Project

General

Profile

Feature #23435

Protect users from unfortunate group name choices

Added by an odos over 4 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Nice to have
Assignee:
Andrew Walker
Category:
Services
Target version:
Estimated time:
Severity:
Low
Reason for Closing:
Reason for Blocked:
Needs QA:
Yes
Needs Doc:
Yes
Needs Merging:
Yes
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:

Description

Recently a FreeNAS forums poster was having problems setting samba permissions for a group he created "Users". The debug log had entries such as

2017/04/18 00:37:45.206803,  1] ../source3/modules/nfs4_acls.c:734(smbacl4_fill_ace4)
  nfs4_acls.c: file [Documentary]: could not convert S-1-5-32-545 to uid or gid

Obviously, the windows security editor had "tricked" the poster into trying to add an ACE for "BUILTIN\Users" rather than "FREENAS\Users". Perhaps there should be a blacklist of usernames and groups that people shouldn't be able to create. For instance, it's probably not a great idea to use names that correspond to Windows BUILTIN and well-known users/groups.
Or at least, perhaps prevent users from using "Administrators" and "Users" since Samba creates default groupmap entries for them.

History

#1 Updated by Bonnie Follweiler over 4 years ago

  • Assignee set to Kris Moore

#2 Avatar?id=14398&size=24x24 Updated by Kris Moore over 4 years ago

  • Assignee changed from Kris Moore to John Hixson

Dunno - John, what do you think?

#3 Updated by John Hixson over 4 years ago

  • Status changed from Unscreened to Screened
  • Target version set to 9.10.4

I'll look into this further, but not high priority and punting to 9.10.4

#4 Avatar?id=14398&size=24x24 Updated by Kris Moore over 4 years ago

  • Target version changed from 9.10.4 to 11.1

#5 Avatar?id=14398&size=24x24 Updated by Kris Moore about 4 years ago

  • Target version changed from 11.1 to 11.2-BETA1

#6 Avatar?id=14398&size=24x24 Updated by Kris Moore over 3 years ago

  • Assignee changed from John Hixson to Timur Bakeyev
  • Priority changed from No priority to Nice to have

#7 Updated by Dru Lavigne over 3 years ago

  • Status changed from Screened to Not Started

#8 Updated by Dru Lavigne over 3 years ago

  • Target version changed from 11.2-BETA1 to 11.2-RC2

#9 Updated by Dru Lavigne over 3 years ago

  • Assignee changed from Timur Bakeyev to Andrew Walker

#10 Avatar?id=13649&size=24x24 Updated by Ben Gadd over 3 years ago

  • Severity set to New

#11 Updated by Andrew Walker over 3 years ago

  • Status changed from Not Started to In Progress

#12 Updated by Dru Lavigne over 3 years ago

  • Target version changed from 11.2-RC2 to 11.2-BETA2

#13 Updated by Dru Lavigne over 3 years ago

  • Category changed from OS to Services

#14 Updated by John Hixson over 3 years ago

  • Target version changed from 11.2-BETA2 to 11.2-U2

#15 Updated by Andrew Walker about 3 years ago

  • Severity changed from New to Low

#17 Updated by Dru Lavigne almost 3 years ago

  • Target version changed from 11.2-U2 to 11.2-U3

#18 Updated by Dru Lavigne over 2 years ago

  • Target version changed from 11.2-U3 to 11.2-U4

#19 Avatar?id=14398&size=24x24 Updated by Kris Moore over 2 years ago

  • Status changed from In Progress to Closed

Also available in: Atom PDF