First Last Prev Next    This bug is not in your last search results.
Bug 29966 - password-less access to ucc-clients removable storage (/run/drives)
password-less access to ucc-clients removable storage (/run/drives)
Status: CLOSED FIXED
Product: Z_Univention Corporate Client (UCC)
Classification: Unclassified
Component: Hardware and device support
unspecified
Other Linux
: P5 normal
: UCC 1.0
Assigned To: Felix Botner
Moritz Muehlenhoff
: interim-3
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-01-08 17:06 CET by Felix Botner
Modified: 2013-03-26 09:14 CET (History)
1 user (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Felix Botner univentionstaff 2013-01-08 17:06:15 CET 
Every user has password-less access to every ucc-client (kerberos) and full read/write permissions on /run/drives/.

We need to secure the access to the /run/drives/usb* directory.
Comment 1 Felix Botner univentionstaff 2013-01-10 17:29:43 CET 
A /etc/lightdm/session-setup/ script has been added. This script changes the permissions of /run/drives to 700 and sets the owner to $USER (the logged in user).
These permissions remain until another user logs in.
Comment 2 Moritz Muehlenhoff univentionstaff 2013-01-29 14:32:58 CET 
Funktioniert, nach einer Anmeldung als Benutzer jmm sind die Berechtigungen anschliessend strikt gesetzt:


root@x201:~# ls -lha /run/drives/
insgesamt 4,0K
drwx------  3 jmm  root   60 Dez 22 17:49 .
drwxr-xr-x 16 root root  580 Dez 22 18:31 ..
drwxrwxrwx  3 root root 4,0K Jan  1  1970 usbdisk-sdc1

Nach einer Anmeldung als ein anderer Benutzer, sind die Rechte auf diesen umgesetzt:

root@x201:~# ls -lha /run/drives/
insgesamt 4,0K
drwx------  3 jmm13 root   60 Dez 22 17:49 .
drwxr-xr-x 16 root  root  580 Dez 22 18:31 ..
drwxrwxrwx  3 root  root 4,0K Jan  1  1970 usbdisk-sdc1
Comment 3 Moritz Muehlenhoff univentionstaff 2013-03-26 09:14:07 CET 
UCC 1.0 has been released: 
http://forum.univention.de/viewtopic.php?f=26&t=2417
http://forum.univention.de/viewtopic.php?f=54&t=2418

If this error occurs again, please use "Clone This Bug".
First Last Prev Next    This bug is not in your last search results.