SECURITY: Remove dangerous root filesystem share

Removed server-root share that exposed entire / filesystem via Samba. Why this is dangerous: - Exposes all system files (/etc/passwd, /etc/shadow, etc.) - Allows modification of system configuration - Could allow privilege escalation - Risk of accidental deletion of critical files - No legitimate use case for sharing entire root filesystem Changes: - Removed "server-root" from default SHARES array - Removed "root" share type from create_share() function - Removed server-root creation from create-all command - Updated README to remove Root Share documentation - Updated create-all description to reflect home directory only Added to README: - Section explaining how to fix existing users with permission issues - Clear warning: "Do NOT run init - that would delete your configuration" - Instructions to use user-access to fix permissions instead Users should only share specific directories they need, not the entire filesystem! Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-09 21:05:45 +01:00 · 2026-01-09 21:05:45 +01:00 · 32256f1f5f
commit 32256f1f5f
parent 63fa3c6636
2 changed files with 16 additions and 23 deletions
--- a/spravuj_sdileni.sh
+++ b/spravuj_sdileni.sh
@ -84,7 +84,6 @@ DETECTED_INTERFACES=$(ip -o link show | awk -F': ' '{print $2}' | grep -v '^lo$'
 # --- Nastavení sdílení ---
 declare -A SHARES=(
    ["${DETECTED_USER}-home"]="/home/${DETECTED_USER}|Domovska slozka uzivatele ${DETECTED_USER}|home"
-    ["server-root"]="/|Celý server (root filesystem)|root"
 )

 CONFIG_FILE="/etc/samba/smb.conf"
@ -266,20 +265,6 @@ create_share() {
   guest ok = yes
   hosts allow = 127.0.0.1 192.168.0.0/16 10.0.0.0/8 172.16.0.0/12 100.64.0.0/10
   comment = $comment
-EOT
-            ;;
-        "root") cat <<EOT >> "$CONFIG_FILE"
-
-[$share_name]
-   path = $share_path
-   writable = yes
-   guest ok = no
-   valid users = $DETECTED_USER
-   admin users = $DETECTED_USER
-   force user = root
-   force group = root
-   hosts allow = 127.0.0.1 192.168.0.0/16 10.0.0.0/8 172.16.0.0/12 100.64.0.0/10
-   comment = $comment
 EOT
            ;;
        "disk")
@ -358,7 +343,6 @@ create_all() {
    # 1. Vytvoř statická sdílení
    echo "Krok 1/4: Vytvářím statická sdílení..."
    create_share "${DETECTED_USER}-home"
-    create_share "server-root"

    echo ""
    echo "Krok 2/4: Hledám diskové oddíly..."