Yeah I figured it was a bad idea but I thought since I had no intentions of port forwarding my Pi and no one else on my home network is familiar with all this stuff; I thought it would be fine since I was the only one accessing it over my local network. I do see your point and understand in general, this is a horrible idea. There's nothing wrong with using VNC and editing directly on the Pi but I'm just used to programming on Windows (I just use my Pis to tinker around and learn stuff, still new to Linux in general haha) hence why I was desperate to get anything to work. I'll probably use the method tdewey mentioned in this thread about creating a GitHub repo and just pushing and pulling my code that way. Thanks for replying; appreciate it Image may be NSFW.I'm using NGINX to host a web server on my Pi 5 and would like to be able to edit my webpages/website directly via SFTP/SMB. I have Samba setup and created a root folder (/) that I am able to access on my Windows PC. However, I am unable to write to that folder (/var/www/html) and is view only since I assume it is outside of the user folder. I want to be able to have full root access that way I am able to write to that folder and I've tried doing just that with no success. Here's the code I put in my smb.conf file in Samba:Is there another way to do this or maybe a safer way? I know this is potentially a huge security risk but am not sure of other options on how to edit root-level files via SFTP/SMB.Code:
[root]path = /writeable = yesbrowseable = yespublic = nocreate mask = 0777directory mask = 0777
TLDR; I want to be able to edit root-level files directly on my Pi from my Windows PC but am having trouble as they are write only.
So you're created a share that exposes your entire root partition. You do know how bad an idea that is?
Samba can only grant permissions to clients that the underlying filesystem grants to it.
Now for your share defintion:As for achieving your end, there is no good way of doing it and, personally it's not someting I would do, I'd learn to use a text mode editor (vi, emacs, nano, etc) and do so over ssh. Or use vnc and the desktop.
- create mask only impacts new files not existing ones and you probably want 666 not 777 (don't set a file executable unless it needs to be).
- directory mask] only impacts new directories not existing ones.
If you must do it, here's a few suggestions:None of the above have been tested, none are secure. Samba even less so if you are using v1 of the protocol and/or are permitting guest logins.
- Configure keybased login for root. Use that with SFTP. Be aware that all new files (and potentially copied or updated files) will be owned by root and 644 permissions.
- Set a root password then as above.
- Create a Samba user called root. Use that to login over Samba. You will hit problems if you also want to connect to the same server as a different user.
- Add force user = root to your share definition. All filesystem access will be done as root regardless of the user you log in to Samba as.
You'll likely hit further problems - owner, group, and permissions on some files matter for more than just filesystem access - some process require they be set to specific values or they won't be accepted.
And security isn't the only issue - if you accidentally delete or move the wrong file directory you can trivially trash the entire system. That's harder to do without root level access.
Clik here to view.
Statistics: Posted by ethanic — Sat Jun 29, 2024 7:52 am