Smb.conf: should warn the user that the file is autogenerated!

When searching info about the recent Samba CVE, I stumbled upon a mention that the file /etc/samba/smb.conf is autogenerated. That was a big surprise for me! There’s no mention about that fact anywhere in the file itself (though RTFM https://wiki.openwrt.org/doc/uci/samba#additional_configuration_options works).

So I “mindlessly” just added the workaround line protecting against the CVE in my smb.conf (which was even suggested by your sticky note Samba security issue CVE-2017-7494 ). And I didn’t know that simple restart of the router will make it vulnearble again!

So please, I think it’s apparent that the nonstandard handling of smb.conf is confusing, so please add a comment line to the autogenerated file pointing the admin to either /etc/config/samba or /etc/samba/smb.conf.template .

Since I don’t know what’s the best repo to report this as an issue, I’m putting it here. If it’s better moved somewhere else, please, point me there.

3 Likes

Everything what is place in /tmp or /var is only temporarily (in Turris OS).
These folders are in RAM memory only.

I know that :slight_smile: But still, I didn’t expect (and was therefore surprised) that /etc/samba/smb.conf is a symlink to this “nothingness”…