March 23, 200719 yr I would like to tear down an old MS server, but I need to be able to create users with private directories. I dont need different variations of security levels, just completely private libraries. Wife and two teenage girls want to keep their stuff, pictures, essays, diaries, etc. private :-) Is it part of future development or has anyone implemented it as a tweak. Is is possible to make a few lines in the go script as a solution ? /Rene
March 23, 200719 yr You could use user shares and keep them hidden. So for your top level directories have Wife, Daughter, Daughter2. And then in there windows profiles map only their hidden shares to their accounts and don't tell the others what the path to the other shares are.
March 23, 200719 yr I would like to tear down an old MS server, but I need to be able to create users with private directories. I dont need different variations of security levels, just completely private libraries. Wife and two teenage girls want to keep their stuff, pictures, essays, diaries, etc. private :-) Is it part of future development or has anyone implemented it as a tweak. Is is possible to make a few lines in the go script as a solution ? /Rene You could make a copy of the samba configuration file /etc/samba/smb.shares, edit it for the security you desire, and then save it on your USB flash. Then, add three lines to your "go" script at its end. /root/samba stop cp /boot/smb.shares /etc/samba/smb.shares /root/samba start You will need to read up on SMB configuration, but odds are there are examples on the web somewhere. Also, this does not solve a major snag to the plan. You daughters could telnet to the server, log in without a password, and get directly to any of the files. Once logged on, they could edit the smb.shares file and restart the samba server and then get to their sister's files via windows. You can slow them down by adding a temporary root password. It will be in effect until the server is rebooted, then it will revert to no password. To add a root password, log in via telnet and type; passwd root Joe L. Tom really needs to address basic security.
March 23, 200719 yr One more thing... Since the smb.shares file is re-created every time the re-scan button is pressed on the web-interface, this will undo anything you do in the "go" script. Don't tell your daughters about the admin web-page. (Tom, The web-admin page needs a password too)
March 23, 200719 yr The security update will include the ability to tag directories with their owner & owner could decide not to grant read privilege to anyone except themselves. But this will not prevent password guessing! You could get them a folder encryption program, but then even you wouldn't be able to snoop
March 23, 200719 yr The security update will include the ability to tag directories with their owner & owner could decide not to grant read privilege to anyone except themselves. Is this something that is in the current beta release of unRAID, or is this something you have planned for a future release ? Excuse the newb question
March 24, 200719 yr modified the smb.shares and added a HARRY section and put it on the flash key. [harry] path = /mnt/disk1/home/harry in the go script I added: /root/samba stop cp /boot/smb.shares /etc/samba/smb.shares /root/samba start at reboot there is no change, but if I telnet and run the stop-copy-start lines one by one, the HARRY share turns up nicely. I have a feeling that the go script copy the smb.shares file too early. /Rene Your probably right. How about this then.... I would give a try at copying /root/samba to your USB drive and making a change to it. If you open the copy in your editor, you will see a function where first the names.conf file is created and then samba itself started. It looks like this samba_start() { if [ -x /usr/sbin/smbd -a -x /usr/sbin/nmbd -a -r /etc/samba/smb.conf ]; then /usr/bin/fromdos </boot/config/ident.cfg >/var/tmp/ident.cfg source /var/tmp/ident.cfg echo "# Generated names" >/etc/samba/smb.names echo "netbios name = $NAME" >>/etc/samba/smb.names echo "server string = $COMMENT" >>/etc/samba/smb.names echo "workgroup = $WORKGROUP" >>/etc/samba/smb.names echo "local master = $localMaster" >>/etc/samba/smb.names echo "smb ports = $smbPorts" >>/etc/samba/smb.names <------ Add line to copy custom smb.shares into place here. echo "Starting Samba: /usr/sbin/smbd -D -l /dev/null" /usr/sbin/smbd -D -l /dev/null echo " /usr/sbin/nmbd -D -l /dev/null" /usr/sbin/nmbd -D -l /dev/null fi } If you add your own commands between those two steps it might do what you are wanting. So copy the /root/samba file to /boot/samba Edit /boot/samba to add your command to copy the local /boot/smb.shares file into place to /etc/samba/smb.shares Edit the original go script and add just one line at its end (instead of the three you tried earlier) cp /boot/samba /root/samba This has the advantage of being invoked after you use the web-interface "scan-files" button as well as upon initial boot as emhttp invokes /root/samba Joe L.
Archived
This topic is now archived and is closed to further replies.