Skip to content

File manager: security

Introduction

The file-manager allows you to manage the files associated with a collection. Which files, and which actions may be performed, are defined by:

file-rules

Are a list of file-patterns and actions; and

folders

Are a file system path.More details on how to create these via the administration interface are available in the file rules page.

Rules

File rules

The file rules are comprised of three elements:

  1. A file pattern, for example *.ftl;
  2. A list of collections; and
  3. A list of actions.

For example, the file-rule:

*.ftl : * : edit,delete,upload,download

allows the user to edit, delete, upload and download all FTL files in all collections (the * means all collections, otherwise you can use a comma-separated list of collection names).

Actions

The following actions are available:

delete

The file can be deleted

download

The file can be downloaded from the Funnelback server

edit

The file can be edited

head

Display the first N lines of a file (gzipped files are expanded)

restore

A backup file can be renamed to replace the original file

show

Display the file (gzipped files are expanded)

tail

Display the last N lines of a file (gzipped files are expanded)

upload

The file can be uploaded to the Funnelback server

all

Turns on all actions (use with caution)

Applying file-rules

The rules and folder definitions are derived by merging the system default rules and any rules for the current user:

  • Rules from the user's configuration file, $SEARCH_HOME/admin/users/user.ini, are checked first, before the rules from the system defaults, $SEARCH_HOME/conf/file-manager.ini.
  • The rules are applied in the order they appear in both files.

For example, given the two files:

conf/file-manager.ini

[file-manager::example-rules]
r1
r2
r3

and users/fred.ini

[file-manager::example-rules]
F1
F2

The rules are checked in the following order:

  1. F1
  2. F2
  3. r1
  4. r2
  5. r3

Example

[file-manager-rules::example-rules]
collection.cfg : * : download,edit
simple.ftl : * : upload,download,copy,edit
*.ftl : * : upload,download,copy,edit,delete

Rule sequence

The rules are tried in the order they are placed in the configuration files. Thus, you have to be careful on where the rules are placed in the configuration files.

The following example is wrong: if you were trying to protect the simple.ftl file the order of the rules means that the first rule matches and the second one is ignored:

*.ftl :*:upload,download,copy,delete,edit
simple.ftl:*:upload,download,copy,edit

The correct order is:

simple.ftl:*:upload,download,copy,edit
*.ftl:*:upload,download,copy,delete,edit

Folders

Folders are used to navigate to directories (or folders) on the file system. Normally this would be the collection's configuration directory, or one of its log directories, for example:

$SEARCH_HOME/funnelback/conf/COLLECTION
$SEARCH_HOME/funnelback/data/search/COLLECTION/live/log

A folder definition is comprised of four elements:

name

A title to be displayed in the web pages.

path

A file system path, possibly using macros (see below).

rules

The name of a file rule that applied to this folder.

folder set

The name of the folder set that this folder belongs to (usually logs for folders under browse log files and "" (blank) for folders under edit configuration files).

For example:

[file-manager::live-logs]
name = Live log files
path = $collection_root/live/log
rules = log-rules

[file-manager::log-rules]
*.log : * : show,head,tail,download
*.gz : * : download

Path macros

Because folders are associated with any number of collection, you cannot used a hard-coded path. A number of macros are available to use in the path: these macros expand to the appropriate file system path, relative to the collection you are working on. These macros are:

$home

The collection's configuration directory: $SEARCH_HOME/conf/<collection>/

$collection_root

The collection's data directory: Usually $SEARCH_HOME/data/<collection>/, but can be an external one like /data/funnelback/<collection> if collection_root has been reconfigured.

$search_home

The Funnelback home directory $SEARCH_HOME (e.g.: /opt/funnelback)

See Also

top

Funnelback logo
v15.24.0