Scheduled access

[johnny121b]

The ability to set up an access schedule. 

 

For example,

 

IP address ## can only access the server from 5pm - 11pm

or

IP address ## has READ-ONLY access from 5pm - 11pm

 

Reason:

 

There are ransomware infections out there- that would be disastrous for large servers.  And while it wouldn't necessarily prevent such an infection from harming your server, it could certainly hinder it- perhaps long enough for your PC's A/V to update and 'catch' the infection in your absence. 

 

My server is on 24/7, and my PCs are sometimes on 24/7 doing tasks.  But there's very little reason my PC would need to access my server while I'm at work or while I'm asleep.  IF such an infection were to trigger in my absence, such a window could possibly save my bacon. 

 

It might also be useful for parents- to enforce time limits for their children's use. 

 

I just know I'm fearful of the hazards that I create within my own network sometimes.

[archedraft]

Interesting idea. Sort of a work around could also be create two users in unRAID (userA-RW and userA-RO) then create two windows batch scripts. One that logs into your network drives as userA-RW and a second that disconnects from the shared folders and then reconnects as userA-RO. Then with windows scheduler, setup the times for the batch files to be triggered. Not trying to say that having this built into unRAID is a bad idea but if you are worried about it in the mean time...

[johnny121b]

I like the sound of your idea.  Unfortunately, I lack the expertise to write the Windows script you propose.  I have already set up different users in UnRAID- so my fiance couldn't accidentally DELETE or DRAG/DROP something into oblivion.  However I'm no saint, so sometimes I'm the bigger hazard on my own network.  And with malware becoming increasingly sophisticated....

[archedraft]

I actually have a sample batch script that should do the trick. I'll post it here tomorrow to give you an idea about what I was talking about.

[archedraft]

Open up notepad and paste in the following and make sure you save it as a .bat file. Then use windows scheduler (or you could just run them manually, as you come home or leave).

 

UserA-Home.bat

@echo off
NET USE * /DELETE /YES
net use V: "\\192.168.1.##\Cache" /user:192.168.1.##\userA-RW password-userA-RW
net use X: "\\192.168.1.##\Media" /user:192.168.1.##\userA-RW password-userA-RW
net use Y: "\\192.168.1.##\Pictures" /user:192.168.1.##\userA-RW password-userA-RW

 

UserA-Away.bat

@echo off
NET USE * /DELETE /YES
net use V: "\\192.168.1.##\Cache" /user:192.168.1.##\userA-RO password-userA-RO
net use X: "\\192.168.1.##\Media" /user:192.168.1.##\userA-RO password-userA-RO
net use Y: "\\192.168.1.##\Pictures" /user:192.168.1.##\userA-RO password-userA-RO

[johnny121b]

Thanks for that.  I'm at work right now, but I'll give it a try this evening.

 

Let me see if I understand the syntax correctly.

 

Presuming

my server is at IP 192.168.1.100

my username is johnny

my password is mypassword.

The user share I'm addressing is 'movie'

 

To enable and disable the command lines would respectively be:

 

net use v: "\\192.168.1.100\movie" /user:192.168.1.100\johnny-RW mypassword-johnny-RW

net use v: "\\192.168.1.100\movie" /user:192.168.1.100\johnny-RO mypassword-johnny-R0

[bonienl]

Wouldn't it be more practical if access control is done on the unRAID system itself ?

 

[archedraft]

You need to make two users within the unRAID GUI and give one RW access and the other user RO access. Then:

 

IP: 192.168.1.100

username1: johnny

password1: mypassword

username2: johnny-ro

password2: mypassword-ro

The user share I'm addressing is 'movie'

 

To enable and disable the command lines would respectively be:

net use v: "\\192.168.1.100\movie" /user:192.168.1.100\johnny mypassword
net use v: "\\192.168.1.100\movie" /user:192.168.1.100\johnny-ro mypassword-ro

 

Just remember to use the "net use * /delete /yes" in between so that all the network share disconnect first.

[bonienl]

And what if a mechanism is introduced on unRAID which can set user RW or RO priviliges based on a schedule ?

 

[archedraft]

And what if a mechanism is introduced on unRAID which can set user RW or RO priviliges based on a schedule ?

 

Then you would just connect to the network drive with one user right? and at night time the user looses write access... The only issue with this approach is what happens on those few days when your up until 3 AM working on something and you loose access? Do you have to log into unRAID and then turn off that schedule? If it was me I would use the two user approach and manually run the two batch scripts. That way I never loose my rights when I am on the computer. Or I would setup a trigger (for example if I lock the computer). If computer is locked then run the RO.bat and when I log in run the RW.bat (This way you always have RW access when you are physically on the computer, but you have to remember to log off when your done).

[bonienl]

Then you would just connect to the network drive with one user right? and at night time the user looses write access... The only issue with this approach is what happens on those few days when your up until 3 AM working on something and you loose access? Do you have to log into unRAID and then turn off that schedule? If it was me I would use the two user approach and manually run the two batch scripts. That way I never loose my rights when I am on the computer. Or I would setup a trigger (for example if I lock the computer). If computer is locked then run the RO.bat and when I log in run the RW.bat (This way you always have RW access when you are physically on the computer, but you have to remember to log off when your done).

 

Good points, I was just wondering if other methods could be benefitial too, your approach is the most sound one (user is always in control).