[Bug 1158244] Re: Access right (execute) is not correct deduced by Ubuntu-client from NFSv3 Access Reply.

Marcus Tomlinson marcus.tomlinson at canonical.com
Thu Mar 5 13:06:44 UTC 2020 

This release of Ubuntu is no longer receiving maintenance updates. If
this is still an issue on a maintained version of Ubuntu please let us
know.

** Changed in: apport (Ubuntu)
       Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apport in Ubuntu.
https://bugs.launchpad.net/bugs/1158244

Title:
  Access right (execute) is not correct deduced by Ubuntu-client from
  NFSv3 Access Reply.

Status in apport package in Ubuntu:
  Incomplete

Bug description:
  release of Ubuntu:
  Ubuntu 12.04.2 LTS

  
  version of the package:
  nfs-common 1:1.2.5-3ubuntu3.1

  
  Description of problem:
  NFSv3 mounted export (mount -t nfs -o nfsvers=3,acl)
  NFS-Client does an Access Call to determinate the Access rights for users actual UID/GID for a file.
  The received Access right (EXECUTE) isn't correct deduced by Ubuntu-client from NFSv3 Protocols Access Reply.

  
  How reproducible:
  NFS-Server on IBM GPFS filesystem with activated ACL-support or similiar.
  Users UID is autorized in ACE with read,write and execute rights, but
  mapped posix permissions (OWNER@, GROUP@ EVERYONE@) for this file has no execute rights.

  114364 at client:~$ id
  uid=114364(******) gid=1029(******) groups=1029(******)

  mapped standard posix permissions:
  114364 at client:~$ ll -n
  -rw------- 1 30006 201   17 Mar 20 19:23 execute-test.sh

  ACL output -> ACE for user (UID:114364) has execute rights:
  ----------------------------------------------------------------------------
  #NFSv4 ACL
  #owner:30006
  #group:201
  user:114364:rwxc:allow:Inherited
  (X)READ/LIST (X)WRITE/CREATE (-)MKDIR (X)SYNCHRONIZE (X)READ_ACL  (X)READ_ATTR  (X)READ_NAMED
  (X)DELETE    (X)DELETE_CHILD (X)CHOWN (X)EXEC/SEARCH (X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED

  special:owner@:rw--:allow:Inherited
  (X)READ/LIST (X)WRITE/CREATE (-)MKDIR (X)SYNCHRONIZE (X)READ_ACL  (X)READ_ATTR  (X)READ_NAMED
  (X)DELETE    (-)DELETE_CHILD (-)CHOWN (-)EXEC/SEARCH (-)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED
  ----------------------------------------------------------------------------

    
  Actual results:
  114364 at client:~$ ./execute-test.sh
  bash: /mnt/id_sd_test_ane/x-test/execute-test.sh: Permission denied

  
  Expected results:
  114364 at client:~$ ./execute-test.sh
  -> execution of file successful

  
  additional info:
  In general, it is not sufficient for the client to attempt to deduce access permissions by inspecting the uid, gid, and mode fields in the file attributes

  client misinterprets the execute rights through replied mode (600) in
  obj_attributes.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1158244/+subscriptions

More information about the foundations-bugs mailing list