January 26, 201214 yr Hi I am in the process of building my first unraid server. I set up some shares and started moving my media. If I enable user share security, I cannot have any guest access (no extender can access as they rely on guest access) If I don't enable share security, anybody that hacks into my wifi (which is pretty easy to do) can mess with my media or someone in the house or visiting us might accidentally mess with it. So I would like to set it up so that user shares are enabled, specific usernames have read/write access, and the same shares are still available for guest access (without a password) but only for read only access. I saw some threads about this but they were from 2009 and required script editing. Unfortunately, I am kind of a linux newb and was wondering if there is a simpler method now. Thanks
January 26, 201214 yr This reply by Joe L. suggests a very simple way to set up shares on unRaid: http://lime-technology.com/forum/index.php?topic=5147.msg47624#msg47624 Personally, I have my user-shares as read-only. My disk shares are read/write but hidden. I can write to them if I know they exist, but they do not show in any of the media players. I control where I write my data. I don't have to worry about split levels, as they don't apply to writing to disk shares. When I store a new movie I write it to \\tower\disk1\Movies. It is visible in \\tower\Movies. This still may not be sufficient for you, but it is a good starting point.
January 30, 201214 yr Author thanks for the reply, but i don't think that will work for me. I would like to keep some folders public, some private. The public ones (such as movies, tv shows,etc) would be read-only with anonymous access and read-write with user account. The private ones (photos, work files, etc.) would require white listed user account for read or write access. It is just that the wifi is so easily hacked, I would like another level of security just in case. Thanks
January 30, 201214 yr It is just that the wifi is so easily hacked, I would like another level of security just in case. Again, its not directly answering your question, but is the above quote accurate? I thought WPA/PSK had only been shown to be hackable if you use a short pass-phrase which could be found in a dictionary. If you use a sufficiently long, random, pass-phrase a hacker needs to be very determined to get into your network. Even if you are still using WEP, if you live in many areas (e.g. rural ones) , the chances of actually getting hacked are slim. But if you are still concerned, consider one of the following: http://www.nowiressecurity.com/service.htm http://www.yubico.com/ http://freeradius.org/ Can you post the links for the scripts you saw, dated 2009? I would be interested to read them.
January 31, 201214 yr Just to veer off this thread even further, here is a description on how to hack WPA on most popular consumer routers. http://null-byte.wonderhowto.com/blog/hack-wpa-wifi-passwords-by-cracking-wps-pin-0132542/
January 31, 201214 yr Security: 4.7: http://lime-technology.com/wiki/index.php?title=Un-Official_UnRAID_Manual#Security 5.0: http://lime-technology.com/forum/index.php?topic=7047.msg68278%23msg68278
February 1, 201214 yr @jonathanm Thanks for that link - I'm clearly out of date and that seems to be an amazingly stupid back-door to have left open! Thankfully, I don't have any WPS kit. @aptalca You don't say whether you are on 4.7 or 5.0, but have you explored the links given by dgaschk above? I don't have user shares enabled on my 4.7 so I can't test this, but it seems to me you ought to be able to get somewhere with the Export mode exceptions and the Valid and Non-valid Users facilities. Similarly, the Public, Secure and Private options of 5.0 could provide some of what you want. I think the problem you might have is concurrently allowing access to shares for users with no unRaid credentials along with users having credentials to access those same shares. Perhaps we would need share 'aliases' for that.
February 2, 201214 yr Author Ah sorry, I should have mentioned I am on 4.7 I have gone through the manual that dgaschk posted and I already set up security. It's just that I wanted to provide anonymous access to all devices on the network while providing read-write to certain users. For instance, a friend comes over with their kid. I want the kid to be able to access the movies, music, etc. without a password, but I also want to make sure that he doesn't accidentally delete all my movies. :-) These are the threads I found about this exact thing, but linux scripting is a little over my head, and since these are all at least 2 or 3 years old, I was hoping this functionality would be built into unmenu or something by now. I guess I'll have to do some research to figure out these scripts. http://lime-technology.com/forum/index.php?topic=2098 http://lime-technology.com/forum/index.php?topic=3542.msg43168#msg43168 http://lime-technology.com/wiki/index.php?title=FAQ#How_can_I_get_more_advanced_control_of_the_Samba_configuration.2C_users.2C_and_permissions.3F
February 2, 201214 yr ........Unfortunately, I am kind of a linux newb and was wondering if there is a simpler method now. It looks as though this hasn't been included in standard unRaid. That could be because it is a fairly simple change to apply and maybe not widely implemented, but it does mean that if you want to go down this route you will have to 'get your hands dirty'. As I see it, you will have to download the anonymous.zip script attached to thi post by Joe L.: http://lime-technology.com/forum/index.php?topic=3542.msg43168#msg43168 The bit of that post that is relevant to using the script is: To help, attached is a fixed, improved version. It automatically uses the correct samba file and it also allows you to specify the share list on the command line. That means you do not need to edit the command at all, you can simply invoke it with the "-s" parameter. Also, the original version did not properly deal with share names with spaces, dashes, or undescores (anything other than alpha) and put the guest ok in the wrong spot when there were multiple shares with the same sub-string. I have "Movies", "Movies A-D" "Movies E-J", Movies K-O", etc. It put the "guest ok" in "Movies_New" (the first share after the one I had that did not have an embedded space) When I fixed that problem it then incorrectly matched all the "Movies*" on the sub-string... I fixed that too. It now matches explicitly the share name, not just looking for it as a sub-string of the share name. I've added a few lines sent to the screen showing what it does when it does it... They will help you to know it worked as intended. The usage is: anonymous.sh or anonymous.sh -s "Movies|Pictures|TV" If you do not supply a share list using the "-s" option, it will default to "Movies|TV" You can also type anonymous.sh -v to see the current version (I made this version 1.1) The three steps to implement this are: [*]Unzip this on your Windows machine [*]Copy the extracted 'anonymous.sh' script to an appropriate directory on the unRaid flash drive [*]Add the invoking command (as described in Joe L.'s post above) to the bottom of your GO script (preceding it with a 'sleep 30' as suggested by the original developer in this post: http://lime-technology.com/forum/index.php?topic=2098.msg15554#msg15554) so that the script is re-run each time you re-boot unRaid. The two points I haven't specified are 1. What is the best directory in which to put the anonymous.sh script? and 2. How are you to cope with using putty and mc to find the go script and modify it? The first point needs someone more knowledgeable than me to advise - I would only be guessing. The second point can only really be answered by you. I think there is enough material in the forum and the Wiki to tell you how to do it (at least that's how I found out), but whether it would be wise if you are not confident and you don't have a test system to play with, is a decision you would have to make. Are there any of those step-by-step screenshot sequences or videos showing these actions? Perhaps they would be of value to newcomers if someone were to create something like that. It might also be possible that this install sequence could be added to the Package Manager in unMenu. Anyway, if you decide to go ahead - good luck.
Archived
This topic is now archived and is closed to further replies.