mxnticek/FSA
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Fucking Samba Ass
5 commits 1 branch 0 tags 100 KiB
Find a file
mxnticek 32256f1f5f SECURITY: Remove dangerous root filesystem share 
Removed server-root share that exposed entire / filesystem via Samba.

Why this is dangerous:
- Exposes all system files (/etc/passwd, /etc/shadow, etc.)
- Allows modification of system configuration
- Could allow privilege escalation
- Risk of accidental deletion of critical files
- No legitimate use case for sharing entire root filesystem

Changes:
- Removed "server-root" from default SHARES array
- Removed "root" share type from create_share() function
- Removed server-root creation from create-all command
- Updated README to remove Root Share documentation
- Updated create-all description to reflect home directory only

Added to README:
- Section explaining how to fix existing users with permission issues
- Clear warning: "Do NOT run init - that would delete your configuration"
- Instructions to use user-access to fix permissions instead

Users should only share specific directories they need, not the entire filesystem!

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-09 21:05:45 +01:00
README.md SECURITY: Remove dangerous root filesystem share 2026-01-09 21:05:45 +01:00
spravuj_sdileni.sh SECURITY: Remove dangerous root filesystem share 2026-01-09 21:05:45 +01:00

README.md

FSA - Fucking Samba Ass

Universal Samba share management script that works across all major Linux distributions.

Features

  • 🔍 Auto-detection: Automatically detects your Linux distribution
  • 📦 Auto-installation: Installs Samba if not already present
  • 👤 User-aware: Automatically detects the current user
  • 🌐 Network-aware: Auto-detects network interfaces
  • 💾 Disk management: Discovers and manages disk shares
  • 🔄 Persistent mounts: Optionally adds disks to /etc/fstab for auto-mount on boot
  • 🛡️ Safe: Creates backups before modifying configuration

Supported Distributions

  • Arch Linux / Manjaro
  • Debian / Ubuntu / Linux Mint / Pop!_OS
  • Fedora
  • RHEL / CentOS / Rocky Linux / AlmaLinux
  • openSUSE / SLES

Installation

  1. Download the script:
wget https://forgejo.mxnticek.eu/mxnticek/FSA/raw/branch/main/spravuj_sdileni.sh
chmod +x spravuj_sdileni.sh
  1. Run with sudo (the script will auto-install Samba if needed):
sudo ./spravuj_sdileni.sh

Usage

Initialize Configuration

Create a fresh Samba configuration with your user's home directory:

sudo ./spravuj_sdileni.sh init

Mount and Share a Disk

Temporary mount (until reboot):

sudo ./spravuj_sdileni.sh mount-share

Permanent mount (adds to /etc/fstab):

sudo ./spravuj_sdileni.sh mount-share --mode=always

Manage Shares

Discover available disks:

sudo ./spravuj_sdileni.sh discover

Shows all detected disk partitions with their mount status, labels, and available space.

List configured shares:

sudo ./spravuj_sdileni.sh list

Create a specific share:

sudo ./spravuj_sdileni.sh create <share-name>

Delete a share:

sudo ./spravuj_sdileni.sh delete <share-name>

Auto-create shares for all mounted disks:

sudo ./spravuj_sdileni.sh auto-disks

User Management

Create a new Samba user:

sudo ./spravuj_sdileni.sh user-create [username]

This will:

  • Create a system user if it doesn't exist (with no shell access)
  • Prompt for a Samba password
  • Optionally configure which shares the user can access

List all Samba users:

sudo ./spravuj_sdileni.sh user-list

Configure share access for a user:

sudo ./spravuj_sdileni.sh user-access [username]

Interactively select which shares the user can access. This command:

  • Adds the user to the sambashare group
  • Sets proper filesystem permissions (group ownership + read/write)
  • Removes single-user restrictions (force user) from shares
  • Enables multi-user access with proper file ownership

Revoke user access from a share:

sudo ./spravuj_sdileni.sh user-revoke <username> <share-name>

Delete a Samba user:

sudo ./spravuj_sdileni.sh user-delete [username]

Optionally removes the system user as well.

How Permissions Work

FSA uses a group-based permission system for secure multi-user access:

  1. sambashare Group: All Samba users are added to this group
  2. Filesystem Permissions: Share directories are owned by group sambashare with read/write access
  3. SetGID Bit: Ensures new files inherit the correct group ownership
  4. No Force User: Multi-user shares don't force a specific user, preserving actual file ownership

This means:

  • Multiple users can read/write files
  • Files show the actual creator's ownership
  • Proper Unix permissions are maintained
  • No permission denied errors

Fixing Existing Users

If you created users before the permission system was fixed and they're getting "permission denied" errors:

sudo ./spravuj_sdileni.sh user-access <username>

Select the shares they should have access to. This will:

  • Add them to the sambashare group
  • Fix filesystem permissions
  • Update share configuration

Do NOT run init - that would delete your entire configuration!

Share Types

The script creates different types of shares:

Home Share

  • Read/write access for all users
  • Guest access enabled
  • Shares your user's home directory

Disk Shares

  • Automatically configured for external disks
  • Custom dfree scripts for accurate disk space reporting
  • Proper permissions (664/775)
  • Force user/group settings

Configuration

All shares include:

  • SMB2/SMB3 protocol support
  • Network restrictions (local networks only)
  • Optimized socket options
  • Performance tuning (sendfile, AIO)

Default allowed networks:

  • 127.0.0.1 (localhost)
  • 192.168.0.0/16 (private network)
  • 10.0.0.0/8 (private network)
  • 172.16.0.0/12 (private network)
  • 100.64.0.0/10 (CGNAT/Tailscale)

Advanced Usage

Add [global] section to existing config

sudo ./spravuj_sdileni.sh add-global

Create all shares automatically

sudo ./spravuj_sdileni.sh create-all

This comprehensive command will:

  1. Create your home directory share
  2. Detect all disk partitions on the system
  3. Automatically mount any unmounted disks to /mnt/<disk-label>
  4. Add unmounted disks to /etc/fstab for persistence across reboots
  5. Create Samba shares for all mounted disks

Perfect for initial setup or adding multiple disks at once!

Troubleshooting

Check service status

sudo systemctl status smbd nmbd
# or on some distros:
sudo systemctl status smb nmb

View logs

sudo journalctl -u smbd -u nmbd -f

Test configuration

sudo testparm

Check which shares are visible

smbclient -L localhost -N

Security Notes

  • Always review the generated configuration
  • Shares are restricted to local networks by default
  • Root share requires authentication
  • Guest access is only enabled for home shares by default

License

Do whatever the fuck you want with it.

Author

Created with frustration and love for Samba configuration.