luci-app-ksmbd: Using Allowed Users and Enable Allowed Guest, Guest has Write Access - Githubissues

openwrt / luci

LuCI - OpenWrt Configuration Interface

Apache License 2.0

6.27k stars 2.51k forks source link

luci-app-ksmbd: Using Allowed Users and Enable Allowed Guest, Guest has Write Access #7244

Open CoiaPrant233 opened 1 month ago

CoiaPrant233 commented 1 month ago

Steps to reproduce:

go to: Services → Network Shares
Add a new share direct
input Allowed Users and checked Allowed Guest
Save & Apply
Use SMB Client with guest access network share

Actual behavior:

Both logged in users and anonymous users have read and write permissions

Expected behavior:

Only logged in users have read and write permissions, anonymous users only have read permissions

Additional Information:

Enable Force Root, Allowed User will not be used. See /etc/init.d/ksmbd
Set read_only to 1 , write_list to 'Allowed Users' (valid users) to resolve.

CoiaPrant233 commented 1 month ago

Proposal:

When there is only Enable Allowed Guest, the Guest has read and write permission
If read-only is enabled, write list is not set

or

When there is only Enable Allowed Guest, the Guest has read and write permission. (Code not needs to change)
When there is only Using Allowed Users, the User has read and write permission. (Code not needs to change)
Both of them. By setting read_only to 1 and write list to same 'valid users' (if not read-only)