ISSUE: Previous version could break sudo and system files
The recursive chown/chmod commands in configure_user_shares() and
create_share() could modify system directories like /usr, /etc, /home
causing critical system breakage including sudo permissions.
ROOT CAUSE:
- No validation of paths before recursive operations
- Could modify /, /usr, /home and other system directories
- Broke /usr/bin/sudo permissions (needs uid 0 and setuid bit)
SOLUTION: Added comprehensive path safety checks
New function: is_safe_path_for_permissions()
- Blacklists ALL dangerous system paths: /, /usr, /etc, /bin, /var, etc.
- Only allows /mnt/* (external disk mounts)
- Only allows /home/user/subdir (not /home or /home/user itself)
- Returns error for any system directory
Protection applied to:
1. create_share() - disk share creation (line 326)
2. configure_user_shares() - user access configuration (line 869)
Behavior:
- Safe paths (/mnt/*): Permissions applied normally
- Unsafe paths: Prints warning, skips permission changes
- Users must manually set permissions for system directories
Emergency fix instructions added to README:
- How to fix broken sudo (chown root:root /usr/bin/sudo && chmod 4755)
- Multiple recovery methods (root shell, su, recovery mode)
- Clear warning about older versions
This prevents catastrophic system breakage while still allowing
proper multi-user access for external disk shares.
APOLOGIES TO USERS: If you were affected by the previous version,
I'm deeply sorry for breaking your system. Please follow the
recovery instructions in the README.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Removed server-root share that exposed entire / filesystem via Samba.
Why this is dangerous:
- Exposes all system files (/etc/passwd, /etc/shadow, etc.)
- Allows modification of system configuration
- Could allow privilege escalation
- Risk of accidental deletion of critical files
- No legitimate use case for sharing entire root filesystem
Changes:
- Removed "server-root" from default SHARES array
- Removed "root" share type from create_share() function
- Removed server-root creation from create-all command
- Updated README to remove Root Share documentation
- Updated create-all description to reflect home directory only
Added to README:
- Section explaining how to fix existing users with permission issues
- Clear warning: "Do NOT run init - that would delete your configuration"
- Instructions to use user-access to fix permissions instead
Users should only share specific directories they need, not the entire filesystem!
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Problem: Users could authenticate but got "permission denied" when creating files
Root cause: Shares used force_user which prevented proper multi-user access
Solution: Group-based permission system
- Created `sambashare` group for all Samba users
- Users are automatically added to this group on configuration
- Share directories get proper group ownership (chown :sambashare)
- SetGID bit ensures new files inherit group ownership
- Removed force_user directive for multi-user shares
- All shares now use force_group=sambashare
Changes in configure_user_shares():
- Creates sambashare group if it doesn't exist
- Adds user to sambashare group
- Sets filesystem permissions: chown -R :sambashare + chmod g+rw
- Applies SetGID bit: chmod g+s
- Removes force_user from share config
- Sets force_group=sambashare
Changes in disk share creation:
- Creates sambashare group automatically
- Adds detected user to sambashare
- Sets proper filesystem permissions on mount
- Uses force_group=sambashare instead of user's primary group
- Removed force_user directive entirely
Benefits:
✅ Multiple users can read/write files without permission errors
✅ Files preserve actual creator ownership (not forced)
✅ Proper Unix permissions maintained
✅ Works across reboots (group membership persists)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Drive Detection Improvements:
- Enhanced discover_mounts() with verbose mode showing detailed disk info
- Better filtering to skip loopback devices and empty entries
- Extended SHARES array format to include device name and UUID (5 fields)
- Shows mount status, disk size, and free space for each partition
create-all Command Overhaul:
- Now a comprehensive 4-step setup process:
1. Creates static shares (home + root)
2. Detects all disk partitions on the system
3. Automatically mounts unmounted disks to /mnt/<label>
4. Adds disks to /etc/fstab for persistent mounting
5. Creates Samba shares for all mounted disks
- Perfect for initial setup or bulk disk management
Other Improvements:
- discover command now shows verbose output with mount status
- auto-disks shows count of created shares
- Updated all functions to handle new 5-field SHARES format
- Better error handling and user feedback throughout
This makes FSA truly zero-touch for multi-disk setups!
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Features added:
- Create Samba users with password setup (user-create)
- List all Samba users (user-list)
- Delete Samba users with optional system user removal (user-delete)
- Configure share access for users interactively (user-access)
- Revoke user access from specific shares (user-revoke)
- Automatically creates system users if needed
- Interactive share selection for user permissions
- Disables guest access when users are assigned
User management includes:
- Password prompts for new users
- System user creation with no shell access
- Integration with pdbedit for user management
- Automatic valid_users configuration in smb.conf
- Backup creation before any configuration changes
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Features:
- Auto-detects Linux distribution (Arch, Debian, Ubuntu, Fedora, RHEL, etc.)
- Auto-installs Samba if not present
- Auto-detects current user and network interfaces
- Supports disk discovery and management
- Optional persistent mounting via /etc/fstab
- Safe configuration management with backups
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
