeKernelModules: nvidia zfs zunicode zcommon znvpair zavl
ApportVersion: 2.14.1-0ubuntu3.11
Architecture: amd64
CurrentDesktop: Unity
Date: Fri Jun 12 13:49:37 2015
InstallationDate: Installed on 2015-04-13 (59 days ago)
InstallationMedia: Ubuntu 14.04.2 LTS "Trusty Tahr" - Release amd64 (20150218.1)
SourcePackage: gvfs
UpgradeStatus: No upgrade log present (probably fresh install)

See original description
Revision history for this message
Dariusz Gadomski (dgadomski) wrote :
summary: - Samba over gvfs does not respect ACL rules
+ Samba shares over gvfs do not respect ACL rules
Revision history for this message
Sebastien Bacher (seb128) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better. The issue you are reporting is an upstream one and it would be nice if somebody having it could send the bug to the developers of the software by following the instructions at https://wiki.ubuntu.com/Bugs/Upstream/GNOME. If you have done so, please tell us the number of the upstream bug (or the link), so we can add a bugwatch that will inform us about its status. Thanks in advance.

Changed in gvfs (Ubuntu):
importance: Undecided → Low
Bug Watch Updater (bug-watch-updater)
Changed in gvfs:
importance: Unknown → Medium
status: Unknown → Confirmed
Dariusz Gadomski (dgadomski)
description: updated
description: updated
Bug Watch Updater (bug-watch-updater)
Changed in gvfs:
status: Confirmed → Unknown
Dariusz Gadomski (dgadomski)
affects: gvfs → samba
Changed in samba:
importance: Medium → Unknown
Revision history for this message
Dariusz Gadomski (dgadomski) wrote :

Adding a debdiff cherry-picking the required change from upstream to trusty (already included in vivid/wily)

Changed in gvfs (Ubuntu):
assignee: nobody → Dariusz Gadomski (dgadomski)
no longer affects: samba
Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

The attachment "trusty-gvfs_1.20.3-0ubuntu1.2.debdiff" seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.]

tags: added: patch
Revision history for this message
Sebastien Bacher (seb128) wrote :

Thanks, the fix is in the current version so closing for the current serie, I sponsored the trusty sru as well now. Can you provide the impact/regression potential info on the bug as well?

Changed in gvfs (Ubuntu):
status: New → Fix Released
Brian Murray (brian-murray)
Changed in gvfs (Ubuntu Trusty):
status: New → Triaged
importance: Undecided → Low
Dariusz Gadomski (dgadomski)
description: updated
Revision history for this message
Chris J Arges (arges) wrote : Please test proposed package

Hello Dariusz, or anyone else affected,

Accepted gvfs into trusty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/gvfs/1.20.3-0ubuntu1.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in gvfs (Ubuntu Trusty):
status: Triaged → Fix Committed
tags: added: verification-needed
Revision history for this message
Dariusz Gadomski (dgadomski) wrote :

After updating the client machine with the -proposed version of gvfs the problem is fixed. Thanks!

tags: added: verification-done
removed: verification-needed
tags: added: sts
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package gvfs - 1.20.3-0ubuntu1.2

---------------
gvfs (1.20.3-0ubuntu1.2) trusty; urgency=medium

  * smb: anonymous login as fallback, not default (LP: #1464645)

 -- Dariusz Gadomski <email address hidden> Wed, 05 Aug 2015 10:08:11 +0200

Changed in gvfs (Ubuntu Trusty):
status: Fix Committed → Fix Released
Revision history for this message
Chris Halse Rogers (raof) wrote : Update Released

The verification of the Stable Release Update for gvfs has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Bug Watch Updater (bug-watch-updater)
Changed in gvfs:
importance: Unknown → Medium
status: Unknown → Confirmed
Bug Watch Updater (bug-watch-updater)
Changed in gvfs:
status: Confirmed → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.