Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Prevent permissions reset from following symlinks to boot pool

Description

In 11.2, presence of symlink that points back to "/" in path where "default permissions" are being applied can cause a permissions reset to set an ACL on "/", which of course breaks the UI.

Fix for 11.2 - check device ID of file to have permissions reset and compare it with the stored value of the freenas-boot device. Quit if it fails.

Fix for 11.3 - chroot winacl into the path in which permissions are being reset, remove FTS_LOGICAL, and apply 11.2 mitigation.

Problem/Justification

None

Impact

None

is duplicated by

SmartDraw Connector

Katalon Manual Tests (BETA)

Activity

Show:

Bug Clerk December 10, 2019 at 6:22 PM

Bug Clerk December 4, 2019 at 6:32 PM

Andrew Walker November 27, 2019 at 9:12 AM
Edited

11.2-U8 Test case:

root@freenas[/]# mkdir -p /mnt/dozer/SMB/foo/bar root@freenas[/]# mkdir /root/test root@freenas[/]# ln -s /root/test /mnt/dozer/SMB/foo/bar/test root@freenas[/]# winacl -a clone -rv -p /mnt/dozer/SMB /mnt/dozer/SMB /mnt/dozer/SMB/.windows /mnt/dozer/SMB/foo /mnt/dozer/SMB/foo/bar /mnt/dozer/SMB/foo/bar/tar winacl: /mnt/dozer/SMB/foo/bar/test: path resides in boot pool root@freenas[/mnt/dozer/SMB]# cd / root@freenas[/]# getfacl /root/test # file: /root/test # owner: root # group: wheel owner@:rwxp--aARWcCos:-------:allow group@:r-x---a-R-c--s:-------:allow everyone@:r-x---a-R-c--s:-------:allow

Should fail with error: "winacl: /mnt/dozer/SMB/foo/bar/test: path resides in boot pool"
ACL should look like what you see above.

11.3 Test Case:
Same as above, but perform functional tests for the permissions and ACL manager (recursive, traverse, stripacl, etc). Also test editing ACL on SMB share in subdirectory. This is to verify that the chroot doesn't break the ACL / perm editor.

Complete
Pinned fields
Click on the next to a field label to start pinning.

Details

Assignee

Reporter

Components

Fix versions

Priority

More fields

Katalon Platform

Created November 27, 2019 at 9:07 AM
Updated July 1, 2022 at 4:47 PM
Resolved December 10, 2019 at 6:22 PM