How to prevent users to break out of their scope when using fIlebrowser with NFS #3287
Unanswered
s-geissler
asked this question in
Q&A
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi all,
I am using filebrowser as the webfrontend for a multi-user storage server. The user scopes are, in addition to being accessible via filebrowser, also available via NFS.
I now have the issue that users can create relative symlinks in their respective scopes that allow them to access files outside of their scope using their NFS shares.
My folder structure looks like this
If user1 now creates a symlink in folder
/volume1/user1
that points to../user2
or simply../
he can access files outside of his scope.This, in combination with the fact that all scopes have the same filesystem level permissions - namely they belong to the filebrowser user - lead to essentially users being able to access files outside of their scope.
Does anyone have an idea how to deal with that? Is there for example an option that disables symlinks in filebrowser, so they are no longer followed?
Beta Was this translation helpful? Give feedback.
All reactions