How to hide 'flash' share folder

mintjberry

By mintjberry
in General Support

Recommended Posts

trurl Grand Master

trurl

Posted
Posted
4 minutes ago, mintjberry said:

Any idea of how to do this? Normally I would just set the share export to be 'No', but the flash folder doesn't come up as a share under 'Shares'.

Main - Boot Device - Flash - SMB Security Settings. I have mine set to Yes (hidden) so I can still access by specifying the path, but nobody can browse to it.

Link to comment
  • 10 months later...
  • 4 months later...
_0m0t3ur Contributor

_0m0t3ur

Posted
Posted

I appreciate all the great info in this thread.  I have been connecting to my server from a MacBook via AFP.  Then today, I connected via SMB and "Flash" showed up as a share.  This alarmed me momentarily because I had just been messing around moving files with the Krusader docker.  And I had recently watched Spaceinvader One's video on Krusader and using it to backup the flash drive.  And I was meaning to do backup the flash drive but read that the array should be stopped first.  So of course I was puzzled as to what I could have done.  Then it occurred to me that "Flash" is not visible via AFP.  So, I searched the unRAID forums, instead of the obvious step of checking the flash settings under the main tab.  Lol.

 

So, after the backstory, I do have a question.  Does it matter (possible negative outcomes) if the flash drive SMB security settings are set to "Export: No" and "Security: Private"?

 

Thanks in advance.

Link to comment
trurl Grand Master

trurl

Posted
Posted
1 hour ago, DoItMyselfToo said:

Does it matter (possible negative outcomes) if the flash drive SMB security settings are set to "Export: No" and "Security: Private"?

 

If it isn't exported then security is irrelevant. Shouldn't matter to anything actually running on the server since SMB is only involved in network access.

 

Also, you can download a backup of flash from the webUI at Main - Boot Device - Flash. The only consequence of not stopping the array before getting the backup is a parity check if you restore the backup. More dangerous is using an old backup that doesn't match your current disk assignments.

Link to comment
_0m0t3ur Contributor

_0m0t3ur

Posted
Posted (edited)
5 minutes ago, trurl said:

 

If it isn't exported then security is irrelevant. Shouldn't matter to anything actually running on the server since SMB is only involved in network access.

 

Also, you can download a backup of flash from the webUI at Main - Boot Device - Flash. The only consequence of not stopping the array before getting the backup is a parity check if you restore the backup. More dangerous is using an old backup that doesn't match your current disk assignments.

Ahh.  Makes sense.  So I'll just either set to "Export: No" or "Export: Yes (hidden)".  I just don't want to see it unless I need to manually make changes.  Seems like Terminal is a place to mess around under the hood anyway.

 

Thanks for the tip on backing up the flash drive.  I wasn't aware of this function.  Do you have a recommendation for how often to backup the flash drive?

Edited by DoItMyselfToo
Link to comment
JonathanM Grand Master

JonathanM

Posted
Posted
47 minutes ago, DoItMyselfToo said:

Do you have a recommendation for how often to backup the flash drive?

Every time you do a version upgrade, or a disk configuration change. When you change drives, make sure you mark all previous backups as extremely dangerous, not to be used intact, only as reference.

Link to comment
_0m0t3ur Contributor

_0m0t3ur

Posted
Posted
47 minutes ago, jonathanm said:

Every time you do a version upgrade, or a disk configuration change. When you change drives, make sure you mark all previous backups as extremely dangerous, not to be used intact, only as reference.

So, whenever I make system changes, I'll do a backup of my flash drive.  Thanks for your input.

Link to comment
pwm Community Regular

pwm

Posted
Posted
9 hours ago, DoItMyselfToo said:

"Export: Yes (hidden)"

 

Hidden is security by obscurity. So not very good. It would be good if the share has a name consisting of a large number of random characters that an attacker needs to guess. But with a fixed name, it isn't very hard to check i there is an invisible share.

Link to comment
trurl Grand Master

trurl

Posted
Posted
3 hours ago, pwm said:

 

Hidden is security by obscurity. So not very good. It would be good if the share has a name consisting of a large number of random characters that an attacker needs to guess. But with a fixed name, it isn't very hard to check i there is an invisible share.

 

I only use hidden to prevent accidents by other users on my LAN, for real security you would want to do more.

Link to comment
pwm Community Regular

pwm

Posted
Posted
Just now, trurl said:

 

I only use hidden to prevent accidents by other users on my LAN, for real security you would want to do more.

 

Yes, hidden is basically to hide noise and to introduce a bit of additional protection from mistakes - requiring the user to turn on the brain and do some manual interaction to access.

 

A traditional virus will not know about the additional shares, while an automated hacking tool may have a significant list of share names to scan for.

Link to comment
_0m0t3ur Contributor

_0m0t3ur

Posted
Posted (edited)
6 hours ago, pwm said:

 

Hidden is security by obscurity. So not very good. It would be good if the share has a name consisting of a large number of random characters that an attacker needs to guess. But with a fixed name, it isn't very hard to check i there is an invisible share.

Yeah, it is.  Mostly I don't want to have it visible when accessing my shares for routine stuff.  Last thing I need to do is accidentally corrupt my flash drive.

 

As @trurl says "...to avoid accidents..."

 

Though, it really wouldn't hurt to "Export: No" and then once in a while have to change the export setting to take care of a task.

Edited by DoItMyselfToo
Link to comment
pwm Community Regular

pwm

Posted
Posted
27 minutes ago, DoItMyselfToo said:

Yeah, it is.  Mostly I don't want to have it visible when accessing my shares for routine stuff.  Last thing I need to do is accidentally corrupt my flash drive.

 

As @trurl says "...to avoid accidents..."

 

Though, it really wouldn't hurt to "Export: No" and then once in a while have to change the export setting to take care of a task.

 

Yes, but you should still consider protecting it from other peoples access. Hidden but with public access is bad. Hidden with private access is good.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing