Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Setting ACLs fail when administrator username is different #1896

Open
toreonify opened this issue Sep 11, 2019 · 0 comments

Comments

@toreonify
Copy link

toreonify commented Sep 11, 2019

I've noticed a strange behavior when added SDC and tried to add shares on it. Previously, on PDC I have edited shares.conf.mas by hand and didn't had any issues. On SDC I tried to add shares in web UI and it failed every time, no matter what I did (even reinstalling). Later, in log file it said that "chown command failed".

So I've opened source code for SyncDaemon.pm and found that "chown" uses domain group "domain users" in quotes or "adm" that present on system, but user is set to "administrator" and it is hardcoded. This is the key, because long time ago I've changed default "Administrator" user name to something different for security reasons.

For testing I've hardcoded my new administrator user name and it fixed the problem and ouput of "ls -la" is now correct. This function needs to resolve administrator name by SID or RID because it is default in every domain configuration.

Same code is present on Zentyal 5 and 6.

setACLs function, setting permissions, line 234 on Zentyal 5.0.10:

        EBox::info("Starting to apply recursive ACLs to share '$shareName'...");

        my @cmds = ();
        push (@cmds, "mkdir -p '$path'");
        push (@cmds, "setfacl -b '$path'"); # Clear POSIX ACLs
        if ($guestAccess) {
            push (@cmds, "chmod 0777 '$path'");
            push (@cmds, "chown nobody:'domain users' '$path'");
        } else {
            push (@cmds, "chmod 0770 '$path'");
            push (@cmds, "chown administrator:adm '$path'");
        }
        EBox::Sudo::root(@cmds);

        # Posix ACL
        my @posixACL;
        push (@posixACL, 'u:administrator:rwx');
        push (@posixACL, 'g:adm:rwx');
        push (@posixACL, 'g:"domain admins":rwx');
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
1 participant
You can’t perform that action at this time.