Community Forum

Eric Mols
Eric Mols
Offline
Resolved
0 votes
Hello,

This is my trick to implement the samba Read List and Write List to the web interface of clear os flexshare

read list
This is a list of users that are given read-only access to a service. If the connecting user is in this list then they will not be given write access, no matter what the read only option is set to. The list can include group names using the syntax described in the invalid users parameter.
This parameter will not work with the security = share in Samba 3.0. This is by design.
Default: read list =
Example: read list = mary, @students

write list
This is a list of users that are given read-write access to a service. If the connecting user is in this list then they will be given write access, no matter what the read only option is set to. The list can include group names using the @group syntax.
Note that if a user is in both the read list and the write list then they will be given write access.
By design, this parameter will not work with the security = share in Samba 3.0.
Default: write list =
Example: write list = admin, root, @staff

it is based on app-flexshare-5.2-10.i386.rpm and app-flexshare-api-5.2-10.i386.rpm

I made changes in the code of

/var/webconfig/htdocs/admin/flexshare.php
and
/var/webconfig/api/Flexshare.class.php

It works on my server ! :)

You need to create a group for the Read List and a group for the users ine the Write List

the language files must be modified to add translations for
WEB_LANG_READ_LIST "Read List"
WEB_LANG_WRITE_LIST "Write List"
FLEXSHARE_LANG_ERRMSG_INVALID_READ_LIST "Invalid Read List"
FLEXSHARE_LANG_ERRMSG_INVALID_WRITE_LIST "Invalid Write List"

this the diff for flexshare.php

100c100
< $flexshare->AddShare($_POST['add_name'], $_POST['add_description'], $_POST['add_group']);
---
> $flexshare->AddShare($_POST['add_name'], $_POST['add_description'], $_POST['add_group'], $_POST['add_rgroup'], $_POST['add_wgroup']);
127a128,129
> $flexshare->SetRGroup($name, $_POST['rgroup']);
> $flexshare->SetWGroup($name, $_POST['wgroup']);
369a372,373
> <td>" . $shares[$index]['RGroup'] . "</td>
> <td>" . $shares[$index]['WGroup'] . "</td>
403a408,409
> WEB_LANG_READ_LIST . "|" .
> WEB_LANG_WRITE_LIST . "|" .
467a474
>
472a480,490
> $add_rgroup = isset($_POST['add_rgroup']) ? $_POST['add_rgroup'] : "";
>
> if (empty($add_rgroup) && in_array(Group::CONSTANT_ALL_USERS_GROUP, $groups))
> $add_rgroup = Group::CONSTANT_ALL_USERS_GROUP;
>
> $add_wgroup = isset($_POST['add_wgroup']) ? $_POST['add_wgroup'] : "";
>
> if (empty($add_wgroup) && in_array(Group::CONSTANT_ALL_USERS_GROUP, $groups))
> $add_wgroup = Group::CONSTANT_ALL_USERS_GROUP;
>
>
488a507,514
> <td class='mytablesubheader' nowrap>" . WEB_LANG_READ_LIST . "</td>
> <td nowrap>" . WebDropDownHash("add_rgroup", $add_rgroup, $owners) . "</td>
> </tr>
> <tr>
> <td class='mytablesubheader' nowrap>" . WEB_LANG_WRITE_LIST . "</td>
> <td nowrap>" . WebDropDownHash("add_wgroup", $add_wgroup, $owners) . "</td>
> </tr>
> <tr>
569a596,631
> $rgroup_select = '';
>
> // Read List
> foreach ($groups as $group) {
> $selected = ($group === $share['ShareRGroup']) ? "selected" : '';
> $rgroup_select .= "<option value='" . $group . "' $selected>" . GROUP_LANG_GROUP . ' - ' . $group . "</option>\n";
> }
>
> foreach ($users as $group) {
> $selected = ($group === $share['ShareRGroup']) ? "selected" : '';
> $rgroup_select .= "<option value='" . $group . "' $selected>" . GROUP_LANG_USER . ' - ' . $group . "</option>\n";
> }
>
> if (empty($groups))
> $rgroup_select = WEB_LANG_GROUP_REQUIRED . " - " . WebUrlJump("groups.php", LOCALE_LANG_CONFIGURE);
> else
> $rgroup_select = "<select name='rgroup'>$rgroup_select</select>";
>
> //Write List
> $wgroup_select = '';
>
> foreach ($groups as $group) {
> $selected = ($group === $share['ShareWGroup']) ? "selected" : '';
> $wgroup_select .= "<option value='" . $group . "' $selected>" . GROUP_LANG_GROUP . ' - ' . $group . "</option>\n";
> }
>
> foreach ($users as $group) {
> $selected = ($group === $share['ShareWGroup']) ? "selected" : '';
> $wgroup_select .= "<option value='" . $group . "' $selected>" . GROUP_LANG_USER . ' - ' . $group . "</option>\n";
> }
>
> if (empty($groups))
> $wgroup_select = WEB_LANG_GROUP_REQUIRED . " - " . WebUrlJump("groups.php", LOCALE_LANG_CONFIGURE);
> else
> $wgroup_select = "<select name='wgroup'>$wgroup_select</select>";
>
585a648,655
> <td class='mytablesubheader' nowrap>" . WEB_LANG_READ_LIST . "</td>
> <td>$rgroup_select</td>
> </tr>
> <tr>
> <td class='mytablesubheader' nowrap>" . WEB_LANG_WRITE_LIST . "</td>
> <td>$wgroup_select</td>
> </tr>
> <tr>


and the diff for Flexshare.class.php


165a166,167
> const REGEX_SHARE_RGROUP = '^[[:space:]]*ShareRGroup[[:space:]]*=[[:space:]]*(.*$)';
> const REGEX_SHARE_WGROUP = '^[[:space:]]*ShareWGroup[[:space:]]*=[[:space:]]*(.*$)';
268a271,274
> } elseif (eregi(self::REGEX_SHARE_RGROUP, $line, $match)) {
> $share['RGroup'] = $match[1];
> } elseif (eregi(self::REGEX_SHARE_WGROUP, $line, $match)) {
> $share['WGroup'] = $match[1];
307a314,315
> * @param string $rgroup read list of the flexshare
> * @param string $wgroup write list of the flexshare
314c322
< function AddShare($name, $description, $group, $internal = false)
---
> function AddShare($name, $description, $group, $rgroup, $wgroup, $internal = false)
329a338,343
> if (! $this->IsValidGroup($rgroup))
> throw new ValidationException(FLEXSHARE_LANG_ERRMSG_INVALID_READ_LIST);
>
> if (! $this->IsValidGroup($wgroup))
> throw new ValidationException(FLEXSHARE_LANG_ERRMSG_INVALID_WRITE_LIST);
>
378a393,394
> " ShareRGroup=$rgroup\n" .
> " ShareWGroup=$wgroup\n" .
1717a1734,1755
>
> // Add Read list
> $group = new Group($share['ShareRGroup']);
>
> if ($group->Exists()) {
> $linestoadd .= "\tread list = @\"%D" . '\\' . trim($share["ShareRGroup"]) . "\"\n";
> } else {
> $user = new User($share['ShareRGroup']);
> if ($user->Exists())
> $linestoadd .= "\tread list = \"%D" . '\\' . trim($share["ShareRGroup"]) . "\"\n";
> }
>
> // Add Write list
> $group = new Group($share['ShareWGroup']);
>
> if ($group->Exists()) {
> $linestoadd .= "\twrite list = @\"%D" . '\\' . trim($share["ShareWGroup"]) . "\"\n";
> } else {
> $user = new User($share['ShareWGroup']);
> if ($user->Exists())
> $linestoadd .= "\twrite list = \"%D" . '\\' . trim($share["ShareWGroup"]) . "\"\n";
> }
2100a2139,2192
> * Sets a flexshare's read list.
> *
> * @param string $name flexshare name
> * @param string $group flexshare group owner
> * @returns void
> * @throws ValidationException, EngineException
> */
>
> function SetRGroup($name, $group)
> {
> if (COMMON_DEBUG_MODE)
> self::Log(COMMON_DEBUG, 'called', __METHOD__, __LINE__);
>
> if (! $this->IsValidGroup($group))
> throw new ValidationException(FLEXSHARE_LANG_ERRMSG_INVALID_GROUP);
>
> if ($this->GetParameter($name, 'ShareRGroup') == $group)
> return;
>
> $this->SetParameter($name, 'ShareRGroup', $group);
> $enabled = 0;
> if ($this->GetParameter($name, 'ShareEnabled'))
> $enabled = (int)$this->GetParameter($name, 'ShareEnabled');
> $this->ToggleShare($name, $enabled, true);
> }
>
> /**
> * Sets a flexshare's write list.
> *
> * @param string $name flexshare name
> * @param string $group flexshare group owner
> * @returns void
> * @throws ValidationException, EngineException
> */
>
> function SetWGroup($name, $group)
> {
> if (COMMON_DEBUG_MODE)
> self::Log(COMMON_DEBUG, 'called', __METHOD__, __LINE__);
>
> if (! $this->IsValidGroup($group))
> throw new ValidationException(FLEXSHARE_LANG_ERRMSG_INVALID_GROUP);
>
> if ($this->GetParameter($name, 'ShareWGroup') == $group)
> return;
>
> $this->SetParameter($name, 'ShareWGroup', $group);
> $enabled = 0;
> if ($this->GetParameter($name, 'ShareEnabled'))
> $enabled = (int)$this->GetParameter($name, 'ShareEnabled');
> $this->ToggleShare($name, $enabled, true);
> }
>
> /**
Wednesday, August 17 2011, 09:46 AM
Share this post:
Responses (24)
  • Accepted Answer

    Sunday, November 18 2012, 05:03 PM - #Permalink
    Resolved
    0 votes
    Will something of this sort make it to 6.3? it looks like this is something that users of flexshares would greatly benefit from.
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, May 10 2012, 05:42 PM - #Permalink
    Resolved
    0 votes
    Hello!

    Just wondered if the flexshares improvements suggested here using ACL etc - e.g. Read or Read/Write or No access have been incorporated into Version 6 or if there is a patch/update for 5.2??

    We have a situation where a client using Windows Server had a General share for public documents for all staff however a couple of directories within the share were locked down to only a couple of users - rather than create a new share just for a few people and a few files. The had used ACL to lock down folders within folders.

    So....we would be looking for the ability to do this on the ClearOS system - a directory within a flexshare that is only Read/Write for a few named users however all the other folders would have the allusers group access.

    If its sorted in version 6.x then great however it is a pity that 5.2 can not achieve this sort of ACL ability.

    Can any of the ClearOS dev team confirm the current situation for achieving the above.

    Many thanks,

    Andy
    The reply is currently minimized Show
  • Accepted Answer

    Arnaud
    Arnaud
    Offline
    Monday, February 27 2012, 02:43 PM - #Permalink
    Resolved
    0 votes
    + 1
    This functionnality would be appreciated. I've COS running into schools and I've separate shares for students and teachers and some were teachers have write access and studends read access. So this functionnality will be great for these cases.

    Thanks
    The reply is currently minimized Show
  • Accepted Answer

    Kevin
    Kevin
    Offline
    Thursday, February 23 2012, 07:18 PM - #Permalink
    Resolved
    0 votes
    I second the request. None of our customers have requested or use the functionality in Flexshares but all have requested separate read/write/no access permisions.
    The reply is currently minimized Show
  • Accepted Answer

    Jay M
    Jay M
    Offline
    Thursday, February 23 2012, 08:23 AM - #Permalink
    Resolved
    0 votes
    Can we add something like this in COS:

    http://www.clearfoundation.com/media/kunena/attachments/legacy/images/omv.jpg

    It's screen shot of OMV (Open Media Vault), a new contender for FreeNAS & OpenFiler :)
    Attachments:
    The reply is currently minimized Show
  • Accepted Answer

    Jay M
    Jay M
    Offline
    Friday, January 20 2012, 04:02 AM - #Permalink
    Resolved
    0 votes
    Thanks J, it works.

    But can we do that the other way around? Like setting up the folder to read/write to a group in Flexshares and then later add other group as read only using the custom flexshare conf file?

    I try (using your example):

    Set the library_managers group as owner and has read/write access using Flexshares and on the flexshare.custom.conf:


    [library]
    read list = @"%D\library_users"


    But it won't work.
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, January 19 2012, 08:04 PM - #Permalink
    Resolved
    0 votes
    That is interesting. I did not know a share name could be used more than once. Does that only work if the parameter is only specified once between the share definitions or can a parameter be specified in both with one taking precedence over the other?
    The reply is currently minimized Show
  • Accepted Answer

    J
    J
    Offline
    Thursday, January 19 2012, 12:06 PM - #Permalink
    Resolved
    0 votes
    I didn't use the patch and decided to go for a conf (non Webconfig solution) for adding additional ACLs for my flexshares.

    I included another conf file in smb.conf just after where it includes the flexshare.conf (In my case, I called my new one flexshare.custom.conf)

    I then specified the already existing samba shares I wanted to add additional options to in that file. For example, I made a share called "Library" which was read only for everyone but then I added the following to my flexshare.custom.conf to allow a group called "library_managers" to write to it
    [library]
    write list = @"%D\library_managers"


    Not as elegant as a webconfig solution but it works and the workload of maintaining an extra conf file is less then maintaining a patch to the webconfig. I was very surprised that the Flexshare stuff lacked such very basic ACL features.
    The reply is currently minimized Show
  • Accepted Answer

    Jay M
    Jay M
    Offline
    Thursday, January 19 2012, 08:56 AM - #Permalink
    Resolved
    0 votes
    Got the same problem. No solution yet?
    The reply is currently minimized Show
  • Accepted Answer

    Ryan
    Ryan
    Offline
    Thursday, December 29 2011, 02:32 PM - #Permalink
    Resolved
    0 votes
    Yip, still no resolution to this on my side.
    The reply is currently minimized Show
Your Reply