tassopsaltakis
commented
5 months ago So, been banging my head against the wall for this for a little bit now. The framework pushed with 0.03 for the group-based policy system has all but been scrapped. While at the time it seemed like the best way to run the group-based policy there was:
- too much overhead.
- too many things to keep track of at once.
So, I have been developing a new framework for how we are going to be handling group-based policy. Now, I am planning on having one gbp.py that parses and handles access_control_dirs.txt and access_control_commands.txt.
The flow should follow gbpy.py > checks groups.txt file for a list of groups > checks which command was run or which directory was attempted to be accessed > if the group does not have access it stops here if the group has access, then check the users in the group to see if the user who made the request is in one of the groups with access.
I had this system working for the release of 0.03.3; however, the data parsing just stopped working randomly and then started breaking other things.
The group file checks need to be super bright. it needs to account for extra spaces and such. It will have amazing error checking built in, not on the user side but on the data parsing side. I want to make sure that no matter what, a user will be able to rely on the FilOS backend.
access_control_dirs and access_control_commands need to be checked against the groups.txt file and only the groups.txt file. It is essential to do it this way because it will allow superusers to edit these files easily. Since there is already a working group man and username system, it makes sense that we get the most important piece, the group policy system, which is fully working.
Access control has been a pain so far today. I have already needed to restart it three times. However, this is due to another bug I have found and subsequently fixed.