January 18, 20233 yr Hello, Today we have 3 possible choices for SMB exports privacy on Unraid: Yes / Yes (hidden) / No I have a little problem with "Yes" because it is too permissive and with "Yes (hidden)" which is too restrictive. - With "yes" : it is possible to list all available shares, even when authenticating with "guest" or "anonymous" on \\UNRAID_HOST\ - With "yes (hidden)": In this mode, very well the share is hidden for guest/anonymous. However, even if I authenticate with a "real" user, they are hidden of course. I use Solid Explorer on mobile, I would like to have a single shortcut to \\UNRAID_HOST\ to be able to list my shares to which I have at least read access. In "Yes (hidden)" mode I have to create a shortcut for each share. It quickly becomes a mess with many shares. It would be nice to have : * Yes -> The current behavior : export for all including guest/anonymous and Unraid users with or without access rights * Yes (hidden) -> The current behavior, hidden for all * Unraid authentication -> Listed only in case it's a unraid user, with a sub-option "Hide share if Unraid user doesn't have read rights on it". * No -> Current behavior I agree that this is not a very important feature, but more of a comfort feature where there is a lot of shares and privacy is best. Sorry for my English,
April 1, 20242 yr Just stumbled across this, and I second this idea- or if anyone has any good solutions I'd appreciate it. I don't like that when browsing my server as a guest I can see all the folders even though I don't have access to them. I guess technically I can choose not to export them or to export them as hidden, but I want my users to see the folders which they have access to and nothing else. I'd love a feature like OP described, or some advice on how to get by in the meantime.
April 2, 20242 yr Community Expert 17 hours ago, gluebaby said: but I want my users to see the folders which they have access to and nothing else. This is not an option in Unraid. If there is a Samba combination of settings that provides this it would be nice to know as it could then be implemented. Not sure it is even possible on a Windows server although I could be wrong about that.
April 2, 20242 yr 6 hours ago, itimpi said: This is not an option in Unraid. If there is a Samba combination of settings that provides this it would be nice to know as it could then be implemented. Not sure it is even possible on a Windows server although I could be wrong about that. Access based enumeration?
April 3, 20242 yr Some quick testing with @gluebabys suggestion. I created two shares: visible: Export = Yes, Security = Private, my user has read/write access nvisible: Export = Yes, Security = Private, my user has no access Without any modification to SMB: Both shares are visible. After applying ABE like described in this article: I just added those two settings to the SMB configuration: It probably needs more testing to figure out any edge-case, drawbacks, etc., but it seems to be technically possible.
April 3, 20242 yr 38 minutes ago, Bastian said: Some quick testing with @gluebabys suggestion. I created two shares: visible: Export = Yes, Security = Private, my user has read/write access nvisible: Export = Yes, Security = Private, my user has no access Without any modification to SMB: Both shares are visible. After applying ABE like described in this article: I just added those two settings to the SMB configuration: It probably needs more testing to figure out any edge-case, drawbacks, etc., but it seems to be technically possible. I will give this a try when I get home, but yeah I suspected such a thing would be possible.
April 27, 20242 yr On 4/3/2024 at 12:11 PM, Bastian said: Some quick testing with @gluebabys suggestion. I created two shares: visible: Export = Yes, Security = Private, my user has read/write access nvisible: Export = Yes, Security = Private, my user has no access Without any modification to SMB: Both shares are visible. After applying ABE like described in this article: I just added those two settings to the SMB configuration: It probably needs more testing to figure out any edge-case, drawbacks, etc., but it seems to be technically possible. This is brilliant. It worked for me. Thank you @gluebaby and @Bastian!
April 29, 20242 yr Author Hello, Thank you for your help, which helped me to do exactly what I wanted. However, what is added in Settings => SMB =>SMB Extras is put to the [global] part of Samba config. So in practice, the "hide unreadable = Yes" part shouldn't be there, because it is, if I'm not being silly, normally specific to shares(?), in the [share_name] part. The "access based share enum = Yes" parameter is sufficient for the same result.
April 29, 20242 yr 1 hour ago, Nyxtorm said: Hello, Thank you for your help, which helped me to do exactly what I wanted. However, what is added in Settings => SMB =>SMB Extras is put to the [global] part of Samba config. So in practice, the "hide unreadable = Yes" part shouldn't be there, because it is, if I'm not being silly, normally specific to shares(?), in the [share_name] part. The "access based share enum = Yes" parameter is sufficient for the same result. After some more digging: both properties are actually share configurations (source: smb.conf) A property defined in [Global] is applied to any share (THE GLOBAL SECTION parameters in this section apply to the server as a whole, or are defaults for sections which do not specifically define certain items. (source: manpage)). The cross-reference in PARAMETERS furthermore states: Note that all S parameters can also be specified in the [global] section - in which case they will define the default behavior for all services.) In conclusion, Global can define share properties, in which case they are applied to all shares. After your post I also was a bit confused why it worked at all
April 29, 20242 yr Author 6 hours ago, Bastian said: After some more digging: both properties are actually share configurations (source: smb.conf) A property defined in [Global] is applied to any share (THE GLOBAL SECTION parameters in this section apply to the server as a whole, or are defaults for sections which do not specifically define certain items. (source: manpage)). The cross-reference in PARAMETERS furthermore states: Note that all S parameters can also be specified in the [global] section - in which case they will define the default behavior for all services.) In conclusion, Global can define share properties, in which case they are applied to all shares. After your post I also was a bit confused why it worked at all Interesting, thank you for your analysis! 😀 For my part, I won't be using the "hide unreadable" option, which goes beyond my initial request, which was to hide shares, and could slow down some folder listing: Quote Please note that enabling this can slow down listing large directories significantly. Samba has to evaluate the ACLs of all directory members, which can be a lot of effort.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.