limetech

Let's clear up a few things. First Unraid OS is an appliance like your router. There are no "users" in the traditional sense, there is only an admin login. In our case instead of using 'admin' username we just left it as 'root'. We could create an 'admin' alias for this login but it would still be 'root'. Hence enabling Remote Access is similar to enabling remote management on your home router. In both cases you are advised to create a strong password. Unlike your home router however, with Unraid you can examine the code that handles authentication. At present we implement rate limiting in nginx to mitigate brute force attacks. You can also select a non-standard port for SSL traffic. Another mitigation would be to implement a failed password count and back-off timer, e.g., you can configure up to N times to enter password, after that it's locked out for X minutes (this is not implemented yet). Another mitigation would be to implement 2FA on the Unraid login. Let's suppose we have these additional mitigations in place. If your server reboots for some reason while you are away (perhaps power failure/restore), here's what you would do to get things going again: login to forum: specify username, password, enter 2FA code from your phone. click server remote access link: specify password, enter different 2FA code from your phone (once implemented) enter encryption password, click Start to bring up array enter flash backup encryption password, re-enable automatic flash backup (once implemented) start any services which are not set to autostart To me this seems fairly onerous but in the interest of maximum security, is probably what has to be done. Of course you don't have to use Remote Access feature. Being nonchalant is absolutely not the case. Security feedback is very much appreciated and the reason we have released this "early access" feature as a plugin, so that we can easily make changes and so that everything is visible.

https://wiki.unraid.net/My_Servers#Data_we_store

No it's only for forum login. Besides being nice in general, when you install the unraid.net plugin and sign-in the server, you see a new forum submenu item called "My Servers". When you click that you can see all your servers that have the plugin installed and also have signed in. There is a limited set of functionality at this time, however we wanted to offer a little more security for accessing the My Servers forum menu item. Note: if you enable the Remote Access feature you must use a strong root password on each individual signed-in server. We plan to add 2FA also to the server root login as well (incorporation of PAM in 6.9 was a step in this direction).

What do you mean by layers here?

There is a plugin available: Dynamix Password Validator: "Adds the "zxcvbn.js" javascript password validator script, which is used for password strength validation. Passwords are rated in five strengths: worst, bad, weak, good, strong."

We limit logins processed by nginx in this manner: # # limit the amount of failed auth requests per IP address # limit_req_zone \$binary_remote_addr zone=authlimit:1m rate=30r/m; : location /login { allow all; limit_req zone=authlimit burst=20 nodelay; try_files /login.php =404; include fastcgi_params; } Absolutely not. This feature has been in development for a long time and a lot of the delay in release, even for beta, has been around security concerns. We very much appreciate your feedback.

That is correct. If you enable Remote Access this requires a port-forward in your router. You must use a strong wegGUI password (or what @SpuddyUK calls a complex password) and consider using a non-standard external port. Perhaps you can shed some light on what would be sufficiently complex?

Changed Status to Closed

Yes there is code added in this release so that in future if NoVNC is updated again it shouldn't suffer from this issue. But anyone coming from a pre-6.9.1 release to 6.9.1 or any release after 6.9.1 will see this issue. There's nothing more we can do about this unfortunately.

Also as a different test: if disabling NFS you hit same issue, try this: go to Settings/Global Share Settings and set Tunable (hard link support) to No, stop array, and then restart array and see if issue persists.

Thanks! As a test, if you can run without NFS, please try this: disable NFS and see if issue persists.

Can't help anyone without diagnostics uploaded: Tools/Diagnostics

Changed Priority to Minor

Those are expected messages in syslog. In webGUI in this case do you see a Format button?

Realize Unraid OS is designed as an appliance, not a general purpose multi-user server. Creating users with login shells and home dirs, etc., is not supported.

Changed Status to Solved

You don't have to do that. If the share is empty it will delete all top-level dirs for it on all devices.

Sure, it's your server. But there are reasons Intel goes to great lengths to produce firmware updates.

For the share in question, does it exist only on the encrypted disk? You can click Shares then click "Compute..." for the share to have it show all the disks the share exists on.

Changed Status to Solved

Changed Status to Open Changed Priority to Other

Need diags

I would rather want to find out why installing microcode update prevents boot. Make sure your motherboard bios is up to date.

Why did you suspect microcode to blame? Have you seen other reports of this on the web?

Dunno, maybe make sure motherboard bios is up to date? There are huge changes between Linux kernel in 6.8.3 vs. more recent.