How can I protect a plugin/jail from being deleted?

[wgscott]

Is there a way to prevent a freeNAS GUI user from accidentally or maliciously deleting a jail?

I tried by setting the schg extended attribute flag with sudo chflag <jailname>, which protects it from root on the command-line, but the GUI either ignores or changes the flag and deletes it without hesitation.

Is there a proper freeNAS-compatible way to do this?

 

[pirateghost]

users should not be allowed to administer the NAS.

 

[wgscott]

Is there a way to prevent a freeNAS GUI root user from ... ?

 

[pirateghost]

so, then how would you administer your jails?

I know of no way to prevent the ROOT user from performing administration duties like managing jails...

 

[wgscott]

I'm asking about directory deletion, which is what the the schg extended attribute flag does in freeBSD and other similar versions of unix (including Darwin). It doesn't prevent administration of the jail (most of which I wind up doing via unix shell anyway). It prevents accidental deletion.

I just invested several days of effort migrating my lab's webserver, mediawiki, etc, to a jail I created, and apart from manual backups, it would be great to have some sense of security that would prevent someone from breaking in through the GUI and deleting stuff. (There doesn't seem to be an obvious way to restrict access to the gui, other than by temporarily disabling its webserver on the CLI. I've enabled ssl/https, but it still worries me.)

 

[pirateghost]

I'm confused.

You don't manage directories via the web gui. I am also curious as to why you would not properly firewall a system like this if in a somewhat 'public' environment?

 

[wgscott]

The "jail" and "plugin" options on the GUI have buttons that allow you to delete a selected jail directory.

Since the GUI doesn't respect changes on the command-line, I'm trying to find out if there is another way to do this. Will the GUI honor firewall settings, or will those also be clobbered during updates or other configuration?

 

[pirateghost]

The "jail" and "plugin" options on the GUI have buttons that allow you to delete a selected jail directory.

Since the GUI doesn't respect changes on the command-line, I'm trying to find out if there is another way to do this. Will the GUI honor firewall settings, or will those also be clobbered during updates or other configuration?

FreeNAS has nothing to do with the firewall.

If you prefer doing all the administration from the CLI, why not use FreeBSD? It sounds like FreeNAS is not appropriate for this particular application. Turning off functionality of an appliance (from the CLI, when the GUI expects things to be done in its database), usually is not a great idea.

 

[wgscott]

It came with what I just purchased a few days ago (iXsystems freenas mini), and as you might have detected, I have no prior experience with freeBSD (or its firewall), so I am trying to get a sense for what is possible.

I didn't suggest turning off functionality of the "appliance". I wanted to know if there is a GUI-compatible equivalent to setting the immutable extended attribute.

 

[pirateghost]

It came with what I just purchased a few days ago (iXsystems freenas mini), and as you might have detected, I have no prior experience with freeBSD (or its firewall), so I am trying to get a sense for what is possible.

When I say firewall, I mean an actual hardware device sitting between your FreeNAS management nic and the rest of the network. I am not referring to any firewall ON the device.

 

[wgscott]

Sorry, I was thinking of ipfw and tcpwrappers. I guess I can put it behind some hardware device, but it just makes it more of a PITA to use.

Anyway, I guess an off-line backup is the ultimate protection. Thanks anyway for your help.

 

[danb35]

Offline backup is, as you say, the ultimate protection. Scheduled snapshots of the jail are pretty good, too--if the jail gets inadvertently deleted, just revert to the last snapshot. That will work unless you have a really bad actor (in which case, if he has root access to your machine anyway (which he does if he's in the web GUI), you're screwed), or enough time elapses between the deletion and the discovery that all the snapshots have expired.

 

[wgscott]

Thanks. My main problem is simultaneously storing data securely and making it freely accessible to the scientific community, so everything is a compromise. The root access to the GUI scares me. I wish there was some sort of sudo-like escalation or two-factor authentication or something to add a bit of protection.

 

[wgscott]

As a stop-gap, I used the nginx location directive to restrict access to a few trusted computers by static IP on my subnet, and then can use a proxy via ssh tunneling from home. http://nginx.org/en/docs/http/ngx_http_access_module.html#allow

Edit: Unfortunately, these changes don't persist. It is a bit frustrating not to be able to control one's own "appliance."