samba: restrict share paths to /mnt refs #9862

force the share paths to always start with /mnt/ set wide links to no, in order to not allow soft links to be followed outside /mnt/
2026-02-21 20:03:09 +01:00 · 2016-08-04 13:17:39 +02:00 · 2016-08-04 13:17:39 +02:00 · 977657eefd
commit 977657eefd
parent edbea4ed68
2 changed files with 6 additions and 3 deletions
--- a/samba3/files/samba.init
+++ b/samba3/files/samba.init
@ -128,6 +128,9 @@ smb_add_share() {

 	[ -z "$name" -o -z "$path" ] && return

+	# restrict the shared paths to always be under /mnt/ tree
+	[ "${path:0:4}" == "/mnt" ] || path="/mnt/"$path
+
 	echo -e "\n[$name]\n\tpath = $path" >> /var/etc/smb.conf
 	[ -n "$users" ] && echo -e "\tvalid users = $users" >> /var/etc/smb.conf
 	[ -n "$read_only" ] && echo -e "\tread only = $read_only" >> /var/etc/smb.conf
--- a/samba3/files/smb.conf.template
+++ b/samba3/files/smb.conf.template
@ -14,6 +14,6 @@
 	guest account = nobody
 	invalid users = root
 	smb passwd file = /etc/samba/smbpasswd
-        interfaces = |INTERFACES|
-        bind interfaces only = yes
-
+	interfaces = |INTERFACES|
+	bind interfaces only = yes
+	wide links = no