• Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login
  • Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login

FOG image capture file permissions

Scheduled Pinned Locked Moved Solved
FOG Problems
2
7
149
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • A
    AUTH IT Center
    last edited by Aug 7, 2024, 10:25 AM

    Server
    FOG Version: 1.5.10.48
    OS: Ubuntu 22.04

    Hello first post so please forgive me if it’s in the wrong section.

    Since the storage permissions of /images are 775 (https://forums.fogproject.org/topic/17486/fog-1-5-10-and-earlier-nfs-privilege-escalation-vulnerability) shouldn’t the capture image create the files with the same permisssions?

    While testing a new image capture the permissions are 777 and the owner:group is fogproject.

    8292e5c8-febc-49ca-8dd6-59ee9ab41749-image.png

    T 2 Replies Last reply Aug 7, 2024, 11:04 AM Reply Quote 0
    • T
      Tom Elliott @AUTH IT Center
      last edited by Tom Elliott Aug 7, 2024, 7:14 AM Aug 7, 2024, 1:14 PM

      For all watching,

      Yes permissions are set in multiple levels and I forgot one element on the FOS side, apparently it was being re-overwritten at the point of the moveUpload which I had missed on the UI side.

      This should be adjusted accordingly now as well.

      Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

      Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

      Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

      A 1 Reply Last reply Aug 8, 2024, 4:57 AM Reply Quote 0
      • T
        Tom Elliott @AUTH IT Center
        last edited by Aug 7, 2024, 11:04 AM

        @AUTH-IT-Center So the permissions are handled from the FOS side of things, not the FOG side. The NFS bit was to try to ensure a bit more security but it seems this chmod effect was missed on the FOS side.

        I have pushed this and am currently building expermental kernel/inits for this. Give it about 1-2 hours and you should be able to see the new inits from FOG Configuration->InitRD Update

        If you can download the 64 bit (or 32 if the systems is i386 based) and replace the existing (init.xz or init_32.xz respectively) and give it a test? it should work properly moving forward.

        Thank you for letting us know.

        Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

        Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

        Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

        A 1 Reply Last reply Aug 7, 2024, 12:47 PM Reply Quote 0
        • A
          AUTH IT Center @Tom Elliott
          last edited by AUTH IT Center Aug 7, 2024, 6:48 AM Aug 7, 2024, 12:47 PM

          @Tom-Elliott

          unfortunately the same result.

          9db9bd96-c575-4158-87c9-7b08ce9effc0-image.png

          also the permissions of the init.xz and init_32.xz on /var/www/html/fog/service/ipxe/ got 755 instead of 644 and the group www-data (just mentioning)

          30bf9be5-8373-4f32-9f92-c9120a7e3793-image.png

          the system is 64bit

          T A 2 Replies Last reply Aug 7, 2024, 1:04 PM Reply Quote 0
          • T
            Tom Elliott @AUTH IT Center
            last edited by Tom Elliott Aug 7, 2024, 7:09 AM Aug 7, 2024, 1:04 PM

            @AUTH-IT-Center I’m not sure I follow the issues? Edit: Well i think I got it now! 😄

            Thanks for bring this up.

            If you can install the dev-branch of FOG git, this should be corrected as well. No need to update the init’s though not a bad idea either.

            Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

            Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

            Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

            1 Reply Last reply Reply Quote 0
            • T
              Tom Elliott @AUTH IT Center
              last edited by Tom Elliott Aug 7, 2024, 7:14 AM Aug 7, 2024, 1:14 PM

              For all watching,

              Yes permissions are set in multiple levels and I forgot one element on the FOS side, apparently it was being re-overwritten at the point of the moveUpload which I had missed on the UI side.

              This should be adjusted accordingly now as well.

              Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

              Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

              Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

              A 1 Reply Last reply Aug 8, 2024, 4:57 AM Reply Quote 0
              • A
                AUTH IT Center @Tom Elliott
                last edited by Aug 8, 2024, 4:57 AM

                @Tom-Elliott since this is the production server I will try it on a staging one and notify you.

                1 Reply Last reply Reply Quote 0
                • A
                  AUTH IT Center @AUTH IT Center
                  last edited by Aug 8, 2024, 12:31 PM

                  @AUTH-IT-Center with the dev-branch the created folder after the image capture has the correct permissions.

                  83223c8f-3d3a-46ab-af0b-c3634e6768ce-image.png

                  will wait for the update on stable branch to deploy to the production server.

                  Thank you!

                  1 Reply Last reply Reply Quote 0
                  • [[undefined-on, A AUTH IT Center, Aug 10, 2024, 10:37 AM]]
                  • 1 / 1
                  1 / 1
                  • First post
                    6/7
                    Last post

                  151

                  Online

                  12.0k

                  Users

                  17.3k

                  Topics

                  155.2k

                  Posts
                  Copyright © 2012-2024 FOG Project