Add ability to control strict user ownership check #2300

2026-06-22 12:10:28 +01:00 · 2024-11-28 21:14:58 +02:00
parent 83457fe4c0
commit d2db00a5d1
3 changed files with 26 additions and 11 deletions
--- a/filemin/acl_security.pl
+++ b/filemin/acl_security.pl
@@ -23,7 +23,10 @@ sub acl_security_form {
 	       [ [ 0, $text{'acl_root'} ],
 		 [ 1, $text{'acl_same'} ],
 		 [ 2, $text{'acl_user'},
-		   ui_user_textbox("acl_user", $access->{'work_as_user'}) ] ]),
+		   ui_user_textbox("acl_user", $access->{'work_as_user'})."&nbsp;".
+		       &ui_checkbox("acl_user_strict", 1, $text{'acl_user_strict'}.
+		           &ui_help($text{'acl_user_strict_desc'}),
+                       $access->{'work_as_user_strict'}) ] ]),
 	3);

    # Upload max
@@ -57,6 +60,7 @@ sub acl_security_save {
 	defined(getpwnam($in->{'acl_user'})) || &error($text{'acl_euser'});
        $access->{'work_as_root'} = 0;
        $access->{'work_as_user'} = $in->{'acl_user'};
+        $access->{'work_as_user_strict'} = $in->{'acl_user_strict'};
    }
    $access->{'max'} = $in->{'max_def'} ? undef : $in{'max'};
 }
--- a/filemin/filemin-lib.pl
+++ b/filemin/filemin-lib.pl
@@ -41,20 +41,29 @@ sub get_selinux_command {

 sub can_write {
    my ($file) = @_;
+    # No restrictions for root
    if (&webmin_user_is_admin()) {
        return 1;
    }
-    # Check if the file is a symbolic link
-    if (-l $file) {
-        # Resolve symbolic link
-        my $resolved_file = readlink($file);
-        # If the link is broken, allow writing to the link itself
-        return -w $file if (!$resolved_file);
-        # Otherwise, check the resolved file
-        $file = $resolved_file;
+    # If strict check is enabled or if safe user check for write
+    # access explicitly
+    if ($access{'work_as_user_strict'} || $access{'_safe'}) {
+        # Check if the file is a symbolic link
+        if (-l $file) {
+            # Resolve symbolic link
+            my $resolved_file = readlink($file);
+            # If the link is broken, allow writing to the link itself
+            return -w $file if (!$resolved_file);
+            # Otherwise, check the resolved file
+            $file = $resolved_file;
+        }
+        # Check if the file itself is writable
+        return -w $file;
+    }
+    # Otherwise, allow writing depending on Unix permissions
+    else {
+        return 1;
    }
-    # Check if the file itself is writable
-    return -w $file;
 }

 sub can_move {
--- a/filemin/lang/en
+++ b/filemin/lang/en
@@ -131,6 +131,8 @@ acl_work_as=Access files as Unix user
 acl_root=Root (grant with care to un-trusted users!)
 acl_same=Same as Webmin login
 acl_user=Specific Unix user
+acl_user_strict=Enable strict user ownership checks
+acl_user_strict_desc=If enabled, the user can only delete and move files they own. This differs from standard Unix behavior, where a user can delete or move any file within a directory they have write access to
 acl_euser=Selected Unix user does not exist!
 acl_epath=Path $1 does not exist
 acl_max=Maximum size for uploaded files