Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(553)

Issue 123780043: FSA Fix b/16198970: Config option to skip reading share ACL (Closed)

Can't Edit
Can't Publish+Mail
Start Review
Created:
9 years, 7 months ago by Brett
Modified:
9 years, 7 months ago
Reviewers:
pjo, mifern, JohnL
CC:
connector-cr_google.com
Visibility:
Public.

Description

The adaptor attempts to preserve access control integrity when sending Access Control Lists (ACLs) to the GSA. In general, only users that have access to a file share have access to the files maintained on that share, so the adaptor includes the share's ACL in those sent to the GSA. However, in some configurations, the adaptor may not have sufficient permissions to read the share ACL. In those instances, the broken share ACL will prevent all files maintained on that file share from appearing in search results. The GSA's Index Diagnostics for those will also indicate a broken inheritance chain. If the share ACL cannot be read by the adaptor, the administrator may skip the attempt to read the share ACL by setting the 'filesystemadaptor.skipShareAccessControl' configuration option to 'true'. This feeds a highly permissive share ACL to the GSA, rather than the actual share ACL, leaving only the file system ACLs to control access. WARNING: Bypassing the file share access control may be inconsistent with enterprise security policies. This may allow users that do not have access to the file share to see documents hosted by that file share in search results.

Patch Set 1 #

Total comments: 4

Patch Set 2 : John's Feedback, minor edits before pushing. #

Unified diffs Side-by-side diffs Delta from patch set Stats (+101 lines, -6 lines) Patch
M src/com/google/enterprise/adaptor/fs/FsAdaptor.java View 1 6 chunks +19 lines, -3 lines 0 comments Download
M src/overview.html View 3 chunks +39 lines, -3 lines 0 comments Download
M test/com/google/enterprise/adaptor/fs/FsAdaptorTest.java View 1 chunk +43 lines, -0 lines 0 comments Download

Messages

Total messages: 7
Brett
9 years, 7 months ago (2014-08-05 23:35:15 UTC) #1
pjo
Great. LGTM. Thank you
9 years, 7 months ago (2014-08-05 23:40:48 UTC) #2
Brett
https://codereview.appspot.com/123780043/diff/1/src/com/google/enterprise/adaptor/fs/FsAdaptor.java File src/com/google/enterprise/adaptor/fs/FsAdaptor.java (right): https://codereview.appspot.com/123780043/diff/1/src/com/google/enterprise/adaptor/fs/FsAdaptor.java#newcode383 src/com/google/enterprise/adaptor/fs/FsAdaptor.java:383: // Ignore the Share ACL, but create an benign ...
9 years, 7 months ago (2014-08-05 23:53:08 UTC) #3
JohnL
Minor comment. Are you waiting on a review from Miguel? John L https://codereview.appspot.com/123780043/diff/1/src/com/google/enterprise/adaptor/fs/FsAdaptor.java File src/com/google/enterprise/adaptor/fs/FsAdaptor.java ...
9 years, 7 months ago (2014-08-11 18:51:56 UTC) #4
Brett
> Are you waiting on a review from Miguel? I was actually waiting for feedback ...
9 years, 7 months ago (2014-08-12 01:15:17 UTC) #5
Brett
John's Feedback, minor edits before pushing.
9 years, 7 months ago (2014-08-12 01:17:50 UTC) #6
Brett
9 years, 7 months ago (2014-08-12 01:20:21 UTC) #7
Committed 11 August 2014 to Filesystem Adaptor:

To https://code.google.com/p/plexi.fs/
   062155f..9aa177d  master -> master
Sign in to reply to this message.

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld f62528b