#274 closed enhancement (fixed)
Enhanced run_email2trac to support supplementary groups
| Reported by: | Dennis McRitchie <dmcr@…> | Owned by: | bas |
|---|---|---|---|
| Priority: | major | Milestone: | Release 2.4.5 |
| Component: | email2trac | Version: | 2.4.2 |
| Keywords: | Cc: |
Description
Hi Bas,
We are now using a more secure approach to group ownership and file permissions that supports 1) webserver r/w access, 2) r/w access by selected users who are logged in via ssh, and 3) no other r/w access.
The idea is to create a supplementary group whose only members are the webserver user, and the selected ssh users. World access is then removed from all dual-access files (i.e., files writable via webserver and ssh). Thus, with a umask of 007 and the gid bit set, all created dual-access files are group-writable by users belonging to the special supplementary group, and to no one else.
Currently, besides the uid, run_email2trac sets only the gid associated with the trac user. This patch will cause it to also set the supplementary groups associated with the trac user, thus supporting a "best practices" approach to dual-access.
Let me know if you have any questions.
Dennis McRitchie?
Attachments (2)
Change History (9)
Changed 12 years ago by Dennis McRitchie <dmcr@…>
comment:1 Changed 12 years ago by bas
- Milestone set to Release 2.X.X
- Status changed from new to assigned
Thanks for the enhancement. I will apply it. My first thought was that initgroups is not portable.
comment:2 Changed 12 years ago by Dennis McRitchie <dmcr@…>
Good point. Let me look into making the code conditional, and I'll get back to you with a patch.
Dennis
P.S. In reading further about this, I see that another reason for applying the supplementary groups is that if you don't, the current process keeps the supplementary groups associated with the root user, thus opening a possible security hole.
comment:3 Changed 12 years ago by Dennis McRitchie <dmcr@…>
Hi Bas,
OK. I've attached a 2nd patch that makes the initgroups() call conditional on its presence on a given system. Thus if not present, the code will revert to its previous behavior.
The odd thing is that I was unable to find a system that did not have initgroups(). I tested on gcc's back to 2.8.1, and on a SUN 5.6 compiler (dating back to 2004), but all supported initgroups(). Nonetheless, better to be safe than sorry.
So you just need to:
autoconf configure.in >configure
This new 'configure' script will test for initgroups() and set an appropriate definition of HAVE_INITGROUPS in config.h (built from config.h.in, a new file). run_email2trac.c then tests for HAVE_INITGROUPS in 2 places to ensure that the code builds even if initgroups() is not present.
Dennis
comment:4 Changed 12 years ago by bas
Thanks a lot. It will be applied. I also checked a few systems and could not find a system that did not implement initgroups.
comment:5 Changed 12 years ago by bas
- Resolution set to fixed
- Status changed from assigned to closed
(In [574]) added support for initgroup, thanks to Dennis McRitchie?, closes #274
comment:6 follow-up: ↓ 7 Changed 11 years ago by anonymous
Is this really the way it suppose to work? By the what could mean error fatal error access to undeclared static property ?
comment:7 in reply to: ↑ 6 Changed 11 years ago by bas
Replying to anonymous:
Is this really the way it suppose to work? By the what could mean error fatal error access to undeclared static property ?
What platform and what OS. Where do you get this error message from and is there something in the log files
Patch to support supplementary groups in run_email2trac