Thanks you very much for your help ! First, a little question. Since I encounter this bug in Debian Stretch, and as the bug behavior slightly change since the last Debian stable security update ( see CVE-2017-14604 ). Do you think it's better to report the bug on Debian's BTS first ?
Next I investigated further following you advice. Just to simplify. Say : -> /dns/parent is a parent directory -> It contain two folders : "Share" and "Ressource" that are NFSv4 referrals -> The "teachers" group have RWX access on both with ALCs. But the teacher group is not present in the standard posix permissions. Say I'm a teacher. 1) At start "gio info" say that I don't have write access to "Ressource" nom d'affichage : Ressource nom d'édition : Ressource nom : Ressource type : directory taille : 4096 uri : file:///dnfs/parent/Ressource attributs : standard::type: 2 standard::name: Ressource standard::display-name: Ressource standard::edit-name: Ressource standard::copy-name: Ressource standard::icon: folder standard::content-type: inode/directory standard::fast-content-type: inode/directory standard::size: 4096 standard::allocated-size: 4096 standard::symbolic-icon: folder-symbolic, folder etag::value: 1538394987:592109 id::file: l38:1839867 id::filesystem: l38 access::can-read: FALSE access::can-write: FALSE access::can-execute: FALSE access::can-delete: FALSE access::can-trash: FALSE access::can-rename: FALSE time::modified: 1538394987 time::modified-usec: 592109 time::access: 1538395042 time::access-usec: 749090 time::changed: 1538394987 time::changed-usec: 592109 unix::device: 38 unix::inode: 1839867 unix::mode: 17400 unix::nlink: 3 unix::uid: 0 unix::gid: 5000006 unix::rdev: 0 unix::block-size: 32768 unix::blocks: 8 owner::user: root owner::user-real: root owner::group: 2de9 2) When I traverse inside /dns/parent with Nautilus. It do some sort of file request as the two NFS referrals are mounted ( normally, from terminal, they are mounted only when you enter them ). There is two cross displayed on each folder like as I can't enter them. But "gio test" give now that I have RWX access ! And a new line at the end seems to show that Nautilus support NFSv4 ACLs ! Stunning ! I don't know this feature ! nom d'affichage : Ressource nom d'édition : Ressource nom : Ressource type : directory taille : 4096 uri : file:///dnfs/parent/Ressource attributs : standard::type: 2 standard::name: Ressource standard::display-name: Ressource standard::edit-name: Ressource standard::copy-name: Ressource standard::icon: folder standard::content-type: inode/directory standard::fast-content-type: inode/directory standard::size: 4096 standard::allocated-size: 4096 standard::symbolic-icon: folder-symbolic, folder etag::value: 1538394987:592109 id::file: l37:23199783 id::filesystem: l37 access::can-read: TRUE access::can-write: TRUE access::can-execute: TRUE access::can-delete: FALSE access::can-trash: FALSE access::can-rename: FALSE time::modified: 1538394987 time::modified-usec: 592109 time::access: 1538395042 time::access-usec: 749090 time::changed: 1538394987 time::changed-usec: 592109 unix::device: 37 unix::inode: 23199783 unix::mode: 17400 unix::nlink: 3 unix::uid: 0 unix::gid: 5000006 unix::rdev: 0 unix::block-size: 32768 unix::blocks: 8 unix::is-mountpoint: TRUE owner::user: root owner::user-real: root owner::group: 2de9 xattr-sys::system.nfs4_acl: 3) From there. The output of "gio test" will not change. I can enter the "Ressource" directory ( even with the cross ) but inside I can't create directories. 4) To solve the problem I have three possibilities : -> I can press F5 inside the "Ressource" folder. -> If I press F5 before entering the "Ressource" folder the crosses disappears. And when I enter the "Ressource" folder I can create directories inside it. -> If from any manner I go a second time inside the "Parent" folder. The crosses disappears and I can create directories inside the "Ressource" folder. It's seems that Nautilus rightly handle the rights even with nfs4 ACLs. But they are not updated on the right time. Thanks again ! This problem is very disappointing for my teachers. Baptiste. Le lun. 1 oct. 2018 à 15:46, António Fernandes <antoniojpfernan...@gmail.com> a écrit : > > Hello. > > Since this sounds like a bug, can you file it at our issue tracker as well? > https://gitlab.gnome.org/GNOME/nautilus/issues/new?issuable_template=Bug > > You can check what the following command reports the first time, and if there > is any change after that: > > gio info /dnfs/shares/teachers/class1 > > In particular, look for the "access::can-write" attribute and confirm if it > says "TRUE" or "FALSE". > > > But if the user traverse the directories again. Starting from "/dnfs" > > to "/dnfs/shares/teachers/class1" now it can create directories !!! > > Does it also work if the user refreshes the view (pressing [F5])? Or is > traversing the directory starting from /dnfs a requirement? > > Prunk Dump via nautilus-list <nautilus-list@gnome.org> escreveu no dia > segunda, 1/10/2018 às 14:02: >> >> Hello Gnome Nautilus Team ! >> >> I'm a high school network administrator and I'm face to a new bug >> since an update of nautilus in Debian Stretch. Maybe you can help me >> to correct it or to find a workaround. >> >> The simple explanation : >> ------------------------------------ >> >> I export the users files using an NFSv4 server. Some directories have >> some specific ACLs that are not displayed on the client side. This is >> normal. Actually the ACLs are not displayed through NFS. For example >> on the client : >> >> # ls -al /dnfs/shares/teachers/class1 >> drwxrwx--T 3 root class1 4096 oct. 1 13:56 Ressource >> >> This folder have a special ACL that let RWX access to the "teachers" >> group. But we can't see it on the clients. The is no "+" on the result >> of the ls command. >> >> So Nautilus show a cross on the folder. But the teacher can enter >> inside it. So this is not a big problem. Just a little disappointing >> for the teacher. >> >> The real problem come when the teacher want to create a directory >> inside it. This time the "New directory" choice is Grey. The teacher >> can't click on it. >> >> Si is there a way to disable the permission check on Nautilus ? >> >> The more in depth explanation : >> --------------------------------------------- >> >> The bug is more complex in reality. I use NFSv4 referrals on my >> network. This mean that when the user enter the folder : >> >> /dnfs/shares/teachers/class1 >> >> This create a mount point over "/dnfs/shares/teachers/class1". And the >> mount point appear on the Nautilus left panel. >> >> The teacher can't create directories inside it. >> >> But if the user traverse the directories again. Starting from "/dnfs" >> to "/dnfs/shares/teachers/class1" now it can create directories !!! >> >> It just don't works the first time. The user need to enter the >> "class1" folder a second time. >> >> So I don't know how nautilus check permissions. Because this time >> there is still no information on the client side about the teacher's >> ACL. But in this case the Nautilus "New folder" is not Grey. And the >> user can create directories. I can't understand why Nautilus decide to >> active the "New Folder" choice this time. >> >> Before the update. The "New folder" was still Grey. But if the teacher >> click on it the directory was created anyway. >> >> An idea from where come this bug ? >> >> Regards, >> >> Baptiste. >> -- >> nautilus-list mailing list >> nautilus-list@gnome.org >> https://mail.gnome.org/mailman/listinfo/nautilus-list -- nautilus-list mailing list nautilus-list@gnome.org https://mail.gnome.org/mailman/listinfo/nautilus-list
