Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

root ans non-root users

Featured Replies

I'm writing this post because I don't quite understand unraid's policy regarding root and non-root users

 

Why impose root for the WebUI and for SSH? This is a big flaw in my opinion. For those who do a little research, they already know the user to brute-force!

 

The user could at least have the choice to disable root and choose a user instead, at least for SSH, must be able to have a choice right?

 

Not to mention that unraid does not even allow you to configure a fail2ban by default. There is a plugin, but I highly doubt its effectiveness.

 

What do you think ?

 

____________________________________________________________________________________________________________________

 

J'écris ce post car je ne comprends pas trop la politique d'unraid concernant root et les utilisateurs non-root

 

Pourquoi imposer root pour la WebUI et pour le SSH ? C'est une grosse faille selon moi. Pour celui qui se renseigne un peu, il connait déjà l'utilisateur à brute-forcer !

 

L'utilisateur pourrait au moins avoir le choix de désactiver root et choisir un utilisateur à sa place, au moins pour SSH, doit pouvoir avoir le choix non ?

 

Sans compter qu'unraid ne permet même pas de configurer un fail2ban par dafaut. Il existe un plugin, mais je doute grandement de son efficaicté.

 

Qu'en pensez-vous ?

The usual security advice with unraid is "don't expose your unraid server to the internet." There was a huge security flaw in the web UI some versions ago (< 6.8.1 according to a quick google search, don't quote me on that), and the devs said something along the line of "Yeah we fixed it but unraid is an appliance so it's ok"...

The worst part is not that there is a default "root" user, but everything runs under root. If there is a security issue with any of the programs running on your unraid machine, full acces for the attacker.

In short, use a vpn server to access your local network.

 

With that said, if your root user has a strong-enough password, brute-forcing is not an attack vector at all. Changing the root username is just security by obscurity, which doesn't work if someone really wants to hack you.

  • Author

Tank's for information !

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.