search

google / grr

GRR Rapid Response: remote live forensics for incident response
https://grr-doc.readthedocs.io/
Apache License 2.0
4.76k stars 764 forks source link

Allow users to get an approval to download someone else's hunt results #208

Open destijl opened 9 years ago

destijl commented 9 years ago

Currently only the user that created the hunt can use the 'Download ZIP' functionality. This is probably reasonable, but it would be good if the permission denied message gave the user a link they can click to request approval.

As is, there's no real way to do this apart from creating the relevant approval objects on the console.

destijl commented 9 years ago

Need to also consider the system impact of lots of people downloading the same tarball. Maybe just suggest downloading and sharing on drive/dropbox when offering the approval link. Even better if we could have options to store outside of the GRR DB automatically.

scudette commented 9 years ago

Or simply store the tmp aff4 urn in the hunt itself and allow everyone to re use it. Am 25.06.2015 17:56 schrieb "Greg" notifications@github.com:

Need to also consider the system impact of lots of people downloading the same tarball. Maybe just suggest downloading and sharing on drive/dropbox when offering the approval link. Even better if we could have options to store outside of the GRR DB automatically.

— Reply to this email directly or view it on GitHub https://github.com/google/grr/issues/208#issuecomment-115303218.

mbushkov commented 9 years ago

Michael, we can only do that if there were no new results added. So I'm not sure it's very practical. What we should do, probably, is to set a TTL on the /tmp files and delete them within, say, 24 hours.

Cheers, Misha

On Thu, Jun 25, 2015 at 9:31 PM, Michael Cohen notifications@github.com wrote:

Or simply store the tmp aff4 urn in the hunt itself and allow everyone to re use it. Am 25.06.2015 17:56 schrieb "Greg" notifications@github.com:

Need to also consider the system impact of lots of people downloading the same tarball. Maybe just suggest downloading and sharing on drive/dropbox when offering the approval link. Even better if we could have options to store outside of the GRR DB automatically.

— Reply to this email directly or view it on GitHub https://github.com/google/grr/issues/208#issuecomment-115303218.

— Reply to this email directly or view it on GitHub https://github.com/google/grr/issues/208#issuecomment-115370676.

scudette commented 9 years ago

Why can we not add results to the same tmp urn as they come in? So it will always be the latest. Am 25.06.2015 10:16 nachm. schrieb "mbushkov" notifications@github.com:

Michael, we can only do that if there were no new results added. So I'm not sure it's very practical. What we should do, probably, is to set a TTL on the /tmp files and delete them within, say, 24 hours.

Cheers, Misha

On Thu, Jun 25, 2015 at 9:31 PM, Michael Cohen notifications@github.com wrote:

Or simply store the tmp aff4 urn in the hunt itself and allow everyone to re use it. Am 25.06.2015 17:56 schrieb "Greg" notifications@github.com:

Need to also consider the system impact of lots of people downloading the same tarball. Maybe just suggest downloading and sharing on drive/dropbox when offering the approval link. Even better if we could have options to store outside of the GRR DB automatically.

— Reply to this email directly or view it on GitHub https://github.com/google/grr/issues/208#issuecomment-115303218.

— Reply to this email directly or view it on GitHub https://github.com/google/grr/issues/208#issuecomment-115370676.

— Reply to this email directly or view it on GitHub https://github.com/google/grr/issues/208#issuecomment-115383600.

mbushkov commented 9 years ago

Michael, yes - good idea - we can just to a "Archive files" output plugin and it will do the trick.

Cheers, Misha

On Thu, Jun 25, 2015 at 10:37 PM, Michael Cohen notifications@github.com wrote:

Why can we not add results to the same tmp urn as they come in? So it will always be the latest. Am 25.06.2015 10:16 nachm. schrieb "mbushkov" notifications@github.com:

Michael, we can only do that if there were no new results added. So I'm not sure it's very practical. What we should do, probably, is to set a TTL on the /tmp files and delete them within, say, 24 hours.

Cheers, Misha

On Thu, Jun 25, 2015 at 9:31 PM, Michael Cohen <notifications@github.com

wrote:

Or simply store the tmp aff4 urn in the hunt itself and allow everyone to re use it. Am 25.06.2015 17:56 schrieb "Greg" notifications@github.com:

Need to also consider the system impact of lots of people downloading the same tarball. Maybe just suggest downloading and sharing on drive/dropbox when offering the approval link. Even better if we could have options to store outside of the GRR DB automatically.

— Reply to this email directly or view it on GitHub https://github.com/google/grr/issues/208#issuecomment-115303218.

— Reply to this email directly or view it on GitHub https://github.com/google/grr/issues/208#issuecomment-115370676.

— Reply to this email directly or view it on GitHub https://github.com/google/grr/issues/208#issuecomment-115383600.

— Reply to this email directly or view it on GitHub https://github.com/google/grr/issues/208#issuecomment-115390107.

pidydx commented 9 years ago

I think a TTL would be really good to have too. I know we have a lot of clutter in our datastore due to the tmp files.

destijl commented 8 years ago

As mentioned by tory I think ideally what we need is something similar to Google Drive:

  1. You can share results with individuals and groups at create time and any time after that; and
  2. If the owner forgets to share, others can ask for access.

The second is less important since you can send an email with a link to the hunt, but it would be nice to have.