Ice_Black Posted July 27, 2011 Share Posted July 27, 2011 How do I make some shares private and read only? I am surprise this can't be setup via unRAID Server (/tower) site. This is what I am trying to do: Read Only for guest without password... (Only root/admin can delete and upload - it should popup to enter username/password) \\TOWER\Movies Only root/admin can access to Document, it should popup to enter username/password \\TOWER\Document Link to comment
steini84 Posted July 27, 2011 Share Posted July 27, 2011 It is built in.. Take a second look: http://lime-technology.com/wiki/index.php?title=UnRAID_Manual#Shares Link to comment
Ice_Black Posted July 27, 2011 Author Share Posted July 27, 2011 I could not get to work how I wanted. On the Settings tab: Share security: User Level Users tabs: I have created "guest" account without password also set a new password for "root" account. Shares tab: (User shares) I have a "Movies" share (//tower/Movies), I want only root account to be able to upload and delete. Guest can view "Movies" share without password/login but they cant delete/update (only view). I can see the label called "Export (SMB)" but I want 'Export read/write' for root account and 'Export read-only' for guest account. How do I set this up? Link to comment
Ice_Black Posted July 28, 2011 Author Share Posted July 28, 2011 Update: I have modify smb-shares.conf file and reload samba [Movies] path = /mnt/user/Movies browsable = yes public = yes writable = no write list = root guest ok = yes Now I can access to Movies share as guest but when I try to add new file I get an error saying: "You need permission to perform this action" I expected username/password to popup but it didn't, how to fix this? Link to comment
prostuff1 Posted July 28, 2011 Share Posted July 28, 2011 bump ... Windows will default to guest and not ask you for a password if you have already connected to a different share on the same server as guest. On OS X there is a connect as button in the finder window that should let you connect to that share as a different user if the default was to connect as guest. Link to comment
Ice_Black Posted July 28, 2011 Author Share Posted July 28, 2011 Windows will default to guest and not ask you for a password if you have already connected to a different share on the same server as guest. Guest did not ask me for a password, that work fine and I can access to Movies share read only. But when I attempt to add new files I expected to popup asking for username/password (for write permission). That not possible? Link to comment
prostuff1 Posted July 28, 2011 Share Posted July 28, 2011 Windows will default to guest and not ask you for a password if you have already connected to a different share on the same server as guest. Guest did not ask me for a password, that work fine and I can access to Movies share read only. But when I attempt to add new files I expected to popup asking for username/password (for write permission). That not possible? Not that I know of. I believe once Windows connects to a share/server that is the login is stays with until you disconnect and clear the logins. Link to comment
Rajahal Posted July 28, 2011 Share Posted July 28, 2011 Correct. Once you log into the server as 'guest' or any other user, you are stuck in that mode until you log out and back into Windows. This is a limitation of Windows, not unRAID. Also, the 'root' user is what allows access to the unRAID webGUI and system console. Adding a password to that user will require you to enter a password to access either the webGUI or console. I suggest adding a third user 'admin' with a password and using that one to access your shares read-only. Here's a few examples: The above share allows 'admin' read/write access and denies 'guest' all access. Guests can see the share name 'All Backups' displayed on the network, but if they try to open it they get an 'access denied' error. If you don't want guests to even see the share name, then change the export settings to export hidden. In this case neither admin nor guest will be able to see the share, but admin can access it by typing in the path exactly (or opening a shortcut or mapped drive that leads to it). The above share allows 'admin' read/write access and 'guest' (and all other users) read-only access. Link to comment
Ice_Black Posted July 28, 2011 Author Share Posted July 28, 2011 Thanks Rajahal, that work great! Just a quick question, how do you set disk1 and disk2 for admin user only? Link to comment
Rajahal Posted July 28, 2011 Share Posted July 28, 2011 Disk shares completely ignore all the user level security. There is no way to restrict access to particular disks via disk shares. If you want more security, you will have to either disable disk shares or export them as hidden. The later will foil someone casually browsing your network, but a savvy intruder might still gain access. If you want the appearance of 'disk1, disk2, etc.' in your network shares while maintaining user level security, you can create user shares named 'disk1, disk2, etc.'. Then use the included/excluded disk settings to specify which shares refer to which disks. See my 'all backups' share above for an example. If that share were named 'disk2', then it would behave just like a disk share even though it is actually a user share. Sort of a loophole approach, but it works. Another share that I find useful on my network is one that I've named 'Dropbox'. It is simply exported read/write for everyone. This allows guests on my network to drop files on my server without my granting them full read/write access to everything else on the server. I can then go in as 'admin' and move the files into the appropriate user shares if needed. Link to comment
Ice_Black Posted July 28, 2011 Author Share Posted July 28, 2011 Disk shares completely ignore all the user level security. There is no way to restrict access to particular disks via disk shares. If you want more security, you will have to either disable disk shares or export them as hidden. The later will foil someone casually browsing your network, but a savvy intruder might still gain access. If you want the appearance of 'disk1, disk2, etc.' in your network shares while maintaining user level security, you can create user shares named 'disk1, disk2, etc.'. Then use the included/excluded disk settings to specify which shares refer to which disks. See my 'all backups' share above for an example. If that share were named 'disk2', then it would behave just like a disk share even though it is actually a user share. Sort of a loophole approach, but it works. Another share that I find useful on my network is one that I've named 'Dropbox'. It is simply exported read/write for everyone. This allows guests on my network to drop files on my server without my granting them full read/write access to everything else on the server. I can then go in as 'admin' and move the files into the appropriate user shares if needed. Wow that is really bad is that Samba design or Unraid design.... Maybe it can it be done via samba config file to have admin password for disk1 and disk2? I think I will have to disable disk1, disk2 to "Dont Export' and then create some shares. Link to comment
Rajahal Posted July 28, 2011 Share Posted July 28, 2011 Possibly you can do it with a custom samba config file, I really don't know. I personally don't find disk shares to be very useful anyway, so I just export them as hidden and use user shares instead. If you ever need to do some file maintenance you can just temporarily turn disk shares on and then turn them off again afterwards. Link to comment
dimaestro Posted July 29, 2011 Share Posted July 29, 2011 Personally I'd have different accounts on the media player vs the one that copies the files. Media read only user to connect to 'share' and 'admin' to connect read/write to the share to copy files. This is ignoring disk shares, just utilizing user shares - one user having read only access, one user having read/write access to all shares. If you are like me, you have a dedicated HTPC for streaming, and just use that PC to read off the array. My setup it thus: htpc user - read only. admin account on the same win7 box - read/write. normal desktop user, (same username as admin on htpc) read/write. I've got the remote desktop hack on the HTPC - allows me to remote in from my desktop and do the commercial cuts, encoding & copying/ Link to comment
toby9999 Posted July 29, 2011 Share Posted July 29, 2011 A few observations from 5b10... * my share screen looks different to Raj's; * I can't use the sharename "disk1" (it seems to be a reserved word) - "disk 1" (with a space) works; Question: how do I set up a user share to the flash drive? When I tried specifying a disk name of "flash" or "boot", it used disk1 instead? Link to comment
dgaschk Posted July 29, 2011 Share Posted July 29, 2011 A few observations from 5b10... * my share screen looks different to Raj's; * I can't use the sharename "disk1" (it seems to be a reserved word) - "disk 1" (with a space) works; Question: how do I set up a user share to the flash drive? When I tried specifying a disk name of "flash" or "boot", it used disk1 instead? Raj has a magic server. He is running 4.7. The flash can be by clicking "flash" on the Main tab. Link to comment
toby9999 Posted August 1, 2011 Share Posted August 1, 2011 A few observations from 5b10... * my share screen looks different to Raj's; * I can't use the sharename "disk1" (it seems to be a reserved word) - "disk 1" (with a space) works; Question: how do I set up a user share to the flash drive? When I tried specifying a disk name of "flash" or "boot", it used disk1 instead? Raj has a magic server. He is running 4.7. The flash can be by clicking "flash" on the Main tab. Yep, that worked, thanks. Link to comment
coppit Posted August 12, 2011 Share Posted August 12, 2011 This isn't working for me on 5.0b8c. Here's what I did: - Create a new user called "rw" and set a password - Go to the user share. Export hidden, private security. - Set all user access to no access, except for "rw" which has read/write access. - Run "samba stop" then "samba start" When I try to map the user share from windows it keeps prompting me for the password. If I type the password, it prompts me again but converts the username from "rw" to "STORAGE\rw". (My server is named "storage"). If I create a user on unraid that has the same username and password as my windows user, it works fine. (But I don't want to do that.) Anyone know what's going on? Link to comment
prostuff1 Posted August 12, 2011 Share Posted August 12, 2011 When I try to map the user share from windows it keeps prompting me for the password. If I type the password, it prompts me again but converts the username from "rw" to "STORAGE\rw". (My server is named "storage"). Anyone know what's going on? The STORAGE\rw is probably because it is trying to connect to a domain. When you enter the UserName to log in put a "\" in front of it before putting in the name. Link to comment
Recommended Posts
Archived
This topic is now archived and is closed to further replies.