mxnticek/FSA
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

SECURITY: Remove dangerous root filesystem share

Browse source 
Removed server-root share that exposed entire / filesystem via Samba.

Why this is dangerous:
- Exposes all system files (/etc/passwd, /etc/shadow, etc.)
- Allows modification of system configuration
- Could allow privilege escalation
- Risk of accidental deletion of critical files
- No legitimate use case for sharing entire root filesystem

Changes:
- Removed "server-root" from default SHARES array
- Removed "root" share type from create_share() function
- Removed server-root creation from create-all command
- Updated README to remove Root Share documentation
- Updated create-all description to reflect home directory only

Added to README:
- Section explaining how to fix existing users with permission issues
- Clear warning: "Do NOT run init - that would delete your configuration"
- Instructions to use user-access to fix permissions instead

Users should only share specific directories they need, not the entire filesystem!

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This commit is contained in:
mxnticek 2026-01-09 21:05:45 +01:00
parent 63fa3c6636
commit 32256f1f5f
2 changed files with 16 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

23
README.md
View file

@ -133,6 +133,21 @@ This means:
- ✅ Proper Unix permissions are maintained
- ✅ No permission denied errors
### Fixing Existing Users
If you created users before the permission system was fixed and they're getting "permission denied" errors:
```bash
sudo ./spravuj_sdileni.sh user-access <username>
```
Select the shares they should have access to. This will:
- Add them to the sambashare group
- Fix filesystem permissions
- Update share configuration
**Do NOT run `init`** - that would delete your entire configuration!
## Share Types
The script creates different types of shares:
@ -142,12 +157,6 @@ The script creates different types of shares:
- Guest access enabled
- Shares your user's home directory
### Root Share
- Full filesystem access
- Requires authentication
- Only accessible by the detected user
- Runs with root privileges
### Disk Shares
- Automatically configured for external disks
- Custom dfree scripts for accurate disk space reporting
@ -181,7 +190,7 @@ sudo ./spravuj_sdileni.sh add-global
sudo ./spravuj_sdileni.sh create-all
```
This comprehensive command will:
1. Create static shares (home directory and root filesystem)
1. Create your home directory share
2. Detect all disk partitions on the system
3. Automatically mount any unmounted disks to `/mnt/<disk-label>`
4. Add unmounted disks to `/etc/fstab` for persistence across reboots