Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Users, Permissions, Shares, and VMs: Best Practices

Featured Replies

Sooo I probably wasn't running all that secure in the first place since I only had the stock root user and all my shares were "Public".  But my attitude was (is) that anything available on a share is nothing I need to be protecting.  That is, movies, tv shows, music, torrents.  The day may come when I want to control access to one of my shares, but even then they first have to get on my network and guests only get access via my segregated guest network.  Sure someone with a laptop could plug-in or hack my main wifi but at this point that just isn't an attack vector I'm concerned about.  And again, all shared data is non-private.  I'm also not worried about my SO getting in there and deleting anything by accident.

 

Now that I'm playing about with VMs I'm left wondering if I really have a need to create a user for sharing out my SMB shares to my VM which will be running Plex just like I was before.

 

Can anyone tell me why I should make my shares "Private" and then create a user for my VM to use for access?

 

Similarly what about for my torrent client?  Right now I run a client on my PC which downloads locally and then moves when done over SMB onto a torrents share.  In my VM I'd basically do the exact same thing though I'd probably just download directly to the share.  Still, is there any good reason to bother going "Private" and creating a user for that?

 

So I know my question is geared towards me, but I'm guessing this is a topic others might find useful to read about in a single thread so please feel free to wax eloquent.

Tbh, this is a matter of personal preference. With NAS storage generally (unless you're involving VPN or other internet facing SSH type services) its LAN access only. An attack vector which you've suggested isn't a concern for you. Personally, I follow your thinking.

 

If it ain't broke, don't fix it.

 

If, however, you are going to be running services on a VM which are internet accessible then if an attacker gained access to the VM then bear in mind the share security wouldn't do anything as the app they're exploiting almost definitely already has access to the shares anyway.

 

Sent from my Nexus 5 using Tapatalk

 

 

  • Author

Tbh, this is a matter of personal preference. With NAS storage generally (unless you're involving VPN or other internet facing SSH type services) its LAN access only. An attack vector which you've suggested isn't a concern for you. Personally, I follow your thinking.

 

If it ain't broke, don't fix it.

 

If, however, you are going to be running services on a VM which are internet accessible then if an attacker gained access to the VM then bear in mind the share security wouldn't do anything as the app they're exploiting almost definitely already has access to the shares anyway.

 

Sent from my Nexus 5 using Tapatalk

 

Yup I'm with you.  But for my own understanding ... why wouldn't share security help if I at least had it read only?  That is to say, at least they couldn't destroy my library, though they could of course copy everything.

 

In either case though, thanks.  Seems like I'll just keep trucking on. 

Read only as you say would prevent destruction of the library but that is all.

 

Sent from my Nexus 5 using Tapatalk

 

 

  • Author

Wait ... [scratching head] ... dang it well Plex and transmission are "internet facing" as will be crashplan (not running it yet but plan on it) ...

 

So what is there to do then?  I mean in the end, as you say, the VM has at least read access to my shares.  I guess that's just a risk I have to take and a reason to make sure I keep my VM tight and updated.

 

With crashplan it sound like I should maybe run a separate VM because that data (which isn't on the server yet) I would only want share accessible to crashplan and not subject to any plex or torrent vulnerabilities.  Sound about right?  What am I missing?

Archived

This topic is now archived and is closed to further replies.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.