Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Disallow writing of broken .acl files #1400

Open
jeff-zucker opened this issue Jan 30, 2020 · 6 comments
Open

Disallow writing of broken .acl files #1400

jeff-zucker opened this issue Jan 30, 2020 · 6 comments

Comments

@jeff-zucker
Copy link

@jeff-zucker jeff-zucker commented Jan 30, 2020

If the user attempts to put/post an .acl file using the wrong content-type or if they have a syntax error in the .acl, the user then loses control of the .acl and whatever it points to. Only a server admin can fix the broken .acl, the user can't edit or delete it.

I think a minimum fix is that the server should cowardly refuse to write an .acl file that has broken syntax or the wrong content-type - allowing users to do this has no benefits and quite terrible consequences - it guarantees that no one except the server admin can access the .acl or the resources it points to.

@jeff-zucker

This comment has been minimized.

Copy link
Author

@jeff-zucker jeff-zucker commented Jan 30, 2020

Looking at https://forum.solidproject.org/t/is-my-pod-dead, you can see that several users have managed to make their entire pods inaccessible because of this problem.

@scenaristeur

This comment has been minimized.

Copy link

@scenaristeur scenaristeur commented Jan 30, 2020

An example #1376

@jeff-zucker

This comment has been minimized.

Copy link
Author

@jeff-zucker jeff-zucker commented Jan 30, 2020

This may be too tricky, but the server should also disallow creation of a .acl if it does not grant Control to anyone. As with broken syntax and wrong content-type, an .acl that does not grant Control to anyone becomes unalterable by anyone but a sysadmin.

@kjetilk

This comment has been minimized.

Copy link
Contributor

@kjetilk kjetilk commented Jan 30, 2020

We have a generic issue on this topic in the spec work: solid/specification#67
However, we added RDF validation of ACL files quite some time back, it is surprising if that isn't working anymore.

@melvincarvalho

This comment has been minimized.

Copy link
Contributor

@melvincarvalho melvincarvalho commented Jan 30, 2020

Only a server admin can fix the broken .acl, the user can't edit or delete it.

This is not quite correct. Anyone with access to the file system should be able to edit it or delete.

This should actually be all users. The idea of a centralized server admin should be something we would like to make less common, both in thought process, and in reality

This is a practical point as well as theoretical. For most of my Pods I will have access to the file system. Using solid any other way, is for me, a poor mans solid, and IMHO not really giving too much advantage

This can be applied to both the single user and multi user server. For example you can give each solid user a unix user id and login via SSH. This has a number of advantages including allowing you to set a file quota. I do this with node solid server today, and I would hate to use a pod that didnt offer that feature/service at some point. It would be the equivalent of getting a VPS and only access via FTP

@scenaristeur

This comment has been minimized.

Copy link

@scenaristeur scenaristeur commented Feb 1, 2020

Anyone with access to the file system should be able to edit it or delete

So who can unlock my POD ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
4 participants
You can’t perform that action at this time.