JSON files in the root of file shares

[dhpotterveld]

I'd like to comment on an architectural decision in FreeNAS Corral that disturbed me, and which I hope will NOT appear in its successor. This was the decision to place JSON configuration files in the root of file shares. On the surface this looks like tidy organization, but it is a security risk. For example, an nfs share that permits root_no_squash mount by a client will give root on the client the ability to modify the configuration. Not good. So, for a site to be secure, this mount option must not be used, which breaks a class of use cases.

A good guiding principle (see, for example, Apache's recommended practices for server/site configuration) is to keep service metadata out of reach of clients by storing it in a space that is architecturally inaccessible to them. I hope the FreeNAS developers will take this to heart.

Many thanks for a fine product!

 

[Ericloewe]

FWIW, it's fairly easy (conceptually, but it does require some decent amount of code) to make Corral's method safe. It would be even easier to put them in the root dataset, though, so that might be an option.

That said, I don't think it's going to be a thing.