dogdog Posted May 3, 2015 Share Posted May 3, 2015 I am using unRAIDServer-6.0-beta15-x86_64 with MacBook running Yosemite. I have some general queries to which I cannot find definitive answers on the web. These are: 1) SMB Security Settings – Export (a) If Export set to “No” then nothing can access the disk/flash/share – correct?? (b) If Export set to “Yes (hidden)” - how would I access disk/flash/share from my Mac if I know its name?? 2) My array is just two disks – one as Parity and the other as Disk1. I am just using unRAID to backup from my Mac. Then: (a) There is no point creating Shares – correct?? Any disadvantages/problems in not creating shares?? (b) There is no point creating other users (still have root) – correct?? © Root has full read/write privileges on unRAID by default – correct?? (On Dashboard Tab under Users there are dashes under Read and Write for root user??] (d) I can run backup tasks using root login to give access to unRAID – correct?? Any disadvantages/problems doing this?? 3) If the disks have spun down – time elapsed under “Default spin down delay” – will the disks automatically spin up if backup app on Mac seeks to access unRAID?? Many thanks. Link to comment
itimpi Posted May 3, 2015 Share Posted May 3, 2015 (b) There is no point creating other users (still have root) – correct?? © Root has full read/write privileges on unRAID by default – correct?? (On Dashboard Tab under Users there are dashes under Read and Write for root user??] (d) I can run backup tasks using root login to give access to unRAID – correct?? Any disadvantages/problems doing this?? No - you cannot use the root user to access shares. For security reasons root is prohibited from accessing shares across the network. If you do not want public access to the shares then you will need to set up users in unRAID and then specify the level of access to the shares you want to allow for each user. Link to comment
trurl Posted May 3, 2015 Share Posted May 3, 2015 I am using unRAIDServer-6.0-beta15-x86_64 with MacBook running Yosemite. I have some general queries to which I cannot find definitive answers on the web.All of these are answered in the wiki. Configuration Tutorial UnRAID Manual 6 Official Documentation Unofficial Documentation Most of the general principles are unchanged from previous versions. These are: 1) SMB Security Settings – Export (a) If Export set to “No” then nothing can access the disk/flash/share – correct?? correct (b) If Export set to “Yes (hidden)” - how would I access disk/flash/share from my Mac if I know its name?? Never used a Mac, but in Windows, I just enter the path. For example, \\tower\flash is the flash, \\tower\disk1 is disk1, \\tower\myshare is myshare. Substitute your server name for tower if you have given it a different name. Probably on Mac it would use / instead of \, like //tower/flash. 2) My array is just two disks – one as Parity and the other as Disk1. I am just using unRAID to backup from my Mac. Then: (a) There is no point creating Shares – correct?? Any disadvantages/problems in not creating shares?? You can have greater control over security if you have multiple users if you make multiple shares. Also, when you add other disks, shares allow you to span drives. There are additional configuration options for shares once you begin to take advantage of spanning, such as allocation method, split level, caching. (b) There is no point creating other users (still have root) – correct??Technically, root user doesn't have any specific network access to files. If you are accessing them by logging in with root, you are really just taking advantage of the fact that you have everything set up with Public access by default, so any login would work. © Root has full read/write privileges on unRAID by default – correct?? (On Dashboard Tab under Users there are dashes under Read and Write for root user??No, see above (d) I can run backup tasks using root login to give access to unRAID – correct?? Any disadvantages/problems doing this?? If you are going to let everything default to Public access, then any user will do. Even users that have not been created on unRAID. 3) If the disks have spun down – time elapsed under “Default spin down delay” – will the disks automatically spin up if backup app on Mac seeks to access unRAID??Disks spin up as needed. Many thanks. NP Link to comment
Frank1940 Posted May 3, 2015 Share Posted May 3, 2015 I am using unRAIDServer-6.0-beta15-x86_64 with MacBook running Yosemite. I have some general queries to which I cannot find definitive answers on the web. These are: (b) There is no point creating other users (still have root) – correct?? © Root has full read/write privileges on unRAID by default – correct?? (On Dashboard Tab under Users there are dashes under Read and Write for root user??] While I have not looked at the samba.conf file on version 6, the earlier versions sets up an account for 'guest' (which has FULL read/write privileges in 'World' group') which requires no login or password when the 'Public' (the default) settings were applied to either a disk or user share. This allow anyone to access that samba (or NFS for that) share without any login action on their end. The assumption that has been made is that unRAID is being used in a secure environment with only trusted users. That same file blocks 'root' as a valid user! So if you attempt to login on as 'root', you will be denied. (NOTE: this assumes you have set up the share or disk share as something besides Public.) You can change this behavior by changing the SMB Security settings for the user share under the 'Shares' tab and for shared disks by clicking on the disk name under the Device column on the Main tab , and changing the SMB Secutiy Settings. With version 6, if you turn 'Help' on, you will be provided some guidance in setting things up. Link to comment
dogdog Posted May 3, 2015 Author Share Posted May 3, 2015 Many thanks for the posts - all very helpful. Just a couple of clarifications: 1) If I access Disk on unRAID over LAN using root to login then (i) if Disk is set to either Secure or Private then root will have no write access - correct?? Can I give root write access for either Secure or Private; (ii) if Disk is set to Secure then any user (including root) will have read access - correct?? (iii) if Disk is set to Private is there a way to give root read access?? 2) Is there a way to view contents of Parity disk?? Perhaps there is never a need to do so?? Many thanks. Link to comment
trurl Posted May 3, 2015 Share Posted May 3, 2015 Many thanks for the posts - all very helpful. Just a couple of clarifications: 1) If I access Disk on unRAID over LAN using root to login then (i) if Disk is set to either Secure or Private then root will have no write access - correct?? Can I give root write access for either Secure or Private; (ii) if Disk is set to Secure then any user (including root) will have read access - correct?? (iii) if Disk is set to Private is there a way to give root read access?? 2) Is there a way to view contents of Parity disk?? Perhaps there is never a need to do so?? Many thanks. As said before, root technically has no access to files over the network. Create some users other than root. Create some shares. Go to the shares page into the security settings. You will find that all of the users except root appear there, and you can set the security settings for each of those users for that share. Or, don't create any shares. Just click on a disk from the Main page, and you can set security for that disk. You will see that all users except root appear on the page, and you can set security for any of them for that disk. You cannot give root access to anything. It is basically just using anonymous access if you try to login as root to access files over the network. The root user is really just meant for securing telnet, ssh, and the webGUI. Why do you want to use root for this? The parity disk does not actually contain a filesystem, so there is nothing to view but bits, nothing built-in to do so, and no reason to do so. I don't think it is even partitioned or mountable. Link to comment
Frank1940 Posted May 3, 2015 Share Posted May 3, 2015 Many thanks for the posts - all very helpful. Just a couple of clarifications: 1) If I access Disk on unRAID over LAN using root to login then (i) if Disk is set to either Secure or Private then root will have no write access - correct?? Can I give root write access for either Secure or Private; (ii) if Disk is set to Secure then any user (including root) will have read access - correct?? (iii) if Disk is set to Private is there a way to give root read access?? 2) Is there a way to view contents of Parity disk?? Perhaps there is never a need to do so?? Many thanks. Basically , the 'latest' security protocol specify that the superuser (root, in the case of unRAID) account is used ONLY for the propose of administering the underlying OS and the hardware. All data files access is done through normal user access. This is to prevent a number of security issues some of which are not completely intuitive. So basically the current thought is that all superusers have to have two accounts -- one with superuser privileges and a normal user account to do his other tasks. unRAID has adopted this new viewpoint. Link to comment
bonienl Posted May 3, 2015 Share Posted May 3, 2015 It is possible to see the content of any disk or user share from within the webGUI. This means as user 'root' it is always possible to view the content on the server regardless of the security settings for ordinary users. Link to comment
Frank1940 Posted May 3, 2015 Share Posted May 3, 2015 It is possible to see the content of any disk or user share from within the webGUI. This means as user 'root' it is always possible to view the content on the server regardless of the security settings for ordinary users. If you come in via Telnet or some other secure shell access than you can log on as root and via the command line have access all the files on the server. (Be very, very careful doing file manipulations via the command line because it is very easy to reek havoc!!!) It is just though the shares via SMB, NFS and, probably, AFP that root is extruded. (I am strictly a Windows user with a number of devices (including unRAID) that run on Linux. The Apple world is completely foreign to me!) Link to comment
bonienl Posted May 3, 2015 Share Posted May 3, 2015 From a telnet session I use midnight commander (mc) to do file copies, this at least gives more 'visual' feedback of what your doing, but yeah with power comes responsibility, and it is easy to make mistakes Link to comment
Recommended Posts
Archived
This topic is now archived and is closed to further replies.