gvfs ignoring secondary group membership in ssh/sftp
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| gvfs (Ubuntu) |
Invalid
|
Low
|
Ubuntu Desktop Bugs | ||
Bug Description
Binary package hint: gvfs
Release: Ubuntu 8.10.
Package: gvfs 1.0.2-0ubuntu1
Expected: User connected to remote system via ssh/sftp (nautilus/gvfs) could write/create/delete files in a directory because he's a member of the directorie's owning group.
What happened: User has no write permissions inside the directory.
Basically:
Directory permissions based on secondary group membership are completely ignored in Nautilus with an ssh/sftp connection. As long as the user or his primary group owns the directory, no problem. If he's not the owner and the group is only a secondary one he's in, he gets denied write permission.
Example:
I have a directory on machine "remotepc" /shared with permissions like drwxrwsr-x and ownership root:users.
I have a user, sally on machine "localpc" who's a member of local groups sally and users, as well as being a member of users on "remotepc".
Sally connects to "remotepc" with nautilus as herself using sftp://
Sally is denied permission to write into directory /shared (can't create, delete or save edited files) even though group users has write permission and she's a member of that group.
If Sally does a "scp somefile remotepc:/shared/" it works just fine (since scp "knows" she's a member of users and therefore can write).
If Sally copise, deletes, etc. files via command-line sftp, same resul .. it works (as it should).
If Sally ssh's into remotepc and creates/deletes or edits files in the /shared directory everything works just fine (again, as it should).
The ONLY time Sally has an issue is when she's connected via nautilus/gvfs/fuse where it shows her as having no ability to do anything but traverse the directory and read files (other's x-r).
Any directory where she's the owner, or her primary group is the owner, no problem. Any directory where she's not the owner and is a secondary member of the owning group, she does not get the group permissions.
Needless to say this makes a lot of things not work over sftp/ssh in a major way, and is NOT the behavior for ssh or sftp.
| Jim Louvau (jlouvau) wrote | #1 |
| Sebastien Bacher (seb128) wrote | #2 |
| Changed in gvfs: | |
| assignee: | nobody → desktop-bugs |
| importance: | Undecided → Low |
| status: | New → Invalid |
Possibly/probably related to this behavior description from bug 227808:
https:/
If that's the case, then perhaps letting us change the umask for .gvfs via a config would be appropriate.