How do I make some shares private / read only?


Recommended Posts

How do I make some shares private and read only?

 

I am surprise this can't be setup via unRAID Server  (/tower) site.

 

This is what I am trying to do:

 

 

Read Only for guest without password... (Only root/admin can delete and upload - it should popup to enter username/password)

\\TOWER\Movies

 

 

Only root/admin can access to Document, it should popup to enter username/password

\\TOWER\Document

 

Link to comment

I could not get to work how I wanted.

 

On the Settings tab:

 

Share security: User Level

 

 

Users tabs:

 

I have created "guest" account without password

 

also set a new password for "root" account.

 

 

 

 

Shares tab:

(User shares)

 

I have a "Movies" share (//tower/Movies), I want only root account to be able to upload and delete.  Guest can view "Movies" share without password/login but they cant delete/update (only view).

 

I can see the label called "Export (SMB)" but I want 'Export read/write' for root account and 'Export read-only' for guest account.  How do I set this up?

 

 

Link to comment

Update:

 

I have modify smb-shares.conf file and reload samba

 

[Movies]
        path = /mnt/user/Movies
        browsable = yes
        public = yes
        writable = no
        write list = root
        guest ok = yes

 

Now I can access to Movies share as guest but when I try to add new file I get an error saying: "You need permission to perform this action"

 

I expected username/password to popup but it didn't, how to fix this?

Link to comment

bump ...

 

???

Windows will default to guest and not ask you for a password if you have already connected to a different share on the same server as guest.

 

On OS X there is a connect as button in the finder window that should let you connect to that share as a different user if the default was to connect as guest.

Link to comment

Windows will default to guest and not ask you for a password if you have already connected to a different share on the same server as guest.

 

Guest did not ask me for a password, that work fine and I can access to Movies share read only.  But when I attempt to add new files I expected to popup asking for username/password (for write permission).  That not possible?

Link to comment

Windows will default to guest and not ask you for a password if you have already connected to a different share on the same server as guest.

 

Guest did not ask me for a password, that work fine and I can access to Movies share read only.  But when I attempt to add new files I expected to popup asking for username/password (for write permission).  That not possible?

 

Not that I know of.

 

I believe once Windows connects to a share/server that is the login is stays with until you disconnect and clear the logins.

Link to comment

Correct.  Once you log into the server as 'guest' or any other user, you are stuck in that mode until you log out and back into Windows.  This is a limitation of Windows, not unRAID.

 

Also, the 'root' user is what allows access to the unRAID webGUI and system console.  Adding a password to that user will require you to enter a password to access either the webGUI or console.  I suggest adding a third user 'admin' with a password and using that one to access your shares read-only.  Here's a few examples:

 

lVYzX.png

 

The above share allows 'admin' read/write access and denies 'guest' all access.  Guests can see the share name 'All Backups' displayed on the network, but if they try to open it they get an 'access denied' error.  If you don't want guests to even see the share name, then change the export settings to export hidden.  In this case neither admin nor guest will be able to see the share, but admin can access it by typing in the path exactly (or opening a shortcut or mapped drive that leads to it).

 

GNQjq.png

 

The above share allows 'admin' read/write access and 'guest' (and all other users) read-only access.

Link to comment

Disk shares completely ignore all the user level security.  There is no way to restrict access to particular disks via disk shares.  If you want more security, you will have to either disable disk shares or export them as hidden.  The later will foil someone casually browsing your network, but a savvy intruder might still gain access.

 

If you want the appearance of 'disk1, disk2, etc.' in your network shares while maintaining user level security, you can create user shares named 'disk1, disk2, etc.'.  Then use the included/excluded disk settings to specify which shares refer to which disks.  See my 'all backups' share above for an example.  If that share were named 'disk2', then it would behave just like a disk share even though it is actually a user share.  Sort of a loophole approach, but it works.

 

Another share that I find useful on my network is one that I've named 'Dropbox'.  It is simply exported read/write for everyone.  This allows guests on my network to drop files on my server without my granting them full read/write access to everything else on the server.  I can then go in as 'admin' and move the files into the appropriate user shares if needed.

Link to comment

Disk shares completely ignore all the user level security.  There is no way to restrict access to particular disks via disk shares.  If you want more security, you will have to either disable disk shares or export them as hidden.  The later will foil someone casually browsing your network, but a savvy intruder might still gain access.

 

If you want the appearance of 'disk1, disk2, etc.' in your network shares while maintaining user level security, you can create user shares named 'disk1, disk2, etc.'.  Then use the included/excluded disk settings to specify which shares refer to which disks.  See my 'all backups' share above for an example.  If that share were named 'disk2', then it would behave just like a disk share even though it is actually a user share.  Sort of a loophole approach, but it works.

 

Another share that I find useful on my network is one that I've named 'Dropbox'.  It is simply exported read/write for everyone.  This allows guests on my network to drop files on my server without my granting them full read/write access to everything else on the server.  I can then go in as 'admin' and move the files into the appropriate user shares if needed.

 

Wow that is really bad  :o  is that Samba design or Unraid design.... Maybe it can it be done via samba config file to have admin password for disk1 and disk2?

 

I think I will have to disable disk1, disk2 to "Dont Export' and then create some shares.

Link to comment

Possibly you can do it with a custom samba config file, I really don't know.  I personally don't find disk shares to be very useful anyway, so I just export them as hidden and use user shares instead.  If you ever need to do some file maintenance you can just temporarily turn disk shares on and then turn them off again afterwards.

Link to comment

Personally I'd have different accounts on the media player vs the one that copies the files. Media read only user to connect to 'share' and 'admin' to connect read/write to the share to copy files.

 

This is ignoring disk shares, just utilizing user shares - one user having read only access, one user having read/write access to all shares. If you are like me, you have a dedicated HTPC for streaming, and just use that PC to read off the array.

 

My setup it thus: htpc user - read only. admin account on the same win7 box - read/write. normal desktop user, (same username as admin on htpc) read/write. I've got the remote desktop hack on the HTPC - allows me to remote in from my desktop and do the commercial cuts, encoding & copying/

 

 

Link to comment

A few observations from 5b10...

 

* my share screen looks different to Raj's;

* I can't use the sharename "disk1" (it seems to be a reserved word) - "disk 1" (with a space) works;

 

Question: how do I set up a user share to the flash drive?  When I tried specifying a disk name of "flash" or "boot", it used disk1 instead?

Link to comment

A few observations from 5b10...

 

* my share screen looks different to Raj's;

* I can't use the sharename "disk1" (it seems to be a reserved word) - "disk 1" (with a space) works;

 

Question: how do I set up a user share to the flash drive?  When I tried specifying a disk name of "flash" or "boot", it used disk1 instead?

 

Raj has a magic server. He is running 4.7.

 

The flash can be by clicking "flash" on the Main tab.

Link to comment

A few observations from 5b10...

 

* my share screen looks different to Raj's;

* I can't use the sharename "disk1" (it seems to be a reserved word) - "disk 1" (with a space) works;

 

Question: how do I set up a user share to the flash drive?  When I tried specifying a disk name of "flash" or "boot", it used disk1 instead?

 

Raj has a magic server. He is running 4.7.

 

The flash can be by clicking "flash" on the Main tab.

 

Yep, that worked, thanks.

Link to comment
  • 2 weeks later...

This isn't working for me on 5.0b8c. Here's what I did:

 

- Create a new user called "rw" and set a password

- Go to the user share. Export hidden, private security.

- Set all user access to no access, except for "rw" which has read/write access.

- Run "samba stop" then "samba start"

 

When I try to map the user share from windows it keeps prompting me for the password. If I type the password, it prompts me again but converts the username from "rw" to "STORAGE\rw". (My server is named "storage").

 

If I create a user on unraid that has the same username and password as my windows user, it works fine. (But I don't want to do that.)

 

Anyone know what's going on?

Link to comment

When I try to map the user share from windows it keeps prompting me for the password. If I type the password, it prompts me again but converts the username from "rw" to "STORAGE\rw". (My server is named "storage").

 

Anyone know what's going on?

The STORAGE\rw is probably because it is trying to connect to a domain.  When you enter the UserName to log in put a "\" in front of it before putting in the name.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.