Hello,
This is my trick to implement the samba Read List and Write List to the web interface of clear os flexshare
read list
This is a list of users that are given read-only access to a service. If the connecting user is in this list then they will not be given write access, no matter what the read only option is set to. The list can include group names using the syntax described in the invalid users parameter.
This parameter will not work with the security = share in Samba 3.0. This is by design.
Default: read list =
Example: read list = mary, @students
write list
This is a list of users that are given read-write access to a service. If the connecting user is in this list then they will be given write access, no matter what the read only option is set to. The list can include group names using the @group syntax.
Note that if a user is in both the read list and the write list then they will be given write access.
By design, this parameter will not work with the security = share in Samba 3.0.
Default: write list =
Example: write list = admin, root, @staff
it is based on app-flexshare-5.2-10.i386.rpm and app-flexshare-api-5.2-10.i386.rpm
I made changes in the code of
/var/webconfig/htdocs/admin/flexshare.php
and
/var/webconfig/api/Flexshare.class.php
It works on my server !
You need to create a group for the Read List and a group for the users ine the Write List
the language files must be modified to add translations for
WEB_LANG_READ_LIST "Read List"
WEB_LANG_WRITE_LIST "Write List"
FLEXSHARE_LANG_ERRMSG_INVALID_READ_LIST "Invalid Read List"
FLEXSHARE_LANG_ERRMSG_INVALID_WRITE_LIST "Invalid Write List"
this the diff for flexshare.php
and the diff for Flexshare.class.php
This is my trick to implement the samba Read List and Write List to the web interface of clear os flexshare
read list
This is a list of users that are given read-only access to a service. If the connecting user is in this list then they will not be given write access, no matter what the read only option is set to. The list can include group names using the syntax described in the invalid users parameter.
This parameter will not work with the security = share in Samba 3.0. This is by design.
Default: read list =
Example: read list = mary, @students
write list
This is a list of users that are given read-write access to a service. If the connecting user is in this list then they will be given write access, no matter what the read only option is set to. The list can include group names using the @group syntax.
Note that if a user is in both the read list and the write list then they will be given write access.
By design, this parameter will not work with the security = share in Samba 3.0.
Default: write list =
Example: write list = admin, root, @staff
it is based on app-flexshare-5.2-10.i386.rpm and app-flexshare-api-5.2-10.i386.rpm
I made changes in the code of
/var/webconfig/htdocs/admin/flexshare.php
and
/var/webconfig/api/Flexshare.class.php
It works on my server !
You need to create a group for the Read List and a group for the users ine the Write List
the language files must be modified to add translations for
WEB_LANG_READ_LIST "Read List"
WEB_LANG_WRITE_LIST "Write List"
FLEXSHARE_LANG_ERRMSG_INVALID_READ_LIST "Invalid Read List"
FLEXSHARE_LANG_ERRMSG_INVALID_WRITE_LIST "Invalid Write List"
this the diff for flexshare.php
100c100
< $flexshare->AddShare($_POST['add_name'], $_POST['add_description'], $_POST['add_group']);
---
> $flexshare->AddShare($_POST['add_name'], $_POST['add_description'], $_POST['add_group'], $_POST['add_rgroup'], $_POST['add_wgroup']);
127a128,129
> $flexshare->SetRGroup($name, $_POST['rgroup']);
> $flexshare->SetWGroup($name, $_POST['wgroup']);
369a372,373
> <td>" . $shares[$index]['RGroup'] . "</td>
> <td>" . $shares[$index]['WGroup'] . "</td>
403a408,409
> WEB_LANG_READ_LIST . "|" .
> WEB_LANG_WRITE_LIST . "|" .
467a474
>
472a480,490
> $add_rgroup = isset($_POST['add_rgroup']) ? $_POST['add_rgroup'] : "";
>
> if (empty($add_rgroup) && in_array(Group::CONSTANT_ALL_USERS_GROUP, $groups))
> $add_rgroup = Group::CONSTANT_ALL_USERS_GROUP;
>
> $add_wgroup = isset($_POST['add_wgroup']) ? $_POST['add_wgroup'] : "";
>
> if (empty($add_wgroup) && in_array(Group::CONSTANT_ALL_USERS_GROUP, $groups))
> $add_wgroup = Group::CONSTANT_ALL_USERS_GROUP;
>
>
488a507,514
> <td class='mytablesubheader' nowrap>" . WEB_LANG_READ_LIST . "</td>
> <td nowrap>" . WebDropDownHash("add_rgroup", $add_rgroup, $owners) . "</td>
> </tr>
> <tr>
> <td class='mytablesubheader' nowrap>" . WEB_LANG_WRITE_LIST . "</td>
> <td nowrap>" . WebDropDownHash("add_wgroup", $add_wgroup, $owners) . "</td>
> </tr>
> <tr>
569a596,631
> $rgroup_select = '';
>
> // Read List
> foreach ($groups as $group) {
> $selected = ($group === $share['ShareRGroup']) ? "selected" : '';
> $rgroup_select .= "<option value='" . $group . "' $selected>" . GROUP_LANG_GROUP . ' - ' . $group . "</option>\n";
> }
>
> foreach ($users as $group) {
> $selected = ($group === $share['ShareRGroup']) ? "selected" : '';
> $rgroup_select .= "<option value='" . $group . "' $selected>" . GROUP_LANG_USER . ' - ' . $group . "</option>\n";
> }
>
> if (empty($groups))
> $rgroup_select = WEB_LANG_GROUP_REQUIRED . " - " . WebUrlJump("groups.php", LOCALE_LANG_CONFIGURE);
> else
> $rgroup_select = "<select name='rgroup'>$rgroup_select</select>";
>
> //Write List
> $wgroup_select = '';
>
> foreach ($groups as $group) {
> $selected = ($group === $share['ShareWGroup']) ? "selected" : '';
> $wgroup_select .= "<option value='" . $group . "' $selected>" . GROUP_LANG_GROUP . ' - ' . $group . "</option>\n";
> }
>
> foreach ($users as $group) {
> $selected = ($group === $share['ShareWGroup']) ? "selected" : '';
> $wgroup_select .= "<option value='" . $group . "' $selected>" . GROUP_LANG_USER . ' - ' . $group . "</option>\n";
> }
>
> if (empty($groups))
> $wgroup_select = WEB_LANG_GROUP_REQUIRED . " - " . WebUrlJump("groups.php", LOCALE_LANG_CONFIGURE);
> else
> $wgroup_select = "<select name='wgroup'>$wgroup_select</select>";
>
585a648,655
> <td class='mytablesubheader' nowrap>" . WEB_LANG_READ_LIST . "</td>
> <td>$rgroup_select</td>
> </tr>
> <tr>
> <td class='mytablesubheader' nowrap>" . WEB_LANG_WRITE_LIST . "</td>
> <td>$wgroup_select</td>
> </tr>
> <tr>
and the diff for Flexshare.class.php
165a166,167
> const REGEX_SHARE_RGROUP = '^[[:space:]]*ShareRGroup[[:space:]]*=[[:space:]]*(.*$)';
> const REGEX_SHARE_WGROUP = '^[[:space:]]*ShareWGroup[[:space:]]*=[[:space:]]*(.*$)';
268a271,274
> } elseif (eregi(self::REGEX_SHARE_RGROUP, $line, $match)) {
> $share['RGroup'] = $match[1];
> } elseif (eregi(self::REGEX_SHARE_WGROUP, $line, $match)) {
> $share['WGroup'] = $match[1];
307a314,315
> * @param string $rgroup read list of the flexshare
> * @param string $wgroup write list of the flexshare
314c322
< function AddShare($name, $description, $group, $internal = false)
---
> function AddShare($name, $description, $group, $rgroup, $wgroup, $internal = false)
329a338,343
> if (! $this->IsValidGroup($rgroup))
> throw new ValidationException(FLEXSHARE_LANG_ERRMSG_INVALID_READ_LIST);
>
> if (! $this->IsValidGroup($wgroup))
> throw new ValidationException(FLEXSHARE_LANG_ERRMSG_INVALID_WRITE_LIST);
>
378a393,394
> " ShareRGroup=$rgroup\n" .
> " ShareWGroup=$wgroup\n" .
1717a1734,1755
>
> // Add Read list
> $group = new Group($share['ShareRGroup']);
>
> if ($group->Exists()) {
> $linestoadd .= "\tread list = @\"%D" . '\\' . trim($share["ShareRGroup"]) . "\"\n";
> } else {
> $user = new User($share['ShareRGroup']);
> if ($user->Exists())
> $linestoadd .= "\tread list = \"%D" . '\\' . trim($share["ShareRGroup"]) . "\"\n";
> }
>
> // Add Write list
> $group = new Group($share['ShareWGroup']);
>
> if ($group->Exists()) {
> $linestoadd .= "\twrite list = @\"%D" . '\\' . trim($share["ShareWGroup"]) . "\"\n";
> } else {
> $user = new User($share['ShareWGroup']);
> if ($user->Exists())
> $linestoadd .= "\twrite list = \"%D" . '\\' . trim($share["ShareWGroup"]) . "\"\n";
> }
2100a2139,2192
> * Sets a flexshare's read list.
> *
> * @param string $name flexshare name
> * @param string $group flexshare group owner
> * @returns void
> * @throws ValidationException, EngineException
> */
>
> function SetRGroup($name, $group)
> {
> if (COMMON_DEBUG_MODE)
> self::Log(COMMON_DEBUG, 'called', __METHOD__, __LINE__);
>
> if (! $this->IsValidGroup($group))
> throw new ValidationException(FLEXSHARE_LANG_ERRMSG_INVALID_GROUP);
>
> if ($this->GetParameter($name, 'ShareRGroup') == $group)
> return;
>
> $this->SetParameter($name, 'ShareRGroup', $group);
> $enabled = 0;
> if ($this->GetParameter($name, 'ShareEnabled'))
> $enabled = (int)$this->GetParameter($name, 'ShareEnabled');
> $this->ToggleShare($name, $enabled, true);
> }
>
> /**
> * Sets a flexshare's write list.
> *
> * @param string $name flexshare name
> * @param string $group flexshare group owner
> * @returns void
> * @throws ValidationException, EngineException
> */
>
> function SetWGroup($name, $group)
> {
> if (COMMON_DEBUG_MODE)
> self::Log(COMMON_DEBUG, 'called', __METHOD__, __LINE__);
>
> if (! $this->IsValidGroup($group))
> throw new ValidationException(FLEXSHARE_LANG_ERRMSG_INVALID_GROUP);
>
> if ($this->GetParameter($name, 'ShareWGroup') == $group)
> return;
>
> $this->SetParameter($name, 'ShareWGroup', $group);
> $enabled = 0;
> if ($this->GetParameter($name, 'ShareEnabled'))
> $enabled = (int)$this->GetParameter($name, 'ShareEnabled');
> $this->ToggleShare($name, $enabled, true);
> }
>
> /**
Share this post:
Responses (24)
-
Accepted Answer
-
Accepted Answer
Hello!
Just wondered if the flexshares improvements suggested here using ACL etc - e.g. Read or Read/Write or No access have been incorporated into Version 6 or if there is a patch/update for 5.2??
We have a situation where a client using Windows Server had a General share for public documents for all staff however a couple of directories within the share were locked down to only a couple of users - rather than create a new share just for a few people and a few files. The had used ACL to lock down folders within folders.
So....we would be looking for the ability to do this on the ClearOS system - a directory within a flexshare that is only Read/Write for a few named users however all the other folders would have the allusers group access.
If its sorted in version 6.x then great however it is a pity that 5.2 can not achieve this sort of ACL ability.
Can any of the ClearOS dev team confirm the current situation for achieving the above.
Many thanks,
Andy -
Accepted Answer
-
Accepted Answer
-
Accepted Answer
Can we add something like this in COS:
It's screen shot of OMV (Open Media Vault), a new contender for FreeNAS & OpenFiler -
Accepted Answer
Thanks J, it works.
But can we do that the other way around? Like setting up the folder to read/write to a group in Flexshares and then later add other group as read only using the custom flexshare conf file?
I try (using your example):
Set the library_managers group as owner and has read/write access using Flexshares and on the flexshare.custom.conf:
[library]
read list = @"%D\library_users"
But it won't work. -
Accepted Answer
-
Accepted Answer
I didn't use the patch and decided to go for a conf (non Webconfig solution) for adding additional ACLs for my flexshares.
I included another conf file in smb.conf just after where it includes the flexshare.conf (In my case, I called my new one flexshare.custom.conf)
I then specified the already existing samba shares I wanted to add additional options to in that file. For example, I made a share called "Library" which was read only for everyone but then I added the following to my flexshare.custom.conf to allow a group called "library_managers" to write to it
[library]
write list = @"%D\library_managers"
Not as elegant as a webconfig solution but it works and the workload of maintaining an extra conf file is less then maintaining a patch to the webconfig. I was very surprised that the Flexshare stuff lacked such very basic ACL features. -
Accepted Answer
Hello all,
I tried again to install the patches from Eric Mols but as soon as the patches are set, I cannot edit or remove any flexhshare anymore. I always get the error : flexshare name missing. Does anyone already had this problem ?
Finally, I just noticed that I'v exactly the same problem has Ryan. Is there a workaround for that ?
Thanks -
Accepted Answer
-
Accepted Answer
Hello all,
I installed that several times withou any problem but today, after installation, I can't configure any flexshare anymore ...
I always get the following errors :
Nov 22 15:48:48 system engine: exception: debug backtrace: Flexshare.class.php (3019): GenerateFileFlexshares
Nov 22 15:48:48 system engine: exception: debug backtrace: flexshare.php (197): SetFileEnabled
Nov 22 15:48:48 system engine: exception: error: Group.class.php (409): groupname not specified.
Nov 22 15:48:48 system engine: exception: debug backtrace: Flexshare.class.php (1738): Exists
Nov 22 15:48:48 system engine: exception: debug backtrace: Flexshare.class.php (3019): GenerateFileFlexshares
Nov 22 15:48:48 system engine: exception: debug backtrace: flexshare.php (197): SetFileEnabled
Nov 22 15:48:48 system engine: exception: error: Flexshare.class.php (3027): groupname not specified.
Nov 22 15:48:48 system engine: exception: debug backtrace: flexshare.php (197): SetFileEnabled
I tried to remove the groupanmes in flexshare.conf, tried to create a new one but always same error message .....
No idea where does this problem comes from ....
Per advance, I thank you for your help -
Accepted Answer
-
Accepted Answer
-
Accepted Answer
This is what I have for the new share just created.
<Share test>
FileEnabled=0
FilePermission=4
FilePublicAccess=
FileRecycleBin=1
FileAuditLog=0
FileBrowseable=1
FileModified=1313670785
FileComment=Flexshare - Test
ShareDescription=Test
ShareGroup=allusers
ShareRGroup=charles.xxxx
ShareWGroup=lizelle.xxxxx
ShareCreated=1313668822
ShareModified=1313668822
ShareEnabled=1
ShareDir=/var/flexshare/shares/test
ShareInternal=
</Share> -
Accepted Answer
ok
check your /etc/flexshare.conf
I copy one share of mine as a sample
<Share compta>
FileEnabled=1
FilePermission=4
FilePublicAccess=
FileRecycleBin=1
FileAuditLog=0
FileBrowseable=1
FileModified=1312979680
FileComment=Flexshare - Comptabilite
ShareDescription=Comptabilite
ShareGroup=comptables
ShareRGroup=comptables
ShareWGroup=comptables
ShareCreated=1312903354
ShareModified=1312903354
ShareEnabled=1
ShareDir=/var/flexshare/shares/compta
ShareInternal=
</Share>
Please, check if you have
ShareRGroup=xxxxxx
ShareWGroup=xxxxxx
in you share definition. -
Accepted Answer
SERVER-smbd shows:
[2011/08/18 12:10:49.300591, 1] smbd/server.c:240(cleanup_timeout_fn)
Cleaning up brl and lock database after unclean shutdown
[2011/08/18 12:11:13.553633, 1] smbd/server.c:267(remove_child_pid)
Scheduled cleanup of brl and lock database after unclean shutdown
[2011/08/18 12:11:33.553982, 1] smbd/server.c:240(cleanup_timeout_fn)
Cleaning up brl and lock database after unclean shutdown
[2011/08/18 12:49:39.403537, 1] smbd/server.c:267(remove_child_pid)
Scheduled cleanup of brl and lock database after unclean shutdown
[2011/08/18 12:49:59.403822, 1] smbd/server.c:240(cleanup_timeout_fn)
Cleaning up brl and lock database after unclean shutdown
[2011/08/18 13:17:25.887980, 1] smbd/server.c:267(remove_child_pid)
Scheduled cleanup of brl and lock database after unclean shutdown
[2011/08/18 13:17:45.887978, 1] smbd/server.c:240(cleanup_timeout_fn)
Cleaning up brl and lock database after unclean shutdown
[2011/08/18 14:23:19.897366, 1] param/loadparm.c:6890(service_ok)
NOTE: Service profiles is flagged unavailable.
[2011/08/18 14:24:39.103747, 1] param/loadparm.c:6890(service_ok)
NOTE: Service profiles is flagged unavailable. -
Accepted Answer
-
Accepted Answer
-
Accepted Answer
-
Accepted Answer
Hi Eric,
This is great- Thanks!
Is there a way to make this modification allow multiple selections in the drop down menus so that one can select multiple individual users or groups per Read and Write list?
Possibly even a No-Access List to block a specific user / group.
Something like that will make the Flexshare system much better. -
Accepted Answer
Eric, thanks for that it looks great!
As a suggestion could you provide the changes as a unified diff so that users can just apply the patch?
For example:-
diff -uNrp /var/webconfig/htdocs/admin/flexshare.php /var/webconfig/htdocs/admin/flexshare.php.NEW > flexshare.php.diff
diff -uNrp /var/webconfig/api/Flexshare.class.php /var/webconfig/api/Flexshare.class.php.NEW > Flexshare.class.php.diff
People can then apply the patches by running
cd /var/webconfig/htdocs/admin/
patch < /var/tmp/flexshare.php.diff
cd /var/webconfig/api/
patch < /var/tmp/Flexshare.class.php.diff
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »