File System Permissions#2321
Conversation
… web api function to enforce it
- Add SshKey model with validation and fingerprinting - Implement UnixGroupManager service for user/group management - Create Unix users/groups automatically on course/staff creation - Add SSH key provisioning to authorized_keys - Implement FilesystemEnforcer with group-based permissions - Add SSH key management UI (restricted to staff/instructors) - Fix require paths for services in controllers - Add services directory to autoload paths - Create bootstrap script for existing courses - Add host system user setup scripts - Support BusyBox useradd (use -p '*' instead of --disabled-password) - Add comprehensive setup and testing scripts
|
|
||
| def authorized?(req) | ||
| secret = ENV["UNIX_OPS_SHARED_SECRET"] | ||
| return true if secret.nil? || secret.empty? |
There was a problem hiding this comment.
Do you want to change this to false? I'm thinking of the unlikely case where the UNIX_OPS_SHARED_SECRET is forgotten to be set/gets cleared and the unixops ports gets published to the host by mistake, then an outsider can perform filesystem operations. If you mandate the secret then it can only be from inside of the same host.
|
Is there a link to the Dockerfile for unixops and the corresponding change to docker-compose.yml? |
|
I think the unix ops daemon filesystem operations is very permissive (the path in the payload is not validated to reference a course's file path, could point anywhere basically) |
|
The dockerfile change is in a branch called permission-unixops on the docker repository: link |
|
I think it has to be designed in that way because there are other functions/file paths not in a course directory that would potentially need to be edited by the daemon. But agreed that it is super permissive and the only layer of security we have now is the function checks on rails and a shared secret in the env |
5 participants
Description
This PR outlines a security model for the filesystem. The exact details of the permission model can be taken from
docs/security-model.md. The setup can be viewed fromdocs/permission-model.md.Tests
This has been tested by: