** Changed in: glib
Status: Unknown => New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to glib2.0 in Ubuntu.
https://bugs.launchpad.net/bugs/2031413
Title:
Inherited NFSv4 ACLs are overwritten when moving a file
Status in GLib:
New
Status in glib2.0 package in Ubuntu:
Triaged
Bug description:
Ubuntu version: 22.04
libglib2.0 version: libglib2.0-0_2.72.4-0ubuntu2.2
We are mounting an NFS share from an NFS server (FreeBSD 13). Authorization to
directories in that share is enforced through NFSv4 ACLs on the server. When
copying or moving a file to the share, it will inherit ACLs from the
destination
directory.
In most of the cases this works fine. However, when we move a file that has
ACLs
to a directory in the share using Nautilus or "gio move", the ACL inheritance
goes wrong. The destination file will end up with the original ACLs (the ACLs
it
had in the source location) instead of the ACLs that are inherited by the
destination directory.
This behaviour changed when we upgraded from Ubuntu 20.04 to Ubuntu 22.04. In
Ubuntu 20.04 the ACL inheritance worked as expected.
I assume what happens is the following:
1. A server-side move is performed
2. The destination file is assigned ACLs (they are inherited from the
destination directory)
3. glib overwrites the ACLs of the destination file with the original ACLs
To workaround the issue we patched glib and removed a call to
g_file_set_attributes_from_info, see the attached patch. This brings the
expected behaviour but may have unintended side effects.
Steps to reproduce:
1. on the server (FreeBSD): prepare two directories A and B and assign the
following NFSv4 ACLs:
# file: A
# owner: root
# group: wheel
user:alice:rwx--daARWc--s:fd-----:allow
owner@:rwxp-daARWc--s:fd-----:allow
group@:------a-R-c--s:fd-----:allow
everyone@:------a-R-c--s:fd-----:allow
# file: B
# owner: root
# group: wheel
user:alice:rwx--daARWc--s:fd-----:allow
user:bob:rwx--daARWc--s:fd-----:allow
owner@:rwxp-daARWc--s:fd-----:allow
group@:------a-R-c--s:fd-----:allow
everyone@:------a-R-c--s:fd-----:allow
Note the inheritance flags (fd), which indicate that files in the
directories will inherit the ACLs.
2. on the client (Ubuntu): mount the NFS share to /mnt using credentials of
user "alice"
3. on the client: echo "hello world" > /mnt/A/test.txt
4. on the server: list the ACLs of A/test.txt:
# file: A/test.txt
# owner: alice
# group: wheel
user:alice:rw---daARWc--s:------I:allow
owner@:rw-p-daARWc--s:------I:allow
group@:------a-R-c--s:------I:allow
everyone@:------a-R-c--s:------I:allow
5. on the client: gio move /mnt/A/test.txt /mnt/B/test.txt
6. on the server: list the ACLs of B/test.txt
# file: B/test.txt
# owner: alice
# group: wheel
user:alice:rw---daARWc--s:------I:allow
owner@:rw-p-daARWc--s:------I:allow
group@:------a-R-c--s:------I:allow
everyone@:------a-R-c--s:------I:allow
We expected an ACE for user bob, but it is missing.
To manage notifications about this bug go to:
https://bugs.launchpad.net/glib/+bug/2031413/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
