ClearFoundation Tracker - ClearOS |
| View Issue Details |
|
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0001731 | ClearOS | app-flexshare - Flexshares | public | 2014-06-02 09:35 | 2020-03-26 10:11 |
|
| Reporter | dloper | |
| Assigned To | NickH | |
| Priority | normal | Severity | feature | Reproducibility | always |
| Status | closed | Resolution | fixed | |
| Platform | | OS | | OS Version | |
| Product Version | 7.0.0 Alpha 2 | |
| Target Version | | Fixed in Version | | |
|
| Summary | 0001731: Allow users to request setGID bit. |
| Description | Traditional flexshares can have problems when administrators copy in data to a flexshare with external protocols such as SSH. Additionally, some workstations do not respect the permission structure and override the group permissions making files in accessible to users.
A checkbox should be added to all the admin to set the setGID bit for a flexshare and any underlying folders. This will enforce group ownership and read/write permissions. This should be checked by default on any new flexshare! This command will do the following:
(This should only be done if the checkbox changes state)
chmod -R g+s /var/flexshare/shares/**flexshare**
Unchecking the box will perform:
(This should only be done if the checkbox changes state)
chmod -R g-s /var/flexshare/shares/**flexshare**
|
| Steps To Reproduce | |
| Additional Information | |
| Tags | No tags attached. |
| Relationships | | related to | 0001732 | closed | NickH | Allow users to reset permissions |
|
| Attached Files | |
|
| Issue History |
| Date Modified | Username | Field | Change |
| 2014-06-02 09:35 | dloper | New Issue | |
| 2014-06-02 10:54 | user2 | Issue cloned: 0001732 | |
| 2014-06-02 10:54 | user2 | Relationship added | related to 0001732 |
| 2014-06-02 10:55 | user2 | Summary | Allow users to reset permissions on a flexshare and setGID bit. => Allow users to request setGID bit. |
| 2014-06-02 10:55 | user2 | Description Updated | bug_revision_view_page.php?rev_id=123#r123 |
| 2014-06-02 10:55 | user2 | Status | new => acknowledged |
| 2014-06-02 10:58 | user2 | Note Added: 0001197 | |
| 2014-06-02 11:20 | user2 | Note Added: 0001199 | |
| 2014-06-02 11:46 | dloper | Note Added: 0001200 | |
| 2014-10-21 15:33 | user2 | Target Version | 7.0.0 Alpha 2 => 7.1.0 Beta 2 |
| 2015-01-29 12:31 | dloper | Note Added: 0001356 | |
| 2015-05-25 05:03 | user2 | Target Version | 7.1.0 Beta 2 => |
| 2020-03-26 10:11 | NickH | Note Added: 0013531 | |
| 2020-03-26 10:11 | NickH | Status | acknowledged => closed |
| 2020-03-26 10:11 | NickH | Assigned To | => NickH |
| 2020-03-26 10:11 | NickH | Resolution | open => fixed |
|
Notes |
|
|
(0001197)
|
|
user2
|
|
2014-06-02 10:58
|
|
|
It should definitely be optional since many admins won't want this feature at all. |
|
|
|
(0001199)
|
|
user2
|
|
2014-06-02 11:20
|
|
For discussion for a tech meeting :-)
Topic 1) I have seen some applications change the group after a file has been created with the proper group permissions. Neither "force group" in smb.conf nor "setgid" work in these cases.
Topic 2) Though setgid is fairly harmless on directories, there are some security concerns with the bit set on files. From a pragmatic point of view, it's rarely a problem. From an audit/compliance point of view, it's probably a no-no. |
|
|
|
(0001200)
|
|
dloper
|
|
2014-06-02 11:46
|
|
Perhaps the following then which will apply to directories only and not files:
find /var/flexshare/shares/**flexshare** -type d -exec chmod g+s {} + |
|
|
|
(0001356)
|
|
dloper
|
|
2015-01-29 12:31
|
|
|
May affect security audit. |
|
|
|
(0013531)
|
|
NickH
|
|
2020-03-26 10:11
|
|
|