mxnticek/FSA
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Fucking Samba Ass
4 commits 1 branch 0 tags 100 KiB
Find a file
mxnticek 63fa3c6636 Fix user permissions - implement group-based multi-user access 
Problem: Users could authenticate but got "permission denied" when creating files
Root cause: Shares used force_user which prevented proper multi-user access

Solution: Group-based permission system
- Created `sambashare` group for all Samba users
- Users are automatically added to this group on configuration
- Share directories get proper group ownership (chown :sambashare)
- SetGID bit ensures new files inherit group ownership
- Removed force_user directive for multi-user shares
- All shares now use force_group=sambashare

Changes in configure_user_shares():
- Creates sambashare group if it doesn't exist
- Adds user to sambashare group
- Sets filesystem permissions: chown -R :sambashare + chmod g+rw
- Applies SetGID bit: chmod g+s
- Removes force_user from share config
- Sets force_group=sambashare

Changes in disk share creation:
- Creates sambashare group automatically
- Adds detected user to sambashare
- Sets proper filesystem permissions on mount
- Uses force_group=sambashare instead of user's primary group
- Removed force_user directive entirely

Benefits:
 Multiple users can read/write files without permission errors
 Files preserve actual creator ownership (not forced)
 Proper Unix permissions maintained
 Works across reboots (group membership persists)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-09 21:02:31 +01:00
README.md Fix user permissions - implement group-based multi-user access 2026-01-09 21:02:31 +01:00
spravuj_sdileni.sh Fix user permissions - implement group-based multi-user access 2026-01-09 21:02:31 +01:00

README.md

FSA - Fucking Samba Ass

Universal Samba share management script that works across all major Linux distributions.

Features

  • 🔍 Auto-detection: Automatically detects your Linux distribution
  • 📦 Auto-installation: Installs Samba if not already present
  • 👤 User-aware: Automatically detects the current user
  • 🌐 Network-aware: Auto-detects network interfaces
  • 💾 Disk management: Discovers and manages disk shares
  • 🔄 Persistent mounts: Optionally adds disks to /etc/fstab for auto-mount on boot
  • 🛡️ Safe: Creates backups before modifying configuration

Supported Distributions

  • Arch Linux / Manjaro
  • Debian / Ubuntu / Linux Mint / Pop!_OS
  • Fedora
  • RHEL / CentOS / Rocky Linux / AlmaLinux
  • openSUSE / SLES

Installation

  1. Download the script:
wget https://forgejo.mxnticek.eu/mxnticek/FSA/raw/branch/main/spravuj_sdileni.sh
chmod +x spravuj_sdileni.sh
  1. Run with sudo (the script will auto-install Samba if needed):
sudo ./spravuj_sdileni.sh

Usage

Initialize Configuration

Create a fresh Samba configuration with your user's home directory:

sudo ./spravuj_sdileni.sh init

Mount and Share a Disk

Temporary mount (until reboot):

sudo ./spravuj_sdileni.sh mount-share

Permanent mount (adds to /etc/fstab):

sudo ./spravuj_sdileni.sh mount-share --mode=always

Manage Shares

Discover available disks:

sudo ./spravuj_sdileni.sh discover

Shows all detected disk partitions with their mount status, labels, and available space.

List configured shares:

sudo ./spravuj_sdileni.sh list

Create a specific share:

sudo ./spravuj_sdileni.sh create <share-name>

Delete a share:

sudo ./spravuj_sdileni.sh delete <share-name>

Auto-create shares for all mounted disks:

sudo ./spravuj_sdileni.sh auto-disks

User Management

Create a new Samba user:

sudo ./spravuj_sdileni.sh user-create [username]

This will:

  • Create a system user if it doesn't exist (with no shell access)
  • Prompt for a Samba password
  • Optionally configure which shares the user can access

List all Samba users:

sudo ./spravuj_sdileni.sh user-list

Configure share access for a user:

sudo ./spravuj_sdileni.sh user-access [username]

Interactively select which shares the user can access. This command:

  • Adds the user to the sambashare group
  • Sets proper filesystem permissions (group ownership + read/write)
  • Removes single-user restrictions (force user) from shares
  • Enables multi-user access with proper file ownership

Revoke user access from a share:

sudo ./spravuj_sdileni.sh user-revoke <username> <share-name>

Delete a Samba user:

sudo ./spravuj_sdileni.sh user-delete [username]

Optionally removes the system user as well.

How Permissions Work

FSA uses a group-based permission system for secure multi-user access:

  1. sambashare Group: All Samba users are added to this group
  2. Filesystem Permissions: Share directories are owned by group sambashare with read/write access
  3. SetGID Bit: Ensures new files inherit the correct group ownership
  4. No Force User: Multi-user shares don't force a specific user, preserving actual file ownership

This means:

  • Multiple users can read/write files
  • Files show the actual creator's ownership
  • Proper Unix permissions are maintained
  • No permission denied errors

Share Types

The script creates different types of shares:

Home Share

  • Read/write access for all users
  • Guest access enabled
  • Shares your user's home directory

Root Share

  • Full filesystem access
  • Requires authentication
  • Only accessible by the detected user
  • Runs with root privileges

Disk Shares

  • Automatically configured for external disks
  • Custom dfree scripts for accurate disk space reporting
  • Proper permissions (664/775)
  • Force user/group settings

Configuration

All shares include:

  • SMB2/SMB3 protocol support
  • Network restrictions (local networks only)
  • Optimized socket options
  • Performance tuning (sendfile, AIO)

Default allowed networks:

  • 127.0.0.1 (localhost)
  • 192.168.0.0/16 (private network)
  • 10.0.0.0/8 (private network)
  • 172.16.0.0/12 (private network)
  • 100.64.0.0/10 (CGNAT/Tailscale)

Advanced Usage

Add [global] section to existing config

sudo ./spravuj_sdileni.sh add-global

Create all shares automatically

sudo ./spravuj_sdileni.sh create-all

This comprehensive command will:

  1. Create static shares (home directory and root filesystem)
  2. Detect all disk partitions on the system
  3. Automatically mount any unmounted disks to /mnt/<disk-label>
  4. Add unmounted disks to /etc/fstab for persistence across reboots
  5. Create Samba shares for all mounted disks

Perfect for initial setup or adding multiple disks at once!

Troubleshooting

Check service status

sudo systemctl status smbd nmbd
# or on some distros:
sudo systemctl status smb nmb

View logs

sudo journalctl -u smbd -u nmbd -f

Test configuration

sudo testparm

Check which shares are visible

smbclient -L localhost -N

Security Notes

  • Always review the generated configuration
  • Shares are restricted to local networks by default
  • Root share requires authentication
  • Guest access is only enabled for home shares by default

License

Do whatever the fuck you want with it.

Author

Created with frustration and love for Samba configuration.