Permission denied in gvfs-fuse mount of SMB share with inaccessible root directory
It's possible for a Windows-hosted SMB share to be inaccessible at the root directory, while permissions are granted for specific sub-directories. For example:
\\server\share -> inaccessible
\\server\share\folder -> accessible
WIth GVFS 1.40.1 on Ubuntu 19.04, it's possible to display \\server\share\folder
in GIO-aware applications, but attempting to open e.g. \\server\share\folder\file.html
in Firefox (which is not GIO-aware, and has to access the file through gvfs-fuse) fails with a "Permission denied" error. Opening a shell in /run/user/<UID>/gvfs
, I can see via strace that calling stat() on the root directory of the mounted share ("smb-share:server=server,share=share
") returns -EACCES.
I guess this is really a mismatch between the Windows permissions model (where you have things like "Bypass traverse checking" [1]) and the UNIX model, where you have to have execute permission on all parent directories before you can access a file.
mount.cifs handles this situation by not allowing \\server\share
to be mounted directly, but \\server\share\folder
can still be mounted (this was the subject of Samba bug #8950 [2]).
For gvfs-fuse, I imagine that the solution would involve allowing stat() on the root folder mounted share to succeed, and reporting execute-only permission for the sake of the UNIX client, even though there is no access at all to the real folder on the Windows share. Is this feasible?