Conversation
There was a problem hiding this comment.
Is this feature unconditional? Exposing folders (even in a local network) is insecure. It should not be done unless explicitly confirmed (in easyinstall) by the user.
In addition, if I am not mistaken the additional line will be appended each time easyinstall is run, i.e. potentially many times?
|
@uweseimet Those are good points. For the first question, the script will notify the user about pending changes to their system, and solicit a confirmation before proceeding. The easyinstall script invokes another installation script in the Netatalk source tree where this is done: https://github.com/rdmark/Netatalk-2.x/blob/branch-netatalk-2-x/contrib/shell_utils/debian_install.sh#L23 Granted, this does not mention ~/images explicitly. I can add a notice about this earlier on. As for the second question, in the script Netatalk is configured with the |
|
@rdmark I don't think network configurations should just be overwritten. There may be users who already have exported (that's what I assume Netatalk does) something, or who add other exports after easyinstall has been run. Especially users who would like to export the images folder may already have exported something else, or are going to do so. |
|
@rdmark Thinking more about this, IMHO this is all very dangerous. easyinstall is becoming too intrusive. Scripts running with root permissions that reconfigure all kinds services without user control are causing more problems than they are resolving. |
@uweseimet I can see that now after about 1 year of distributing this script with RaSCSI, and other efforts of promoting Netatalk 2x, that there may be a significant install base to justify being more mindful about existing installations. When we set out last year, Netatalk 2 had been practically dead for many years, especially on Linux, so there was little incentive to consider an install base. I will look into improving the script before a future RaSCSI release. As a short term measure, I added a warning message to the script. |
|
@rdmark In any case, please disregard my comment in the ticket about exporting via nfs and samba. This seemed to be a nice idea, but I have realized that it is definitely not what I would want, at least not as a side effect of a software installation. |
@uweseimet Can you please be more specific about when exactly the script became too intrusive, and what new problems they are causing? I can't see how the script today is significantly different from 1.5 years ago, but maybe I'm overlooking something. In fact, we've since added prominent breakdowns of the changes that the script is making before seeking user consent. Of course, I would be the first to admit that the script is not an ideal configuration mechanism and comes with significant risks. Something like deb packages would be a lot cleaner and safer. But at the same time, RaSCSI software runs on what are typically one-purpose, non-business critical systems. From my experience interacting with our end users, they're very used to taking backups of image files, and just reflashing their SD cards with a fresh pre-built RaSCSI image if they encounter challenging issues. Anyhow, I'm definitely interested in exploring alternative distribution solutions, but I don't see it as a high priority. |
@uweseimet Good point about user choice. Now the Netatalk + sharing images dir is an "experimental" option in the menu. |
|
@rdmark I cannot really tell whether the script has changed much in the last 1.5 years. Any script running with root permissions (which cannot be avoided in this case) makes me feel uneasy. And when a scripts starts do export data, and I cannot even do something about it (at least if my understanding is correct), it's even more a good reason to feel uneasy. And the more powerful PIs get, the more likely it is that you would like to run more than just a single piece of software on them. |
|
@rdmark Giving users a choice in such a case is important, thank you. The approval should be given by somebody else. I might simply miss a syntax error somewhere, not being that familiar with python. I wonder whether it would be better to wait until after the 21.10 release before merging, because it is good practice to only fix bugs during a code freeze before a release. |
Yes, this change has become intrusive enough that I agree we should wait until after the release. |
|
@rdmark Sounds good. In particular when something is security-sensitive one should not rush things. |
nucleogenic
left a comment
There was a problem hiding this comment.
Tested option 13:
- No Netatalk installed (pass)
- Enabling the share (pass)
- Removing the share (pass)
Tested option 8 and found a potential usability issue.
Approved, but equally happy to re-test if you wish to make further changes.
|
@uweseimet I decided to merge this before the release, since it adds a layer of protection for users, warning them before potentially overwriting their local configurations. |
|
Kudos, SonarCloud Quality Gate passed!
|
No description provided.