Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

How do I make some shares private / read only?

Featured Replies

How do I make some shares private and read only?

 

I am surprise this can't be setup via unRAID Server  (/tower) site.

 

This is what I am trying to do:

 

 

Read Only for guest without password... (Only root/admin can delete and upload - it should popup to enter username/password)

\\TOWER\Movies

 

 

Only root/admin can access to Document, it should popup to enter username/password

\\TOWER\Document

 

  • Author

I could not get to work how I wanted.

 

On the Settings tab:

 

Share security: User Level

 

 

Users tabs:

 

I have created "guest" account without password

 

also set a new password for "root" account.

 

 

 

 

Shares tab:

(User shares)

 

I have a "Movies" share (//tower/Movies), I want only root account to be able to upload and delete.  Guest can view "Movies" share without password/login but they cant delete/update (only view).

 

I can see the label called "Export (SMB)" but I want 'Export read/write' for root account and 'Export read-only' for guest account.  How do I set this up?

 

 

  • Author

Update:

 

I have modify smb-shares.conf file and reload samba

 

[Movies]
        path = /mnt/user/Movies
        browsable = yes
        public = yes
        writable = no
        write list = root
        guest ok = yes

 

Now I can access to Movies share as guest but when I try to add new file I get an error saying: "You need permission to perform this action"

 

I expected username/password to popup but it didn't, how to fix this?

  • Author

bump ...

 

???

bump ...

 

???

Windows will default to guest and not ask you for a password if you have already connected to a different share on the same server as guest.

 

On OS X there is a connect as button in the finder window that should let you connect to that share as a different user if the default was to connect as guest.

  • Author

Windows will default to guest and not ask you for a password if you have already connected to a different share on the same server as guest.

 

Guest did not ask me for a password, that work fine and I can access to Movies share read only.  But when I attempt to add new files I expected to popup asking for username/password (for write permission).  That not possible?

Windows will default to guest and not ask you for a password if you have already connected to a different share on the same server as guest.

 

Guest did not ask me for a password, that work fine and I can access to Movies share read only.  But when I attempt to add new files I expected to popup asking for username/password (for write permission).  That not possible?

 

Not that I know of.

 

I believe once Windows connects to a share/server that is the login is stays with until you disconnect and clear the logins.

Correct.  Once you log into the server as 'guest' or any other user, you are stuck in that mode until you log out and back into Windows.  This is a limitation of Windows, not unRAID.

 

Also, the 'root' user is what allows access to the unRAID webGUI and system console.  Adding a password to that user will require you to enter a password to access either the webGUI or console.  I suggest adding a third user 'admin' with a password and using that one to access your shares read-only.  Here's a few examples:

 

lVYzX.png

 

The above share allows 'admin' read/write access and denies 'guest' all access.  Guests can see the share name 'All Backups' displayed on the network, but if they try to open it they get an 'access denied' error.  If you don't want guests to even see the share name, then change the export settings to export hidden.  In this case neither admin nor guest will be able to see the share, but admin can access it by typing in the path exactly (or opening a shortcut or mapped drive that leads to it).

 

GNQjq.png

 

The above share allows 'admin' read/write access and 'guest' (and all other users) read-only access.

  • Author

Thanks Rajahal, that work great!

 

Just a quick question,  how do you set disk1 and disk2 for admin user only?

 

 

 

Disk shares completely ignore all the user level security.  There is no way to restrict access to particular disks via disk shares.  If you want more security, you will have to either disable disk shares or export them as hidden.  The later will foil someone casually browsing your network, but a savvy intruder might still gain access.

 

If you want the appearance of 'disk1, disk2, etc.' in your network shares while maintaining user level security, you can create user shares named 'disk1, disk2, etc.'.  Then use the included/excluded disk settings to specify which shares refer to which disks.  See my 'all backups' share above for an example.  If that share were named 'disk2', then it would behave just like a disk share even though it is actually a user share.  Sort of a loophole approach, but it works.

 

Another share that I find useful on my network is one that I've named 'Dropbox'.  It is simply exported read/write for everyone.  This allows guests on my network to drop files on my server without my granting them full read/write access to everything else on the server.  I can then go in as 'admin' and move the files into the appropriate user shares if needed.

  • Author

Disk shares completely ignore all the user level security.  There is no way to restrict access to particular disks via disk shares.  If you want more security, you will have to either disable disk shares or export them as hidden.  The later will foil someone casually browsing your network, but a savvy intruder might still gain access.

 

If you want the appearance of 'disk1, disk2, etc.' in your network shares while maintaining user level security, you can create user shares named 'disk1, disk2, etc.'.  Then use the included/excluded disk settings to specify which shares refer to which disks.  See my 'all backups' share above for an example.  If that share were named 'disk2', then it would behave just like a disk share even though it is actually a user share.  Sort of a loophole approach, but it works.

 

Another share that I find useful on my network is one that I've named 'Dropbox'.  It is simply exported read/write for everyone.  This allows guests on my network to drop files on my server without my granting them full read/write access to everything else on the server.  I can then go in as 'admin' and move the files into the appropriate user shares if needed.

 

Wow that is really bad  :o  is that Samba design or Unraid design.... Maybe it can it be done via samba config file to have admin password for disk1 and disk2?

 

I think I will have to disable disk1, disk2 to "Dont Export' and then create some shares.

Possibly you can do it with a custom samba config file, I really don't know.  I personally don't find disk shares to be very useful anyway, so I just export them as hidden and use user shares instead.  If you ever need to do some file maintenance you can just temporarily turn disk shares on and then turn them off again afterwards.

Personally I'd have different accounts on the media player vs the one that copies the files. Media read only user to connect to 'share' and 'admin' to connect read/write to the share to copy files.

 

This is ignoring disk shares, just utilizing user shares - one user having read only access, one user having read/write access to all shares. If you are like me, you have a dedicated HTPC for streaming, and just use that PC to read off the array.

 

My setup it thus: htpc user - read only. admin account on the same win7 box - read/write. normal desktop user, (same username as admin on htpc) read/write. I've got the remote desktop hack on the HTPC - allows me to remote in from my desktop and do the commercial cuts, encoding & copying/

 

 

A few observations from 5b10...

 

* my share screen looks different to Raj's;

* I can't use the sharename "disk1" (it seems to be a reserved word) - "disk 1" (with a space) works;

 

Question: how do I set up a user share to the flash drive?  When I tried specifying a disk name of "flash" or "boot", it used disk1 instead?

A few observations from 5b10...

 

* my share screen looks different to Raj's;

* I can't use the sharename "disk1" (it seems to be a reserved word) - "disk 1" (with a space) works;

 

Question: how do I set up a user share to the flash drive?  When I tried specifying a disk name of "flash" or "boot", it used disk1 instead?

 

Raj has a magic server. He is running 4.7.

 

The flash can be by clicking "flash" on the Main tab.

A few observations from 5b10...

 

* my share screen looks different to Raj's;

* I can't use the sharename "disk1" (it seems to be a reserved word) - "disk 1" (with a space) works;

 

Question: how do I set up a user share to the flash drive?  When I tried specifying a disk name of "flash" or "boot", it used disk1 instead?

 

Raj has a magic server. He is running 4.7.

 

The flash can be by clicking "flash" on the Main tab.

 

Yep, that worked, thanks.

  • 2 weeks later...

This isn't working for me on 5.0b8c. Here's what I did:

 

- Create a new user called "rw" and set a password

- Go to the user share. Export hidden, private security.

- Set all user access to no access, except for "rw" which has read/write access.

- Run "samba stop" then "samba start"

 

When I try to map the user share from windows it keeps prompting me for the password. If I type the password, it prompts me again but converts the username from "rw" to "STORAGE\rw". (My server is named "storage").

 

If I create a user on unraid that has the same username and password as my windows user, it works fine. (But I don't want to do that.)

 

Anyone know what's going on?

When I try to map the user share from windows it keeps prompting me for the password. If I type the password, it prompts me again but converts the username from "rw" to "STORAGE\rw". (My server is named "storage").

 

Anyone know what's going on?

The STORAGE\rw is probably because it is trying to connect to a domain.  When you enter the UserName to log in put a "\" in front of it before putting in the name.

Archived

This topic is now archived and is closed to further replies.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.