Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

predefined shares security and setup questions

Featured Replies

Good morning, all.

 

New (obviously) user coming from a Synology to unRAID. I've got a base install done and went through a few setups of plugins (CA, some Dynamix, Nerd Tools, Preclear, Fix Common Problems, Unassigned Devices). I got the array setup (though not sure if correct yet), and was browsing to the tower via a windows desktop and saw the 4 pre-defined shares: appdata, domains, isos, system. I also see the flash shares.

 

My questions now are:

should these be cache only? Should I make them all private or secured security setting? Maybe it's just being overly picky, but I would prefer that anybody looking at the tower on the network only sees the actual shares I think they should see: media, movies, tv shows, photos, games, etc.).

 

I have plenty of data disk storage (at least for now. :) ) and currently 1 500GB Samsung SSD cache disk (which I had hoped to use as VM cache only storage as well. I understand now I probably want to get a 2nd cache disk for that pool so there's some fault tolerance.

 

Was on a trial key, but went ahead and just purchased the Pro license.

 

 

You can change the network accessibility of those shares and it won't affect the unRAID system's ability to access them. You might turn on Help in the webUI to see what the various share SMB settings do. I have mine set to Export: Yes (hidden) and Security: Private.

  • Author

Thanks, just the type of answer I was looking for...

 

... and was browsing to the tower via a windows desktop and saw the 4 pre-defined shares: appdata, domains, isos, system. I also see the flash shares.

 

I think he brings up a good point though.  I suspect this was an oversight when these system shares were setup.  No shares should default to public, except the flash share.  They should only be exposed by the user afterward, with the hope that the user has considered the risks.  Actually, I think this applies to ALL new shares and users, they should all default to Private.

 

I am thinking this thread should perhaps move to the Security board or the Defects board.

... and was browsing to the tower via a windows desktop and saw the 4 pre-defined shares: appdata, domains, isos, system. I also see the flash shares.

 

I think he brings up a good point though.  I suspect this was an oversight when these system shares were setup.  No shares should default to public, except the flash share.  They should only be exposed by the user afterward, with the hope that the user has considered the risks.  Actually, I think this applies to ALL new shares and users, they should all default to Private.

 

I am thinking this thread should perhaps move to the Security board or the Defects board.

They have to default to public, because secure and private both require users to be set up for r/w access which is not a prerequisite for unRaid. 

The predefined shares have been created to facilitate ease of configuration for Docker and VM's (libvirt).

 

If you enable Docker, then 'system' and 'appdata' will be automatically created if necessary.

 

If you enable VM's, then 'system', 'domains' and 'isos' will be automatically created if necessary.

 

If you never enable Docker or VM's those shares will not get created.  Those share are created as "public" but not exported by default.

 

The only share exported in a new install is the 'flash' share which exposes the contents of the USB boot flash.  This is done to facilitate backup and make it easier to copy a registration key file, though these days key files are downloaded.  In addition it serves as an indication that a new server is on-line.  In an untrusted network, the 'flash' share export setting and/or security mode should probably be changed.

Archived

This topic is now archived and is closed to further replies.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.