johnny121b Posted January 6, 2016 Share Posted January 6, 2016 The ability to set up an access schedule. For example, IP address ## can only access the server from 5pm - 11pm or IP address ## has READ-ONLY access from 5pm - 11pm Reason: There are ransomware infections out there- that would be disastrous for large servers. And while it wouldn't necessarily prevent such an infection from harming your server, it could certainly hinder it- perhaps long enough for your PC's A/V to update and 'catch' the infection in your absence. My server is on 24/7, and my PCs are sometimes on 24/7 doing tasks. But there's very little reason my PC would need to access my server while I'm at work or while I'm asleep. IF such an infection were to trigger in my absence, such a window could possibly save my bacon. It might also be useful for parents- to enforce time limits for their children's use. I just know I'm fearful of the hazards that I create within my own network sometimes. Quote Link to comment
archedraft Posted January 6, 2016 Share Posted January 6, 2016 Interesting idea. Sort of a work around could also be create two users in unRAID (userA-RW and userA-RO) then create two windows batch scripts. One that logs into your network drives as userA-RW and a second that disconnects from the shared folders and then reconnects as userA-RO. Then with windows scheduler, setup the times for the batch files to be triggered. Not trying to say that having this built into unRAID is a bad idea but if you are worried about it in the mean time... Quote Link to comment
johnny121b Posted January 7, 2016 Author Share Posted January 7, 2016 I like the sound of your idea. Unfortunately, I lack the expertise to write the Windows script you propose. I have already set up different users in UnRAID- so my fiance couldn't accidentally DELETE or DRAG/DROP something into oblivion. However I'm no saint, so sometimes I'm the bigger hazard on my own network. And with malware becoming increasingly sophisticated.... Quote Link to comment
archedraft Posted January 7, 2016 Share Posted January 7, 2016 I actually have a sample batch script that should do the trick. I'll post it here tomorrow to give you an idea about what I was talking about. Quote Link to comment
archedraft Posted January 7, 2016 Share Posted January 7, 2016 Open up notepad and paste in the following and make sure you save it as a .bat file. Then use windows scheduler (or you could just run them manually, as you come home or leave). UserA-Home.bat @echo off NET USE * /DELETE /YES net use V: "\\192.168.1.##\Cache" /user:192.168.1.##\userA-RW password-userA-RW net use X: "\\192.168.1.##\Media" /user:192.168.1.##\userA-RW password-userA-RW net use Y: "\\192.168.1.##\Pictures" /user:192.168.1.##\userA-RW password-userA-RW UserA-Away.bat @echo off NET USE * /DELETE /YES net use V: "\\192.168.1.##\Cache" /user:192.168.1.##\userA-RO password-userA-RO net use X: "\\192.168.1.##\Media" /user:192.168.1.##\userA-RO password-userA-RO net use Y: "\\192.168.1.##\Pictures" /user:192.168.1.##\userA-RO password-userA-RO Quote Link to comment
johnny121b Posted January 7, 2016 Author Share Posted January 7, 2016 Thanks for that. I'm at work right now, but I'll give it a try this evening. Let me see if I understand the syntax correctly. Presuming my server is at IP 192.168.1.100 my username is johnny my password is mypassword. The user share I'm addressing is 'movie' To enable and disable the command lines would respectively be: net use v: "\\192.168.1.100\movie" /user:192.168.1.100\johnny-RW mypassword-johnny-RW net use v: "\\192.168.1.100\movie" /user:192.168.1.100\johnny-RO mypassword-johnny-R0 Quote Link to comment
bonienl Posted January 7, 2016 Share Posted January 7, 2016 Wouldn't it be more practical if access control is done on the unRAID system itself ? Quote Link to comment
archedraft Posted January 7, 2016 Share Posted January 7, 2016 You need to make two users within the unRAID GUI and give one RW access and the other user RO access. Then: IP: 192.168.1.100 username1: johnny password1: mypassword username2: johnny-ro password2: mypassword-ro The user share I'm addressing is 'movie' To enable and disable the command lines would respectively be: net use v: "\\192.168.1.100\movie" /user:192.168.1.100\johnny mypassword net use v: "\\192.168.1.100\movie" /user:192.168.1.100\johnny-ro mypassword-ro Just remember to use the "net use * /delete /yes" in between so that all the network share disconnect first. Quote Link to comment
bonienl Posted January 7, 2016 Share Posted January 7, 2016 And what if a mechanism is introduced on unRAID which can set user RW or RO priviliges based on a schedule ? Quote Link to comment
archedraft Posted January 7, 2016 Share Posted January 7, 2016 And what if a mechanism is introduced on unRAID which can set user RW or RO priviliges based on a schedule ? Then you would just connect to the network drive with one user right? and at night time the user looses write access... The only issue with this approach is what happens on those few days when your up until 3 AM working on something and you loose access? Do you have to log into unRAID and then turn off that schedule? If it was me I would use the two user approach and manually run the two batch scripts. That way I never loose my rights when I am on the computer. Or I would setup a trigger (for example if I lock the computer). If computer is locked then run the RO.bat and when I log in run the RW.bat (This way you always have RW access when you are physically on the computer, but you have to remember to log off when your done). Quote Link to comment
bonienl Posted January 8, 2016 Share Posted January 8, 2016 Then you would just connect to the network drive with one user right? and at night time the user looses write access... The only issue with this approach is what happens on those few days when your up until 3 AM working on something and you loose access? Do you have to log into unRAID and then turn off that schedule? If it was me I would use the two user approach and manually run the two batch scripts. That way I never loose my rights when I am on the computer. Or I would setup a trigger (for example if I lock the computer). If computer is locked then run the RO.bat and when I log in run the RW.bat (This way you always have RW access when you are physically on the computer, but you have to remember to log off when your done). Good points, I was just wondering if other methods could be benefitial too, your approach is the most sound one (user is always in control). Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.