noobaa-core icon indicating copy to clipboard operation
noobaa-core copied to clipboard

Published 20 hours ago verified publisher icon noobaa

NSFS add bucket option "followSymlinks"

Open guymguym opened this issue 3 years ago • 4 comments

Environment info

  • NooBaa Version: master-20210505
  • Platform: NA

Actual behavior

  1. Currently we use stat to access the filesystem, which means that we will follow symlinks.

Expected behavior

  1. Using lstat makes sure that symbolic links are not followed, which might be required to prevent trespassing over to other areas of the filesystem tree which were not exported to the user.
  2. Some use cases require following links and other require avoiding it, we would want to have a configuration option whether to follow links or not.

Steps to reproduce

  1. Create a symlink to /etc and behold as the S3 bucket starts reading from /etc of the endpoint pod.

More information - Screenshots / Logs / Other output

guymguym avatar May 05 '21 17:05 guymguym

@guymguym is this per system configuration or per exported bucket?

nimrod-becker avatar May 05 '21 17:05 nimrod-becker

According to our discussion I think that per bucket since this is a security property that admins would set for the dataset.

guymguym avatar May 06 '21 10:05 guymguym

lstat: https://github.com/noobaa/noobaa-core/pull/6588

liranmauda avatar Jun 27 '21 08:06 liranmauda