Shares - SMB Export privacy with anonymous/guest user

[Nyxtorm]

Hello,

 

Today we have 3 possible choices for SMB exports privacy on Unraid: Yes / Yes (hidden) / No

 

I have a little problem with "Yes" because it is too permissive and with "Yes (hidden)" which is too restrictive.

 

- With "yes" : it is possible to list all available shares, even when authenticating with "guest" or "anonymous" on \\UNRAID_HOST\

- With "yes (hidden)": In this mode, very well the share is hidden for guest/anonymous. However, even if I authenticate with a "real" user, they are hidden of course.

 

I use Solid Explorer on mobile, I would like to have a single shortcut to \\UNRAID_HOST\ to be able to list my shares to which I have at least read access. In "Yes (hidden)" mode I have to create a shortcut for each share. It quickly becomes a mess with many shares.

 

It would be nice to have :

 

* Yes -> The current behavior : export for all including guest/anonymous and Unraid users with or without access rights

* Yes (hidden) -> The current behavior, hidden for all

* Unraid authentication -> Listed only in case it's a unraid user, with a sub-option "Hide share if Unraid user doesn't have read rights on it".

* No -> Current behavior

 

I agree that this is not a very important feature, but more of a comfort feature where there is a lot of shares and privacy is best.

 

Sorry for my English,

 

 

 

[gluebaby]

Just stumbled across this, and I second this idea- or if anyone has any good solutions I'd appreciate it. I don't like that when browsing my server as a guest I can see all the folders even though I don't have access to them. I guess technically I can choose not to export them or to export them as hidden, but I want my users to see the folders which they have access to and nothing else.

I'd love a feature like OP described, or some advice on how to get by in the meantime.

[logika]

Bump

[itimpi]

17 hours ago, gluebaby said:

but I want my users to see the folders which they have access to and nothing else.

 

This is not an option in Unraid.   If there is a Samba combination of settings that provides this it would be nice to know as it could then be implemented.    Not sure it is even possible on a Windows server although I could be wrong about that.

[gluebaby]

6 hours ago, itimpi said:

 

This is not an option in Unraid.   If there is a Samba combination of settings that provides this it would be nice to know as it could then be implemented.    Not sure it is even possible on a Windows server although I could be wrong about that.

Access based enumeration? 

[Bastian]

Some quick testing with @gluebabys suggestion.

 

I created two shares:

• visible: Export = Yes, Security = Private, my user has read/write access
• nvisible: Export = Yes, Security = Private, my user has no access

Without any modification to SMB:

Both shares are visible. After applying ABE like described in this article:

I just added those two settings to the SMB configuration:

 

It probably needs more testing to figure out any edge-case, drawbacks, etc., but it seems to be technically possible.

[gluebaby]

38 minutes ago, Bastian said:

Some quick testing with @gluebabys suggestion.

 

I created two shares:

• visible: Export = Yes, Security = Private, my user has read/write access
• nvisible: Export = Yes, Security = Private, my user has no access

Without any modification to SMB:

Both shares are visible. After applying ABE like described in this article:

I just added those two settings to the SMB configuration:

 

It probably needs more testing to figure out any edge-case, drawbacks, etc., but it seems to be technically possible.

I will give this a try when I get home, but yeah I suspected such a thing would be possible.