Use of unraid in company?

[Koperfild]

Hi,

some time ago I built an unraid-based file server for a small company, which consisted that time of three people. Now, it has grown bigger and the executive demanded new features. Instead of simple sharing of disk1 he wants password-secured shares with ability to trace activity on them. I tried to figure out how to do that tracing, but i don't have such an experience in UNIX. Can you help me?

 

Having written this topic I'd like to ask some questions.

If you log to the server as someone who's got limited privileges and want to re-log, how can you do this without unloging from windows (it remembers the session and doesn't ask another time for username when you access a share)?

Is there any way you can manage object's privileges from within windows computer? When I open 'properties' of an object located on unraid server and try to change privileges it doesn't work. They seem incompatible.

[prostuff1]

Hi,

some time ago I built an unraid-based file server for a small company, which consisted that time of three people. Now, it has grown bigger and the executive demanded new features. Instead of simple sharing of disk1 he wants password-secured shares with ability to trace activity on them. I tried to figure out how to do that tracing, but i don't have such an experience in UNIX. Can you help me?

 

Having written this topic I'd like to ask some questions.

If you log to the server as someone who's got limited privileges and want to re-log, how can you do this without unloging from windows (it remembers the session and doesn't ask another time for username when you access a share)?

Is there any way you can manage object's privileges from within windows computer? When I open 'properties' of an object located on unraid server and try to change privileges it doesn't work. They seem incompatible.

 

Active Directory support has been added to unRAID so you probably want to read up on that.

 

Setting up user-shares will allow you to control read/write access for specific users.  I set up all of my user-shares as read-only but make an exception for myself.  This will work for a work environment, you will just have to mess with adding users and that kind of stuff. Also, check out the inotify thread in here to get an idea on how to set up watches for certain directories.  This is obviously not as clean as it could be but it does work.  I have it set up like the thread describes and it logs all the access to the specified files.  I am sure there could be some refining done, but i just don't have the knowledge/time right now.

[Koperfild]

Active Directory support has been added to unRAID so you probably want to read up on that.

I know, but the computers do not belong to any domain and there is no windows server in the company. As far as I know unraid does not intagrate AD server. It acts as a client. Am I right?

[prostuff1]

Active Directory support has been added to unRAID so you probably want to read up on that.

I know, but the computers do not belong to any domain and there is no windows server in the company. As far as I know unraid does not intagrate AD server. It acts as a client. Am I right?

 

You are correct, there would need to some other structure set up to use the AD part of unRAID.  You best bet then sounds like it would be to set up and use user-shares and go about doing the management that way.

[Koperfild]

Thanks for your answears prostuff. Can you help me with this issue? It is the major question now:

 

"If you log to the server as someone who's got limited privileges and want to re-log, how can you do this without unloging from windows (it remembers the session and doesn't ask another time for username when you access a share)?"

[jetkins]

If you log to the server as someone who's got limited privileges and want to re-log, how can you do this without unloging from windows (it remembers the session and doesn't ask another time for username when you access a share)?

You can only have one set of credentials in use for a particular server at any given time.  You must disconnect all you mapped drives on the unRAID server before you can connect to any with a different user name.

 

Once they're all disconnected, the "map network drive" dialog should have a link to connect using a different user name.  If Windows complains that other credentials are already in use, then you can check what connections you may have missed with a net use command:

C:\>net use

Status       Local     Remote                    Network
-------------------------------------------------------------------------------
             X:        \\tower\media             Microsoft Windows Network
                       \\tower\backups           Microsoft Windows Network
The command completed successfully.

You can then disconnect them with net use [resource] /delete commands:

C:\>net use \\tower\backups /delete
\\tower\backups was deleted successfully.

C:\>net use x: /delete
x: was deleted successfully.

Once all your connections are cleared, try the "connect as a different user" dialog again.

[prostuff1]

If you log to the server as someone who's got limited privileges and want to re-log, how can you do this without unloging from windows (it remembers the session and doesn't ask another time for username when you access a share)?

You can only have one set of credentials in use for a particular server at any given time.  You must disconnect all you mapped drives on the unRAID server before you can connect to any with a different user name.

 

Once they're all disconnected, the "map network drive" dialog should have a link to connect using a different user name.  If Windows complains that other credentials are already in use, then you can check what connections you may have missed with a net use command:

C:\>net use

Status       Local     Remote                    Network
-------------------------------------------------------------------------------
             X:        \\tower\media             Microsoft Windows Network
                       \\tower\backups           Microsoft Windows Network
The command completed successfully.

You can then disconnect them with net use [resource] /delete commands:

C:\>net use \\tower\backups /delete
\\tower\backups was deleted successfully.

C:\>net use x: /delete
x: was deleted successfully.

Once all your connections are cleared, try the "connect as a different user" dialog again.

 

Thanks for being so complete with the instructions.  I do not have a Windows machine hence the reason I could not quite get the answer.  My suggestion to you Koperfild would be to make some sort of batch script that will disconnect all drives and mappings and then reconnect the mappings with different credentials.

[ReneV]

This is probably not what you want, but it would be an excellent means of keeping track of access:

 

Set up a versioning server (subversion, or whatever you prefer) on a machine other than the unRAID server and make it the only machine that can access the shares on the unRAID server.

 

This would force people to explicitly checkout, update, and commit files, and both the person doing the change and the actual change would be explicitly recorded and be readily available for inspection. Additionally, this would make it straightforward to see what exact content was offered up when anyone inspects a new copy of a given document. It's also straightforward to set up post-commit hooks and similar if there are people that need to be kept informed of changes to specific (groups of) documents.

 

(Of course, being a versioning server, old versions of documents would also be kept automatically, people would work on non-master copies, and so on.)