Opening PDFs Denied Access Google Drive in Nautilus (Files)

Question

I've logged in to my Google account in the Ubuntu 22.04 settings. A link to my Google drive appears in Nautilus. I'm able to open photos and doc files, but when I try to open PDFs I receive an error message, "Unable to open document "[file:// etc.] ... Error opening file ... Permission denied.

How can I fix this problem? I've looked online and mostly am finding information regarding the Google desktop version of google drive.

I know, that doesn't help much, but I'm experiencing the same problems with Google Drive on Ubuntu 22.04 Desktop. Opening PDF files with the default PDF viewer fails, even from the default file manager Files. But PDF is not the only content type, it also fails for e.g html files: if you try to open them, instead of in the default browser they are opened in the Text Editor. Any advice? — user1593050, Apr 24 '22 at 17:31
I am experiencing the same problem. I tried to install another pdf application and made it default to open the pdf files. But that application is also unable to open the pdf. Perhaps, this means that the bug is with Nautilus and not pdf application. I tried to file the bug but found it quite tedious. Will prefer to wait and let this bug be resolved. — Shailesh Paranjpe, Apr 26 '22 at 01:54
From Stephane V: https://bugs.launchpad.net/ubuntu/+source/evince/+bug/867749 Modify the Apparmor security profile with these two commands :
sudo apt-get install apparmor-utils , sudo aa-complain /usr/bin/evince — Hayward Oblad, May 12 '22 at 18:37
@HaywardOblad thanks for that, you should turn that comment into an answer. — Janos, May 29 '22 at 14:00

Stanislav Modrák · Answer 1 · 2022-10-22T18:41:30.053

3

I would not recommend messing with the AppArmor settings as it's a safety-critical feature of Linux kernel and it's a workaround rather than providing a lasting solution.

I solved this by re-installing the Document Viewer (Evince) but instead of using the Ubuntu .deb distribution, installing as a Flatpak (from Flathub). The sandbox distribution design of Flatpak seems not to suffer from this issue with AppArmor permissions.

You need to uninstall the current package installation.

sudo apt-get remove evince

If you already haven't done so, you need to install & activate Flatpak.

sudo apt install flatpak

Activate the Flathub repository.

flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo

Finally, install Document Viewer again (as a Flatpak distribution package).

flatpak install flathub org.gnome.Evince

edited Oct 22 '22 at 18:41

answered Oct 22 '22 at 18:26

Stanislav Modrák

101

1

If one wants to install a different packaging format only to fix this evince issue, using the built-in 'sudo snap install evince' will also fix it. No permission issue from evince on gio mounted volume. – Omid Khalili Dec 14 '22 at 22:44
@OmidKhalili the snap version is way behind the other packaging formats, one disadvantage – Stanislav Modrák Dec 20 '22 at 17:27
I agree some packages are outdated, but at least I have a unified experience and can only type the package name on the terminal to open what I want. Typing evince on the terminal when the deb version is installed or the snap version is installed has the same result. Instead with flatpak I have to flatpak run org.gnome.Evince (This is nonsense to me and reading https://github.com/flatpak/flatpak/issues/994 says I'm not alone.) – Omid Khalili Dec 20 '22 at 23:22
Thank you for this answer! I was also hesitant to mess around with AppArmor settings. – DanM87 Feb 09 '23 at 15:22
sudo snap install evince only seems to fix it on Ubuntu 24.04 until you restart, at least he error comes back after a few days. – hb0 May 14 '24 at 09:04

score 2 · Accepted Answer · answered May 05 '22 at 18:50

2

This is problem with the Document Viewer(Evince) not Nautilus

Disable One Profile

sudo ln -s /etc/apparmor.d/usr.bin.evince /etc/apparmor.d/disable/

If this doesn't work, you can install atril document viewer and set that as your default, it should work.

answered May 05 '22 at 18:50

Devansh

64
6

1

Thank you for your help! I didn't want to mess around with the persmission on AppArmor so I installed Atril and set it as default PDF viewer. Thanks! – DanM87 May 08 '22 at 22:09
The above tip didn't help me for evince, also I have the same problem with other PDV viewers and editors I tried (e.g. qpdfview). But thanks for the tip with atril, that one works! – Janos May 29 '22 at 13:56
Wouldn't be better to use sudo aa-complain usr.bin.evince? It then works (slow as hell, but that's another war)... (needs package apparmor-utils) – Rmano Aug 27 '24 at 08:43

score 2 · Answer 3 · answered Aug 27 '24 at 09:41

It's, effectively, an apparmor problem, as spotted by Devansh. Still here in 24.04. I personally would not disable the protection completely, evince is heavily used, and you never know...

So what I did is: try to see why it doesn't work. I issued (you need to install apparmor-utils for that) the command to put the specific profile in complain mode, so that it permits the operation but log it on the journal.

sudo aa-complain usr-bin.evince

And yep, it works. The logs (see with journalctl) says (edited for privacy)

audit: type=1400 audit(1724748978.556:314): apparmor="ALLOWED" operation="connect" class="file" profile="/usr/bin/evince" name="/run/user/1001/gvfsd/socket-MqrSttuD" pid=31918 comm="evince" requested_mask="wr" denied_mask="wr" fsuid=1001 ouid=1001
audit: type=1400 audit(1724748978.571:316): apparmor="ALLOWED" operation="open" class="file" profile="/usr/bin/evince" name="/run/user/1001/gvfs/google-drive:host=gmail.com,user=xxx.yyy/0ANkkkkkkJaUk9PVA/llllll

So ok, it was denying the access to the /run/user/... directories.

My solution was to edit (as root) /etc/apparmor.d/local/usr.bin.evince (in principle should be there, empty, and should survive updates, but we'll see) adding

# allow access to google drive and other shared files

owner /run/user//gvfs/**       rw,
owner /run/user//gvfsd/**      rw,

and then you should reload the profiles:

sudo service apparmor reload

and enforce it again

sudo aa-enforce usr.bin.evince

...and in principle everything works as expected, maintaining the protections AppArmor provides for other files.

Notice that this is probably a configuration bug: I think the directories under `/run/user/UID/ should be permitted by default.

hb0 · Answer 4 · 2024-05-14T09:05:20.800

This also happens with a fresh Ubuntu 24.04 installation.

As @Omid Khalili pointed out in a comment, you can just reinstall evince with snap:

sudo apt remove evince
sudo snap install evince

This fixes "permission denied" for Google Drive, but not for Cryptomator, in case you use this, too.

update: sudo snap install evince only seems to fix it on Ubuntu 24.04 until you restart, at least he error comes back after a few days.

score 1 · Answer 5 · answered Dec 13 '24 at 13:00

1

I experienced this issue, where opening PDFs in led to permission denied. I upgraded evince to the latest version (evince-common all 46.3.1-0ubuntu1, evince amd64 46.3.1-0ubuntu1), and that did the trick!

So in practice I did this:

sudo apt update
sudo apt upgrade evince evince-common

answered Dec 13 '24 at 13:00

consideRatio

131

Thank you. It worked. – raf Dec 14 '24 at 12:35
It looks like Ubuntu 22.04.5 LTS will only update to 42.3-0ubuntu3.1, so I'm out of luck – aguaviva Jun 08 '25 at 23:46

Opening PDFs Denied Access Google Drive in Nautilus (Files)

5 Answers5