markhsa

Hello all, I am hoping someone can help me here. I submitted two tickets for getting my paid key updated as my Unraid USB drive died. I read that 24-72 hours is typical or response, but this has been a week now. Are there issues with support? Delays? This system is down until this if fixed and I really dont think its right to buy a new key when I have paid once already. Thanks all. Hopefully someone can shed some light here. The automated "move key" functionality is giving me a 404 error.

Linux VM.

I have an issue with a VM in Unraid I have setup as a server and its a bit critical that it is up and running in a very powerful server. (Java app with database that VM server cant handle due to system specs..) So I need to make VM into a physical running machine. VM -> actual disk to boot from. Its a work machine, and its critical. So help really appreciated. ( I posted in General as well, I hope thats ok as this is urgent.... ) sorry if its not ok..... So how can I move a VM to Physical hardware in the easiest way? I have the disk device as a raw disk on NVME ( Linux machine ) /dev/disk/by-id/nvme-Samsung_SSD_970_EVO_Plus_1TB_S59ANG0MA14014A-part4 I have shut down the VM, taken a dd to image of that partition, and now need to take that to physical. Can I mount that Virtio into a mount point any copy files off perhaps? Or is there a smarter way to do this? How to take a virtio image to Physical disk? Many thanks!!!!

I have an issue with a VM in Unraid I have setup as a server and its a bit critical that it is up and running in a very powerful server. So how can I move a VM to Physical hardware in the easiest way? I have the disk device as a raw disk on NVME ( Linux machine ) /dev/disk/by-id/nvme-Samsung_SSD_970_EVO_Plus_1TB_S59ANG0MA14014A-part4 I have shut down the VM, taken a dd to image of that partition, and now need to take that to physical. Can I mount that Virtio into a mount point any copy files off perhaps? Or is there a smarter way to do this? How to take a virtio image to Physical disk? Thanks all. This is for a work project so its really critical..... Many thanks!!!!

Hello, I have a running VM on a raw device (nvme) working perfectly. Now, I have enabled iptables on the OS on it (Ubuntu 19.10) and enabled port 443, but forgot to add any other ports! So now I am fully locked out of the running machine. VNC is also not responding from the icon in VMS on the Unraid GUI. Any ideas on how to fix this? I thought maybe shut the machine down, manually mount the drive, then disable iptables or add a rule to the actual config file? But I cant mount it either.... Device Start End Sectors Size Type /dev/disk/by-id/nvme-Samsung_SSD_970_EVO_Plus_1TB_S59ANG0MA14014A-part1-part1 2048 1050623 1048576 512M EFI System /dev/disk/by-id/nvme-Samsung_SSD_970_EVO_Plus_1TB_S59ANG0MA14014A-part1-part2 1050624 209713151 208662528 99.5G Linux filesystem root@Tower:~# fsck -N /dev/disk/by-id/nvme-Samsung_SSD_970_EVO_Plus_1TB_S59ANG0MA14014A-part1 fsck from util-linux 2.34 [/sbin/fsck.ext2 (1) -- /dev/nvme1n1p1] fsck.ext2 /dev/nvme1n1p1 Manual mount: root@Tower:~# mount /dev/disk/by-id/nvme-Samsung_SSD_970_EVO_Plus_1TB_S59ANG0MA14014A-part1 /mnt/stub/ mount: /mnt/stub: wrong fs type, bad option, bad superblock on /dev/nvme1n1p1, missing codepage or helper program, or other error. Ideas??? Here is a link to a pic on how I add the raw disk. I assume "Manual" and "VirtIO" are the best options on this by the way? Screen capture of VM config from Unraid GUI

Thanks for that. I will look at a bit external drive via USB. Can you elaborate on emu-img and virsh and what that means for snapshots?

Hello all, I am looking for a full backup solution (hopefully a plugin but cant find one in the list) I have a 6TB backup USB drive and want an automated backup scheduled. I would like to backup the entire UNRAID machine as much as I can. VM's (now what I would love on this is SNAPSHOT ability for running VM's. That would be amazing!!). Does that exist? Is there a plugin to do this? Or what is a better way? Thanks all for the help on this one. My Unraid server is becoming more and more used and important to me, so its pretty important to backup and re-backup my stuff.

Thanks for the followup. A few things on this. 1) its unfortunate that you cant use an Unraid server as a Linux terminal host as well. 2) A VM suffers from this security issue as well. ie. root on Unraid can see all VM file data. Results from /mnt/disk* ( rather than /mnt/user ) The behavior is as expected ( correct ) in the /mnt/disk* location. The cat command on a file, that a user does not have permission to, is NOT allowed. Permission denied. This is because the mount options are different: mark@Tuna:/mnt$ mount |grep disk1 /dev/md1 on /mnt/disk1 type xfs (rw,noatime,nodiratime) mark@Tuna:/mnt$ mount |grep user shfs on /mnt/user0 type fuse.shfs (rw,nosuid,nodev,noatime,allow_other) shfs on /mnt/user type fuse.shfs (rw,nosuid,nodev,noatime,allow_other) The fuse.shfs is the one that has the security issue. My question would be...... As /mnt/user is the aggregated listing of all /mnt/disk* , why is the security different? It seems that /mnt/user is a vitrual user space file system. Thats OK, however, VM's and docker etc... are advised to use the /mnt/user directory correct? This direction is likely a problem due to this. Any thoughts on this welcome so that I can understand how to use this better and what the purpose of of the /mnt/user virtual FS is? Thanks, Mark

I am going to summarize my own post and I have found the issue. Please correct me where I am wrong here. SUMMARY: I would consider this a huge security issue in UnRaid. Do not put any confidential or secure files on UnRaid if you are in the audience below. ( or if you are security aware in my opinion ) AUDIENCE: -Anyone running a VM ( Linux, Windows etc.. ) -Anyone with a docker -Anyone that has access to the UnRaid webgui and the terminal option ( everyone ) -Anyone that has a local user created on the UnRaid server ISSUE: If you have dockers or VM's created, OR have any potential local access to your UNRaid server ( terminal from the unraid GUI for instance ) then all files in the /mnt/user ( default ) directory have open permissions. Anyone can read/write/delete For me, this would prevent me from putting any secure/confidential files on an unraid directory. Its true, I also have a local user created on my UNRaid server. I am an old Unix/Linux guy, so I assumed that UnRaid is a secure server for login. This NON-PRIVILEGED local user has access to all UnRaid directory files. Very dangerous in my humble opinion. So, for local users, and dockers, and VM's ( Plex for instance ) created on UnRaid, your files are wide open for all users to read/write/delete. Yes, you can specify that Plex be read-only, but I bet most users are not aware of this need. VM's ( Linux, Windows etc... ) would have to be considered open and insecure as ANY of the VW files are free to read by anyone with an UnRaid console, or any user that can login to the UnRaid server. CAUSE: The UnRaid mount is done with an option called allow_other. This negates security completely on the main /mnt/user mount. If you execute this on command line: mount |grep /mnt/user You will see this below. shfs on /mnt/user0 type fuse.shfs (rw,nosuid,nodev,noatime,allow_other) shfs on /mnt/user type fuse.shfs (rw,nosuid,nodev,noatime,allow_other) I am not aware of an option in UnRaid to change this behavior. If someone here is aware of this option to change this default behavior, please let me know.

So I suspect this is the problem. I wonder if you all have this mount option on /mnt/user as well? I will test this, but I think this is the mount option that is allowing this and causing this security problem: root@Tuna:/mnt/user# mount |grep /mnt/user shfs on /mnt/user type fuse.shfs (rw,nosuid,nodev,noatime,allow_other) allow_other is a mount option on this that opens up the security to all. Very dangerous. From a google: allow_other This option overrides the security measure restricting file access to the user mounting the filesystem. So all users (including root) can access the files. This option is by default only allowed to root, but this restriction can be removed with a configuration option described in the previous section. Any thoughts on why UnRaid would use such a gaping security hole?

I cant see how permissions could be ignored in any *nix OS. But that is what is happening. The problem comes when you have dockers, or VM's that use this file system. That means that you cant control read/write reliably or have any security there. I cant believe that Unraid could have this type of security flaw. Something else must be wrong?

I have done this. Results below. It is a valid user. It really looks like permissions are being ignored on this unraid mount. mark@Tuna:/$ id uid=1002(mark) gid=1002(mark) groups=1002(mark),7(lp),11(floppy),17(audio),18(video),19(cdrom),93(scanner) mark@Tuna:/$

In what possible scenario could you cat a file, with no permissions, in the above example and be allowed with ANY directory permissions? If you know something I dont on permissions, I am open to learn. So please let me know.

Here is another example of how this is broken. Full output below. 1) root creates a file called outputfile with content in it. 2) root chmod the file 400 ( no one can read this file other than root ) 3) user "mark" cats the file, it can be read. Permissions on Unraid share are being ignored. root@Tuna:~# cd /mnt/user root@Tuna:/mnt/user# echo "test file content" > outputfile root@Tuna:/mnt/user# cat outputfile test file content root@Tuna:/mnt/user# chmod 400 outputfile root@Tuna:/mnt/user# ls -al outputfile -r-------- 1 root root 18 Dec 23 10:53 outputfile root@Tuna:/mnt/user# su - mark No directory, logging in with HOME=/ mark@Tuna:/$ cd /mnt/user mark@Tuna:/mnt/user$ ls -al outputfile -r-------- 1 root root 18 Dec 23 10:53 outputfile mark@Tuna:/mnt/user$ cat outputfile test file content mark@Tuna:/mnt/user$