Today I ran into the pitfall of Alfresco scripts and permissions again. For all kind of reasons I cannot rewrite code, but run into trouble because a user having a particular role executes a script that modifies permissions. This of course fails if this user has less permissions on a given space or document than expected. The user/group will have more permissions (that make no sense) than needed, and only a little tiny change in the security settings can screw-up the transaction the script is part of. The best approach is of course to get rid of the script approach at all (related to permissions), and implement a decent class running as System. But I cannot.
I remember having seen the sudoUtils in the past, and the improved version after that, created by Fabio Strozzi. This is nice, but not exactly matching my use case/requirements. I have no clue who executes this function. An unknown, in time growing set of groups can execute, but only if it is defined in a particular script. The script limits the access, not the user or group. It would make sense to allow execution of a particular named script (or better, a set of predefined scripts). My idea is that I can define a set of scripts that can be executed as System user. However, to make sure we meet security, these named scripts (in alfresco-global.properties) need to be loaded from classpath, not from repository.
Lets face it, if someone has access to the file system, anything is possible… Continue reading ‘Sudo for Scripts in Alfresco’