ClearOS Bug Tracker


View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0001731ClearOSapp-flexshare - Flexsharespublic2014-06-02 09:352015-05-25 05:03
Reporterdloper 
Assigned To 
PrioritynormalSeverityfeatureReproducibilityalways
StatusacknowledgedResolutionopen 
PlatformOSOS Version
Product Version7.0.0 Alpha 2 
Target VersionFixed in Version 
Summary0001731: Allow users to request setGID bit.
DescriptionTraditional flexshares can have problems when administrators copy in data to a flexshare with external protocols such as SSH. Additionally, some workstations do not respect the permission structure and override the group permissions making files in accessible to users.

A checkbox should be added to all the admin to set the setGID bit for a flexshare and any underlying folders. This will enforce group ownership and read/write permissions. This should be checked by default on any new flexshare! This command will do the following:

(This should only be done if the checkbox changes state)
chmod -R g+s /var/flexshare/shares/**flexshare**

Unchecking the box will perform:

(This should only be done if the checkbox changes state)
chmod -R g-s /var/flexshare/shares/**flexshare**
TagsNo tags attached.
Attached Files

- Relationships
related to 0001732confirmed Allow users to reset permissions 

-  Notes
(0001197)
user2
2014-06-02 10:58

It should definitely be optional since many admins won't want this feature at all.
(0001199)
user2
2014-06-02 11:20

For discussion for a tech meeting :-)

Topic 1) I have seen some applications change the group after a file has been created with the proper group permissions. Neither "force group" in smb.conf nor "setgid" work in these cases.

Topic 2) Though setgid is fairly harmless on directories, there are some security concerns with the bit set on files. From a pragmatic point of view, it's rarely a problem. From an audit/compliance point of view, it's probably a no-no.
(0001200)
dloper (administrator)
2014-06-02 11:46

Perhaps the following then which will apply to directories only and not files:

find /var/flexshare/shares/**flexshare** -type d -exec chmod g+s {} +
(0001356)
dloper (administrator)
2015-01-29 12:31

May affect security audit.

- Issue History
Date Modified Username Field Change
2014-06-02 09:35 dloper New Issue
2014-06-02 10:54 user2 Issue cloned: 0001732
2014-06-02 10:54 user2 Relationship added related to 0001732
2014-06-02 10:55 user2 Summary Allow users to reset permissions on a flexshare and setGID bit. => Allow users to request setGID bit.
2014-06-02 10:55 user2 Description Updated View Revisions
2014-06-02 10:55 user2 Status new => acknowledged
2014-06-02 10:58 user2 Note Added: 0001197
2014-06-02 11:20 user2 Note Added: 0001199
2014-06-02 11:46 dloper Note Added: 0001200
2014-10-21 15:33 user2 Target Version 7.0.0 Alpha 2 => 7.1.0 Beta 2
2015-01-29 12:31 dloper Note Added: 0001356
2015-05-25 05:03 user2 Target Version 7.1.0 Beta 2 =>