Date: Wed, 11 Apr 2018 12:36:06 +0100 From: Stilez Stilezy <stilezy@gmail.com> To: Andriy Gapon <avg@freebsd.org> Cc: freebsd-fs <freebsd-fs@freebsd.org> Subject: Re: Does setuid=on work on ZFS datasets, or is the man page for zfs misleading? Message-ID: <CAFwhr74koRdHBd5Nf1674su8ojQyKwS-rjNACYL0kNQz=VD14g@mail.gmail.com> In-Reply-To: <CAFwhr744c6sTqvZAMqrEcgJ7_693_Y9%2BGLkY7ZhOrueBuCjBig@mail.gmail.com> References: <CAFwhr76YOacX7kS87M-xRhcnkQGYGcmpYz%2BKU6rok2b-Wt_GHA@mail.gmail.com> <7eba73db-3097-5c8a-eb2c-e3880fb5b501@FreeBSD.org> <CAFwhr77WP_rDb1%2BAW-hbe8vcWdnpa-KXU0xjMryvmX-isa5W7g@mail.gmail.com> <672e2c84-b906-4073-0206-7eb1720adc7e@FreeBSD.org> <1629c0d63d0.2756.49a377fccbf53440a4b582c142a1ed88@gmail.com> <26e3c3b5-9baf-5499-0e12-81486cc8c839@FreeBSD.org> <CAFwhr744c6sTqvZAMqrEcgJ7_693_Y9%2BGLkY7ZhOrueBuCjBig@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
(Sorry, slight reword, my mistake, underlined correction: " So instead of forcing all files to be owned by (say) userX, and giving userX some rights, I could acept that the owner is arbitrary, give the owner no rights at all, *create a group called "data_file_owner", add my desired file+dir owner to the data_file_owner group, and give the data_file_owner group the access rights* over the dataset root dir that I would have given the owner. My understanding is that even on ZFS that setup *can* be configured to forcibly inherit when files+dirs are created." ) On 11 April 2018 at 12:32, Stilez Stilezy <stilezy@gmail.com> wrote: > > > On 10 April 2018 at 06:45, Andriy Gapon <avg@freebsd.org> wrote: > >> On 06/04/2018 20:42, Stilez wrote: >> > So the question stands - is there any working method to ensure files in >> a ZFS >> > dataset or contained dir have a predetermined owner? Including within >> ACLs if I >> > missed the right page? >> >> My assumption was that the ownership change was not an end goal and there >> was a >> wider context related to access management. >> In other words, why do you want to change file ownership unless you want >> to >> change the file's access rights... In my opinion, Unix file ownership is >> a part >> of Unix file access model. >> > > Good question. Four reasons come to mind: > > 1. I'm a comparative newcomer to FreeBSD security and related matters, and > don't have the skill/knowledge to make assumptions that an experienced > fbsd-er might make. My assumption is that whatever owner permissions/ACLs > are set at, and whatever exec rights exist, files are more vulnerable to > issues I leave open or mistakes I make, if they accidentally have a > privileged owner, compared to a non privileged one. A lot of work I do in > CLI is done with su-ing to a privileged account. The files don't need a > privileged owner, so why give them one, or expose them to having one? > > 2. Another reason is that some branches of the file system are accessed > via Samba, and if ACLs aren't correct, Windows tends to look at the owner > as the account able to fix it. If files accumulate different owners, that > could become a real pain to sort out as the file system is in the millions > of files. This probably isn't so important because Samba allows owner > inheritance on any dir, but I'd like to rely on OS controls rather than > Samba controls. > > 3. An old principle of computing - if something isn't needed but adds > complication, don't do it. I don't need the files to have varied owners, so > varied owners becomes at best useless, at worst a pain at some > unforeseeable future time. > > 4. Finally of course, ACLs and ownership committed within short and long > term snapshots never can be changed or fixed. If any of these ever do give > rise to a problem, I won't be able to fix it short of an insane amount of > cloning/sending/rebuilding of the pool and every snapshot in it. > > At present I'm currently tightening my "archived files" pool's > permissions, having dealt with most other basics. I'm starting from the top > down - get ownership right, then groups, then ACLs/permissions on > owners/users/groups. > > If FreeBSD can't do ownership inheritance, I have to think whether it's > actually a problem and if so what to do. Perhaps the simplest option is to > treat ownership as untrusted and give null ACLs (no rights at all) to the > owner; instead just condition all access rights on user/group only. As far > as I understand, that should be as secure/effective, and will inherit. > > So instead of forcing all files to be owned by (say) userX, and giving > userX some rights, I could acept that the owner is arbitrary, give the > owner no rights at all, create a user or group called "data_file_owner", > and give that user/group the access rights over the dataset root dir that I > would have given the owner. My understanding is that even on ZFS that setup > *can* be configured to forcibly inherit when files+dirs are created. > > Would that angle work as I intend? Any issues/warnings for me, that I > should be aware of? > > Stilez >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAFwhr74koRdHBd5Nf1674su8ojQyKwS-rjNACYL0kNQz=VD14g>