Aeloth Posted February 23 Share Posted February 23 What permissions should the /mnt folder have?? I'm solving one container where I want it to have access to /mnt and I currently have the permissions (see image). And I don't want a security problem. Quote Link to comment
itimpi Posted February 23 Share Posted February 23 That looks non-standard so something must be changing it. It normally has owner and group both as 'root'. All folders directly under / should have the same permissions in my experience. You could try booting in Safe Mode and checking again. That would tell you if a plugin is changing it. Quote Link to comment
Aeloth Posted February 23 Author Share Posted February 23 I don't have the option to run in safe mode at the moment, that won't happen until tomorrow/the day after. However, shouldn't it be a problem to change them now?? chgrp root /mnt && chown root /mnt Quote Link to comment
Frank1940 Posted February 23 Share Posted February 23 @itimpi and @Aeloth, I do know that Dockers can be setup to run with root privileges. I did it with binhex-Krusader and the method to do so is posted as a "Recommended Posts' in the support thread. (I not longer use that Docker container since the introduction of Dynamix File Manager plugin.) And, of course, it is possible to setup a Docker container to have access to the root of the Unraid file system. (Doing so should be done only by the actual Administrator of the individual server who realizes the risks involved. Hopefully, there is not a Docker container being distributed via the Apps plugin that does so without that Administrator's knowledge! I would class that container as Malware...) Quote Link to comment
Aeloth Posted February 23 Author Share Posted February 23 The change may have been historical, to me it was a container that is not in Apps but in dockerhub, it is a container that should help with backups using Veeam but I need it to have access to /mnt to be able to backup to unassigned drives. However I was struggling with the container not wanting to mount /mnt, eventually solved by reinstalling the container. But I fixed the permissions on /mnt as they should be and so far no container or plugin has changed it. I hope it's ok now. Quote Link to comment
Frank1940 Posted February 23 Share Posted February 23 (edited) 27 minutes ago, Aeloth said: it is a container that should help with backups using Veeam but I need it to have access to /mnt to be able to backup to unassigned drives. Set up the container to run with root privileges. (If you do so, in the interest of security, I would put a strong password on the container GUI and start-and-stop the container when its use was required.) Here is the way I once did this: https://forums.unraid.net/topic/71764-support-binhex-krusader/page/17/#comment-780475 Edited February 23 by Frank1940 Quote Link to comment
Aeloth Posted February 23 Author Share Posted February 23 This container doesn't have any GUI, if you want to look at it, it's pk1057/veeam12 on DockerHub. I have Root Privileges set, I have strong passwords there too, hopefully that will be enough, the container will only work on a local network in a home environment. Quote Link to comment
Aeloth Posted February 23 Author Share Posted February 23 Is it possible to use permissions like this in a container?? PUID=99 PGID=100 I don't really understand this yet. Quote Link to comment
Frank1940 Posted February 23 Share Posted February 23 2 minutes ago, Aeloth said: Is it possible to use permissions like this in a container?? PUID=99 PGID=100 I don't really understand this yet. Yes those variables are the 'numbers' for nobody (=99) and users group (=100). This should allow to do anything you want to the resources under /mnt It is not the container that is the only security problem. It is the fact that now all of the members of the users group now have access back to the root of the file system as well as the anonymous user-- nobody. This is called an "elevation of privileges" in security language. Some of us run our Unraid servers in a secured environment so this is not a big security issue unless one of the client computers is compromised. 1 Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.