Nyxtorm Posted January 18, 2023 Share Posted January 18, 2023 Hello, Today we have 3 possible choices for SMB exports privacy on Unraid: Yes / Yes (hidden) / No I have a little problem with "Yes" because it is too permissive and with "Yes (hidden)" which is too restrictive. - With "yes" : it is possible to list all available shares, even when authenticating with "guest" or "anonymous" on \\UNRAID_HOST\ - With "yes (hidden)": In this mode, very well the share is hidden for guest/anonymous. However, even if I authenticate with a "real" user, they are hidden of course. I use Solid Explorer on mobile, I would like to have a single shortcut to \\UNRAID_HOST\ to be able to list my shares to which I have at least read access. In "Yes (hidden)" mode I have to create a shortcut for each share. It quickly becomes a mess with many shares. It would be nice to have : * Yes -> The current behavior : export for all including guest/anonymous and Unraid users with or without access rights * Yes (hidden) -> The current behavior, hidden for all * Unraid authentication -> Listed only in case it's a unraid user, with a sub-option "Hide share if Unraid user doesn't have read rights on it". * No -> Current behavior I agree that this is not a very important feature, but more of a comfort feature where there is a lot of shares and privacy is best. Sorry for my English, Quote Link to comment
gluebaby Posted April 1 Share Posted April 1 Just stumbled across this, and I second this idea- or if anyone has any good solutions I'd appreciate it. I don't like that when browsing my server as a guest I can see all the folders even though I don't have access to them. I guess technically I can choose not to export them or to export them as hidden, but I want my users to see the folders which they have access to and nothing else. I'd love a feature like OP described, or some advice on how to get by in the meantime. Quote Link to comment
itimpi Posted April 2 Share Posted April 2 17 hours ago, gluebaby said: but I want my users to see the folders which they have access to and nothing else. This is not an option in Unraid. If there is a Samba combination of settings that provides this it would be nice to know as it could then be implemented. Not sure it is even possible on a Windows server although I could be wrong about that. Quote Link to comment
gluebaby Posted April 2 Share Posted April 2 6 hours ago, itimpi said: This is not an option in Unraid. If there is a Samba combination of settings that provides this it would be nice to know as it could then be implemented. Not sure it is even possible on a Windows server although I could be wrong about that. Access based enumeration? Quote Link to comment
Bastian Posted April 3 Share Posted April 3 Some quick testing with @gluebabys suggestion. I created two shares: visible: Export = Yes, Security = Private, my user has read/write access nvisible: Export = Yes, Security = Private, my user has no access Without any modification to SMB: Both shares are visible. After applying ABE like described in this article: I just added those two settings to the SMB configuration: It probably needs more testing to figure out any edge-case, drawbacks, etc., but it seems to be technically possible. Quote Link to comment
gluebaby Posted April 3 Share Posted April 3 38 minutes ago, Bastian said: Some quick testing with @gluebabys suggestion. I created two shares: visible: Export = Yes, Security = Private, my user has read/write access nvisible: Export = Yes, Security = Private, my user has no access Without any modification to SMB: Both shares are visible. After applying ABE like described in this article: I just added those two settings to the SMB configuration: It probably needs more testing to figure out any edge-case, drawbacks, etc., but it seems to be technically possible. I will give this a try when I get home, but yeah I suspected such a thing would be possible. Quote Link to comment
patricks1 Posted April 27 Share Posted April 27 On 4/3/2024 at 12:11 PM, Bastian said: Some quick testing with @gluebabys suggestion. I created two shares: visible: Export = Yes, Security = Private, my user has read/write access nvisible: Export = Yes, Security = Private, my user has no access Without any modification to SMB: Both shares are visible. After applying ABE like described in this article: I just added those two settings to the SMB configuration: It probably needs more testing to figure out any edge-case, drawbacks, etc., but it seems to be technically possible. This is brilliant. It worked for me. Thank you @gluebaby and @Bastian! Quote Link to comment
Nyxtorm Posted April 29 Author Share Posted April 29 Hello, Thank you for your help, which helped me to do exactly what I wanted. However, what is added in Settings => SMB =>SMB Extras is put to the [global] part of Samba config. So in practice, the "hide unreadable = Yes" part shouldn't be there, because it is, if I'm not being silly, normally specific to shares(?), in the [share_name] part. The "access based share enum = Yes" parameter is sufficient for the same result. Quote Link to comment
Bastian Posted April 29 Share Posted April 29 1 hour ago, Nyxtorm said: Hello, Thank you for your help, which helped me to do exactly what I wanted. However, what is added in Settings => SMB =>SMB Extras is put to the [global] part of Samba config. So in practice, the "hide unreadable = Yes" part shouldn't be there, because it is, if I'm not being silly, normally specific to shares(?), in the [share_name] part. The "access based share enum = Yes" parameter is sufficient for the same result. After some more digging: both properties are actually share configurations (source: smb.conf) A property defined in [Global] is applied to any share (THE GLOBAL SECTION parameters in this section apply to the server as a whole, or are defaults for sections which do not specifically define certain items. (source: manpage)). The cross-reference in PARAMETERS furthermore states: Note that all S parameters can also be specified in the [global] section - in which case they will define the default behavior for all services.) In conclusion, Global can define share properties, in which case they are applied to all shares. After your post I also was a bit confused why it worked at all Quote Link to comment
Nyxtorm Posted April 29 Author Share Posted April 29 6 hours ago, Bastian said: After some more digging: both properties are actually share configurations (source: smb.conf) A property defined in [Global] is applied to any share (THE GLOBAL SECTION parameters in this section apply to the server as a whole, or are defaults for sections which do not specifically define certain items. (source: manpage)). The cross-reference in PARAMETERS furthermore states: Note that all S parameters can also be specified in the [global] section - in which case they will define the default behavior for all services.) In conclusion, Global can define share properties, in which case they are applied to all shares. After your post I also was a bit confused why it worked at all Interesting, thank you for your analysis! 😀 For my part, I won't be using the "hide unreadable" option, which goes beyond my initial request, which was to hide shares, and could slow down some folder listing: Quote Please note that enabling this can slow down listing large directories significantly. Samba has to evaluate the ACLs of all directory members, which can be a lot of effort. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.