Password Problems - Need Some Advice


flambot

Recommended Posts

Upgraded to unRaid 6 series some time back and setup security. Wrote everything up including the passwords and put it away somewhere safe. Unfortunately, that safe place now eludes me. 😭

 

I have managed to get all passwords sorted - except one. I have a HTPC that accesses my server ( a user for it is setup in the unraid gui). I cannot remember or figure the password for this machine. Is there anyway to retrieve it?

 

I have thought perhaps I could just delete that user from the unraid GUI and create a new one, but my worry is that my HTPC will no longer access the shares and it will lock me out. My HTPC runs xbmc (yes...an old version before it went KodiTV), but I don't remember how to setup user/password in xbmc's user shares should the need arise.

 

Can I somehow save (backup) the current HTPC user to restore it?

 

Is it possible to separate the WebGUI and actual machine console login? Seems that other posts have asked the same thing and you can't. Pity.

 

And..final ask, 6.8.3 uses a new webgui login panel. How can I make my browser remember the credentials? Seems I'm a dunce and figured it out. It was different in 6.7.2.

 

Many thanks

 

 

Edited by flambot
Link to comment

Not sure what can be done about the 'forgotten' password.  When they are stored in 'password' files on any computer they are hashed so that they can not be recovered from that source.

 

Now let's talk a bit about this situation and see what the community can figure out.   What is the security (Public, Secure or Private) of the share(s) that the HTPC is accessing on your Unraid server?  IF it is anything but Public, is there a real need for that level of security?

 

14 hours ago, flambot said:

My HTPC runs xbmc (yes...an old version before it went KodiTV), but I don't remember how to setup user/password in xbmc's user shares should the need arise.

Google can be your friend in this situation.  See if you can find out how to change the login  credentials on that end.  Don't be afraid to use many different combination of terms in the Google search.  Persistence in Google searches will usually yield results...

Link to comment
5 hours ago, Frank1940 said:

Now let's talk a bit about this situation and see what the community can figure out.   What is the security (Public, Secure or Private) of the share(s) that the HTPC is accessing on your Unraid server?  IF it is anything but Public, is there a real need for that level of security?

Hey Frank. Thanks for the comments. Not sure I understand this. My shares are "Private." Are you saying they DON'T need a password when set to Private??

 

As for xbmc, still investigating that part. Lots of info to wade through. At this point, I think that if the shares are password protected, then xbmc will automatically bring up a login box, but as of yet that is NOT completely clear. The easiest way to find out is delete the 3x password files on the unraid USB and setup them up again. I worry a lot about being locked out though. Passwords are a bane in any system IMO.

Link to comment
2 minutes ago, flambot said:

Hey Frank. Thanks for the comments. Not sure I understand this. My shares are "Private." Are you saying they DON'T need a password when set to Private??

 

As for xbmc, still investigating that part. Lots of info to wade through. At this point, I think that if the shares are password protected, then xbmc will automatically bring up a login box, but as of yet that is NOT completely clear. The easiest way to find out is delete the 3x password files on the unraid USB and setup them up again. I worry a lot about being locked out though. Passwords are a bane in any system IMO.

You have answered part of the question.  Your share security is  set to Private.  That means (as I trust you realize) that a user/client must log be properly logged onto the server and be granted permission to have any access to the files in this share. 

 

What the next part of my question is:  Why does this share require that level of protection?   I would assume that they are only Media files.  And exactly what access does the xbmc HTPC require---  read only or read/write?  Is there a reason why you require that write access be denied to these files except to a privileged few?  (It would seem to me that anyone who turns on that HTPC would already have full access to those files in any case.  So how are they being protected? And why...?)

 

Please understand that I am leading you through a thought process.  There should be a big difference in the level of protection required for your Financial, Tax and Health records/files as compared to contents of a bunch of movies and TV shows that many people will be fully aware of.  Basically, I am asking you why you need to set the security level on these files to Private...

Link to comment

@Frank1940 - it was all about following the prompts, help popups on the unraid and what I read. I also thought it would make it more difficult should our network be breached if one could not just access another computer on the network...but I don't really know a lot about this.
 

The HTPC has only Read Only access to the server. As for my Movies-TVSHows - I have them modded and tweaked to my satisfaction and a lot of work have gone into them to get them they way I want. It would be frustrating to have them compromised.

Ultimately, the plan is to take the network offline - meaning remove the possibility of connection to the internet (unless it is needed). Then I won't have any security (probably).

Initially, I was worried about not having that password. Now...after a few days have passed, I'm less concerned. Eventually, I'd like to upgrade my HTPC to something more modern (and faster), so perhaps it'll wait until then. If it fails in the meantime, I guess I can delete the current password files and reset from scratch.

Thanks for your insight.

 

Link to comment

Some thoughts....

 

Think about changing the security on the Media shares to SECURE rather than PRIVATE.  Nobody will be able to change the files and their structure  but everyone will be able to 'read' them either with the 'public/guest' privileges or as a logged-in user.   (You would change the user permissions to allow write/read permission to only those users whom you trust to make changes. You would review all users to see which ones only required read only permission and remove those users.)  

 

If you have a good router and keep it updated, you should not have any problems from the WAN side of the equation.  (I am assuming here, you are not the target of any three letter agency of some Government...)  It is becoming more and more difficult to get and stay disconnected from the Internet.  If nothing else, you will have to be able to get the security updates for Unraid!

 

(Consideration should also be given to setting up a separate isolated network for IOT devices and any Guests to whom you wish to provide Internet access while they are at your home.) The bigger issue from the outside is what your users are doing on the Internet.  Most of the time, they will be the ones who will be letting in the Malware, Ransomware and that type of Ilk. 

 

I am not a fan of setting Unraid shares as PUBLIC.  There are just too many security risks if you are using your server as a Backup for data of the data that is also on the client.  As a point of disclosure, I have set virtually all of my SMB/NFS shares set to SECURE and I have no users/clients who have write access to these shares!  Remember that while there are users (most think of these as real persons) on the Linux side of Unraid, on the outside of the server what is actually using those shares are Client computers.  Any program that will run on that Client computer can do what ever the permissions allow that client to do!   In a home network situation, a rogue program on a client computer is often the biggest danger, not the typical user actually doing something to the files. 

 

When Ransomware became a big thing, I made a decision to tighten things up considerably.  I developed a scheme-- with the insight of a lot of other folks ---to provide protection against it.   You can read about it here:

 

       https://forums.unraid.net/topic/58374-secure-writing-strategy-for-unraid-server-using-write-once-read-many-mode/#comment-572532

 

I have been using it for over three years and, while a bit clumsy,  it is usable.  I use the Binhex Docker version of Krusader to do the file management on protected shares. 

Link to comment

@Frank1940 - thanks for the link. I had a read. Most of that is far beyond my understanding - and probably always will be. A lot of unraid users seem to use their severs for a myriad of different things. My server is only for my video media. I have all the discs should anything problematic happen - but as I said, I have a lot of effort invested in my media.

 

My important data is NOT on a network share. Taking my media system off the network on to it's own one sounds like the best solution to me - ease of management. I am the only one with write access. There is no need to have unraid connected to the net - even updates don't really warrant it IMO. I have a second device that would act as my management computer, so a separate network could not be compromised. I don't run WiFI either, so an air-gap seems the best line of defense. Getting too old to play with such things anymore 🙄. I prefer now to be watching my media instead of playing with it or computers 😉

 

Link to comment

Sounds like you have a solution for security.  Just remember that when you do take the server off of the General network and put it on its own isolated network, you will still require a router--  To provide the computers on the Media network with IP addresses.   (There are ways around needing a router BUT if you are looking for simplicity, you don't want to go there!)  That Media network router simply won't have a cable to the between its WAN port and your Internet Modem. 

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.