IMTheNachoMan

Can I ask one question? Assuming I don't do anything stupid crazy with the PHP code, making changes to /usr/local/emhttp/webGui/scripts a live, running system won't break anything, will it? I don't have capacity to run a VM for Unraid and I don't have a backup system so I was going to test changes on my live system. From what I can see it's a few lines added to the if block of that script and then some changes to the vsftpd.conf file. So pretty trivial but I don't know enough about Unraid's core to know if I'll ruin my system?

Oh. Brilliant. Looks like it already writes to a file ftp_userlist_file . I can't see where the code actually writes to it but I'll keep digging.

This is a relatively easy fix. I have the vsftpd.conf that will limit/jail a user to a specific share as their root/home for FTP using vsftpd's virtual user feature. I can make it work two ways but need help with both because I don't yet understand Unraid code: Mimic something ProFTPD where the "users" list in the FTP configuration for vsftpd in Unraid allows you to enter a specific syntax that, upon save, gets processed and dumped to a file. For example, entering "user1=/mnt/user/share1; user2=/mnt/user/share2" would result in some files being created in /etc/vsftpd that. Add a more robust UI to the configuration that lets you add users and select their share. Same result as above but a prettier front end. While ProFTPD works, vsftpd is more lightweight and for Unraid purposes is perfect. If someone can, at minimum, tell me where the Unraid code is that handles save/apply on the vsftpd FTP save UI, then I can try to modify it for the #1 option. For #2 I'd need someone's help to write the code for the UI.

Sure, but there are legitimate use cases where you want to be able to FTP to a specific folder and no where else. I am okay with FTP, with its insecure nature, open on /some/random/path but not on /. So logically if I enable FTP on Unraid and limit it to user1 then user1 should only have access to the shares that user1 is given access to in Unraid. If user1 does not have access to a share on Unraid they should definitely not have access to the share via FTP. Now, if the FTP configuration in Unraid didn't ask for a user and worked just like SSH (only the root user) then that would be a different thing. But the Unraid UI lets me specify a user for FTP which means it should enforce the appropriate ACLs. Of course. For example, I have a security camera that save videos to FTP. My FW rules restrict access between devices. I want my security camera to save videos by ftp to a specific share. But because of the misconfiguration in the FTP configuration in Unraid, the FTP user gets access to all shares, not just the one I've given it. My issue is not that the FTP system gives access to all shares. My issue is that the FTP configuration asks for a user which inherently implies the access is limited to just the shares the user has access to and yet the user can read/write from other shares. If the FTP system with Unraid is going to give full access to all shares then it shouldn't let you specify a user and should default to the root account like the SSH system does.

That doesn't really address the security gap. Disabled by default is not a valid security control.

Yes. I got that. But I still wanted to raise this issue cause I think it is a security issue worth addressing. I get for SSH there are no other user accounts and there is just the root account but if the FTP configuration allows to enter a user then there is an implied assumption the user's ACLs are enforced. I see Unraid uses vsftpd. I think I can figure out the necessary vsftpd.conf setting to make this work as expected and maybe even jail the user to a specific share. I just can't find where Unraid stores the user name saved in the web UI for FTP.

From what I can tell, it looks like the FTP user permissions are not being honored. This is what I did (screenshots below). Created a new user In Settings > FTP Server I: Enabled Added the user In Users > the user: Gave the user read/write to only one share After that, when I connected to my unraid box using FTP using the user, I was able to navigate to other shares and create files. Yes, I know it is advised not to use the built in FTP server but since I am not doing any port forwarding I figured it would work for me. And, even still, if the capability is there it should work as expected.

Yeah. A bit concerning to me from a security standpoint but I get it. I am going to take your approach to see if I can figure it out. Thanks!

To start with I just want to make a web UI for rclone to configure sync jobs. A place to specify source share, destination rclone cloud service, when to run, cache size, etc.... I have a script that does it and sends a nice HTML formatted email with status of sync. I will keep playing around with this. I'll figure it out one day. (I have fingers crossed that for future version of Unraid they implement a cleaner plugin system. The web UI aspect could be handled by a simple XML type config. Maybe one day. Fingers crossed.)

Got it. Thank you! I started doing that but thought (read: hoped) there was an easier way. There seems to be a lot of proprietary stuff. For example, it looks like this part is used to add a new row to the page? But what exactly is the format of that first line? _(Hourly schedule)_: : <span class="time">&nbsp;&nbsp;_(Any)_</span> <span class="time"><input type="number" name="hourlyMM" value="<?=$cfg['hourlyMM']?>" min="0" max="59" maxlength="2" class="cast" required></span> <span class="date">&nbsp;_(Any)_</span> <span class="auto"><?=$tasks1 ? implode(", ", $tasks1) : '<_(none)_>'?></span>

I just started using Unraid and I am loving it. I work in Cybersecurity (specifically in product security) so I'm probably more paranoid than most. I haven't yet done a security review/assessment of Unraid (no time) but the one thing that really gets me is that Unraid's web UI root account is the same as the OS root account. I don't even know how to process that. That is a flat out no for anything our company develops. It's security 101. This is especially concerning with the introduction of the My Servers capability. So I'm wondering if Unraid has any plans to de-link from the OS root account and establish its own root/admin account system? P.S. I do not mean to offend or upset anyone, including the Unraid developers. It really is a marvelous product. I'd just like to see it handle security better. P.S.S. How is Unraid supposed to be stylized? I see it written in so many different ways and I can't tell what is the right/official way?

Where can I find information on writing the actual heart of a plugin? I get the pgl syntax but can't find any kind of documentation or comments on writing an actual plugin. I want to write a web UI front end for Unraid for rclone to let you create schedules for syncing. Something that lets the user specify when to run, source, which rclone configured bucket, etc... I know the rclone side of everything but can't figure out how to get a plugin with a web interface in Unraid.

Got it. Thank you!

Fair. Thank you. I was trying to see how to develop a plugin to see if I could do it myself but I couldn't figure out how the actual code works. I think it uses PHP. Will see if I can figure it out.

Thank you for these plugins. Very helpful! What is the "Users Names" tab for in "Active Streams"?

Ah. So Unraid is using ssmtp. Got it. I can update my scripts. Thank you!

How can I either email the output of scripts or have my scripts send an email? I have an rclone script I use that emails me a summary of my rclone sync. I can't use it in Unraid since the mail command doesn't work. Also, was the clearLog option removed?

First, thank you for making this app! There are 37 pages in this so I apologize if this was already covered and I missed it. Rclone now has a web UI capability. Any plans to add that to the Unraid UI for rclone? Like a quick way to start/stop, and change settings (like port and password)?

Got it. Thank you so much!

I have never used NFS before. I have been using Samba for years but I just got a security camera that will only write to NFS or FTP. I know I could install something like ZoneMinder but I don't want to get into that complex of a configuration yet. I was reading it is better to use NFS than FTP so I am trying to expose a share over NFS so my camera can write to it. I can't find much information on the NFS rule syntax in the Unraid documentation. I just want to make it so 192.168.1.50 can read/write to the share. Nothing else should be able to read/write to it using NFS. How would I go about doing this?

There is no "Fix Common Problems" option....

Where is that? I can't find it.

Damn. That explains why my Plex stopped working. Now to reset it. Thank you!

I needed to import my data after installing Unraid. After I got unRAID up and running, I: disabled the cache pool for the share I am copying the data to since I will be importing 1.5 TBs plugged my ext4 formatted USB drive into the system used the unassigned devices plugins to mount the drive as read-only opened a terminal from the WebUI used rsync to copy the files from /mnt/disks/backup to /mnt/user/data ran Tools > New Permissions on all my drives/shares -- none of the articles/guides I read, including https://wiki.unraid.net/Transferring_Files_Within_the_unRAID_Server, mentioned this but I couldn't access the files until I did this and it sorta makes sense that you gotta fix permissions when importing data re-enabled the cache pool for the share Is there anything else I need to do? I wasn't sure if copying data like this outside of Unraid's normal control might break anything.

Yeah, my plan was to monitor when I am doing most of my writes and adjust the mover run time accordingly.