ClearFoundation Tracker - ClearOS
View Issue Details
0001731ClearOSapp-flexshare - Flexsharespublic2014-06-02 09:352020-03-26 10:11
dloper 
NickH 
normalfeaturealways
closedfixed 
7.0.0 Alpha 2 
 
0001731: Allow users to request setGID bit.
Traditional flexshares can have problems when administrators copy in data to a flexshare with external protocols such as SSH. Additionally, some workstations do not respect the permission structure and override the group permissions making files in accessible to users.

A checkbox should be added to all the admin to set the setGID bit for a flexshare and any underlying folders. This will enforce group ownership and read/write permissions. This should be checked by default on any new flexshare! This command will do the following:

(This should only be done if the checkbox changes state)
chmod -R g+s /var/flexshare/shares/**flexshare**

Unchecking the box will perform:

(This should only be done if the checkbox changes state)
chmod -R g-s /var/flexshare/shares/**flexshare**
No tags attached.
related to 0001732closed NickH Allow users to reset permissions 
Issue History
2014-06-02 09:35dloperNew Issue
2014-06-02 10:54user2Issue cloned: 0001732
2014-06-02 10:54user2Relationship addedrelated to 0001732
2014-06-02 10:55user2SummaryAllow users to reset permissions on a flexshare and setGID bit. => Allow users to request setGID bit.
2014-06-02 10:55user2Description Updatedbug_revision_view_page.php?rev_id=123#r123
2014-06-02 10:55user2Statusnew => acknowledged
2014-06-02 10:58user2Note Added: 0001197
2014-06-02 11:20user2Note Added: 0001199
2014-06-02 11:46dloperNote Added: 0001200
2014-10-21 15:33user2Target Version7.0.0 Alpha 2 => 7.1.0 Beta 2
2015-01-29 12:31dloperNote Added: 0001356
2015-05-25 05:03user2Target Version7.1.0 Beta 2 =>
2020-03-26 10:11NickHNote Added: 0013531
2020-03-26 10:11NickHStatusacknowledged => closed
2020-03-26 10:11NickHAssigned To => NickH
2020-03-26 10:11NickHResolutionopen => fixed

Notes
(0001197)
user2   
2014-06-02 10:58   
It should definitely be optional since many admins won't want this feature at all.
(0001199)
user2   
2014-06-02 11:20   
For discussion for a tech meeting :-)

Topic 1) I have seen some applications change the group after a file has been created with the proper group permissions. Neither "force group" in smb.conf nor "setgid" work in these cases.

Topic 2) Though setgid is fairly harmless on directories, there are some security concerns with the bit set on files. From a pragmatic point of view, it's rarely a problem. From an audit/compliance point of view, it's probably a no-no.
(0001200)
dloper   
2014-06-02 11:46   
Perhaps the following then which will apply to directories only and not files:

find /var/flexshare/shares/**flexshare** -type d -exec chmod g+s {} +
(0001356)
dloper   
2015-01-29 12:31   
May affect security audit.
(0013531)
NickH   
2020-03-26 10:11   
Migrated to https://gitlab.com/clearos/clearfoundation/app-flexshare/-/issues/15 [^]