Bug 265717 - Edit ACL Entry dialog not useful for non-local users on sssd-enabled systems
Summary: Edit ACL Entry dialog not useful for non-local users on sssd-enabled systems
Status: ASSIGNED
Alias: None
Product: frameworks-kio
Classification: Frameworks and Libraries
Component: general (show other bugs)
Version: unspecified
Platform: Fedora RPMs Linux
: NOR normal
Target Milestone: ---
Assignee: Lukáš Tinkl
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-02-07 20:53 UTC by Jason Tibbitts
Modified: 2021-03-09 05:53 UTC (History)
3 users (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Screenshot of the dialog in question (131.76 KB, image/png)
2011-02-07 20:53 UTC, Jason Tibbitts 		Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Jason Tibbitts 2011-02-07 20:53:38 UTC 
Created attachment 56952 [details]
Screenshot of the dialog in question

Version:           unspecified (using KDE 4.5.5) 
OS:                Linux

On systems running sssd (such as Fedora 13 and up), getpwent() and the associated methods do not return non-local users.  There are various reasonable reasons for this, including the overhead of having to keep an updated local cache of tens or hundreds of thousands of users.

This can be worked around by adding "enumerate = true" to the domain definition in /etc/sssd/sssd.conf, but this is suboptimal and in many situations is simply not workable.

Reproducible: Always

Steps to Reproduce:
Open dolphin, right click on something, pick "Properties", then "Permissions", then "Advanced Permissions", then "Add Entry...".  Note that the user list presented will only have local users on an sssd-configured system.  (And even on systems without sssd, or with sssd configured to enumerate the domain, the user list can get hilariously long.)

Actual Results:  
Note that the user list presented will only have local users on an sssd-configured system.

Expected Results:  
The dialog gives me some means of entering a user name.  A simple text or combo box would work great.  It's trivial to validate the entered user name, as getpwnam() and such obviously still works as expected with sssd.

Note in the attached snapshot; the logged in user is "tester" but that isn't even displayed in the user list.  Nor is my username "tibbs", though I'm also able to access that machine.
Comment 1 Jason Tibbitts 2015-02-23 18:35:32 UTC 
Been four years since I reported this, and the advanced permissions dialog is still as useless as ever.  All that's required (I think) is to replace the dropdown with a combobox, and then validate that the entered user exists.

It was suggested that I move this under frameworks-kio to get more attention, so I've done so.  If someone could point out where in the code this dialog lives, I could try to have a look but I last wrote C++ back in college when we still used cfront....
Comment 2 Jason Tibbitts 2016-02-02 23:50:05 UTC 
Just wanted to make a note that the ACL editing dialog is still not useful if the system cannot enumerate all users in the 5.18 frameworks release.

Unfortunately, we've switched our infrastructure to NFS4 and those ACLs are an entirely different and fun thing which is also not at all supported.  nfs4-acl-editor does work, though, and I think it might just be easiest to set up a service menu for that so that dolphin users can reach it more easily.
Comment 3 Justin Zobel 2021-03-09 05:53:55 UTC 
Thank you for the bug report.

As this report hasn't seen any changes in 5 years or more, we ask if you can please confirm that the issue still persists.

If this bug is no longer persisting or relevant please change the status to resolved.