Supporting Linux permissions system

[razaborg]

Currently, filebrowser is run as root (at least for the docker version) and every file created through filebrowser is hence created as root too.

The idea would be to link filebrowser users with systems users and permissions.
For example if I have multiple users who create multiple files through filebrowser, I would like each filebrowser users to be mapped with the different system users.
For example through an option we could activate when running filebrowser (--map-users or --unix-perms ...)

Anyway I think that would be more secure to use Unix permissions under the hood rather than the "everything belongs to the same user" model...

Would that be possible ? Would that need a lot of modifications in the code ?
I would love to contribute to the project and make that possible but Go is not really my thing :(

And if you don't have time for that, maybe you could tell me where I should start to look in your code to do that ?

[hyunsoo0o0o0]

I'm having a same problem, too. I linked filebrowser running on my docker to a storage where I also connected to a samba server, and when I create a file or folder through filebrowser, the owner of file is set to root so I cannot access from a samba client.
In case of linuxserver/transmission, it lets you set uid/gid directly via environments. Maybe filebrowser can do the same, I guess?
It would be nice if admin can set permissions of different uid/gid for each users, but it can wait.
By the way, this project is so cool. I'd really love to use it if this issue is fixed.

[alex-phillips]

I second this. The FS I'm mounting to upload/download/edit is never owned by root:root.

[eine]

@razaborg
Currently, filebrowser is run as root (at least for the docker version) and every file created through filebrowser is hence created as root too.

Filebrowser is run as the user executing it. Therefore, if you execute it locally, permissions are those of your user. However, as you said, running containers as root (UID=0) is the default behaviour of docker. Filebrowser images are based on scratch so there is no configuration related to usernames inside them.

There are some mechanisms to run docker containers as a user available on the host (which is not root):

• https://medium.com/@mccode/understanding-how-uid-and-gid-work-in-docker-containers-c37a01d01cf
• https://docs.docker.com/engine/security/userns-remap/
• https://success.docker.com/article/introduction-to-user-namespaces-in-docker-engine

@ppnchb, @alex-phillips, if you are ok with using a single non-root user, running the container with the USER flag can be enough for your use cases.

@razaborg
Anyway I think that would be more secure to use Unix permissions under the hood rather than the "everything belongs to the same user" model...

As you see, Unix permissions are always used under the hood. I think that the difficulty to implement your proposal resides in mapping multiple users automagically. The first of the references above can be a good starting point to wrap your head around it.

@razaborg
Would that be possible? Would that need a lot of modifications in the code?
And if you don't have time for that, maybe you could tell me where I should start to look in your code to do that?

• Directories and/or files are created in https://github.com/filebrowser/filebrowser/blob/master/http/resource.go#L184-L196
• The struct that defines a user is https://github.com/filebrowser/filebrowser/blob/master/filebrowser.go#L363-L407
• Users are stored in a database:
  • https://github.com/filebrowser/filebrowser/blob/master/filebrowser.go#L56-L58
  • https://github.com/filebrowser/filebrowser/blob/master/filebrowser.go#L183-L187
  • https://github.com/filebrowser/filebrowser/blob/master/filebrowser.go#L189-L212
• How to change the user from golang: https://stackoverflow.com/questions/21705950/running-external-commands-through-os-exec-under-another-user

However, due to #257 and #439, should you want to start tinkering with the code, I think that it'd be sensible to explore a mechanism to programmatically add several users to filebrowser's database. Then, it would make sense to read these from the host system. And, last, make filebrowser create/read resources as different system users. AFAIK, users right now are only used to limit the scope.

[alex-phillips]

The --user flag works fine for me. Thanks!

[alx]

Because I had a related issue, here is a docker-compose setup I've used to solve it (on filebrowser:v1.10.0), it might help someone else.

User with UID=1000 will be able to write in the filebrowser data directory, but you need to set a non-privileged port (>1024) for the server to start.

docker-compose.yml

  filebrowser:
    image: filebrowser/filebrowser:v1.10.0
    user: 1000:1000
    volumes:
      - /opt/platform/data:/srv/data
      - /opt/platform/filebrowser/database.db:/etc/database.db
      - ./config/filebrowser/config.json:/config.json

---

config/filebrowser/config.json

{
  "noAuth": true,
  "port": 8888,
  "address": "",
  "database": "/etc/database.db",
  "scope": "/srv/data",
  "allowCommands": false,
  "allowEdit": true,
  "allowNew": true,
  "commands": [],
  "baseURL":"/filebrowser"
}

[vitaliy-kuzmich]

@razaborg https://github.com/browsefile/backend has support for UID, GID...

[hacdias]

I'm closing this since this repository will be archived. Please read the information on the README for more information. Thanks for all your contributions!