Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Make Flash private by default.

Featured Replies

Recently I and at least 1 other on this forum were hit by ransomware. During this attack the malware managed to scan the network (or maybe just looped through the arp table) and start systematically encrypting public shares. I was sensible enough to keep my backup data shares private so that only the server backing up to it had access which saved my bacon. However I was unaware that by default unraid shares its root filesystem publicly over samba, and the ransomware was able to encrypt my whole flash drive.

 

I am aware that unraid makes no pretence of being a secure OS, I mean by default it has no root password. However as it claims to be an easy to use backup solution for non professionals, I think at least securing up the root file system from anything being able to access it on the local network would be beneficial to a lot of users. Either that or just making it known somewhere on the main page next to the Flash section that it is currently exported as public. It could be a simple colour indicator or just a tick or cross in a column marked 'Shared'.

 

Thanks for listening.

  • Community Expert
4 hours ago, Ascii227 said:

Recently I and at least 1 other on this forum were hit by ransomware. During this attack the malware managed to scan the network (or maybe just looped through the arp table) and start systematically encrypting public shares. I was sensible enough to keep my backup data shares private so that only the server backing up to it had access which saved my bacon. However I was unaware that by default unraid shares its root filesystem publicly over samba, and the ransomware was able to encrypt my whole flash drive.

 

I am aware that unraid makes no pretence of being a secure OS, I mean by default it has no root password. However as it claims to be an easy to use backup solution for non professionals, I think at least securing up the root file system from anything being able to access it on the local network would be beneficial to a lot of users. Either that or just making it known somewhere on the main page next to the Flash section that it is currently exported as public. It could be a simple colour indicator or just a tick or cross in a column marked 'Shared'.

 

Thanks for listening.

Just for clarity - the flash drive is not the root file system, but the boot system that is made visible as the ‘flash’ share.   The root file system is not accessible as a share over the network.

 

As to whether the ‘flash’ share should be private that is a different consideration.   Maybe setting it to be a hidden share might be a better compromise to making it private?   However I agree that the moment it is not immediately obvious that one needs to click on the flash drive on the Main tab is the way to see its share status.

 

Alternatively simply adding the ‘flash’ share to the Shares page and visible regardless of whether disk shares are enabled would at least make it as easy as any other share to see what it’s visibility and access modes are.   It would bring the share inline with how all the other shares are managed rather than hiding it behind clicking on the flash drive on the Main tab.  This lwould be my preferred approach in the short term as it seems it is purely a GUI change but still makes the share status visible in a location where you are likely to be looking for such information.

 

 

  • Author
29 minutes ago, itimpi said:

This would be my preferred approach in the short term as it seems it is purely a GUI change but still makes the share status visible in a location where you are likely to be looking for such information.

I would agree with this, there does not need to be any functional changes if at least the information was presented readily. In my use case for example, had i seen on the shares or main screen that the flash drive was shared publicly I would have immediately made it private. It is rather confusing for a new user that the flash is shared but does not appear anywhere on the shares tab :/

  • Community Expert

Another reason I would like to see the ‘flash’ share added to the Shares tab is the fact that I think quite a few users do not realise that the flash drive can be updated over the network - you do not need to remove it and plug it into another machine in most cases.

 

there is also perhaps a discussion as to why the share is labelled ‘flash’ rather than ‘boot’, but that is probably a lost cause for historical reasons.

By default Unraid comes as an 'open' system. The flash share is immediately accessible when the user boots the system the first time. This allows a user to copy or modify the flash device right from the start. This is a key design element.

 

Making the flash device a private share by default won't work because no users are defined at initial start up, and would defeat the above open design concept.

 

The flash share is not a user share, i.e. it is always present regardless of the array status. Mixing this "special" share with user shares leads to confusion because user share properties such as "allocation method" or "minimum file size" do not apply to the flash device.

 

Perhaps more emphasis need to be made on setting up the flash device and make the user aware to do the appropriate changes once the basic configuration is completed.

1 hour ago, bonienl said:

This allows a user to copy or modify the flash device right from the start.

What, exactly, would need to be modified on the flash over the network that isn't covered by the GUI?

8 minutes ago, jonathanm said:

What, exactly, would need to be modified on the flash over the network that isn't covered by the GUI?

When everything goes right, there is nothing to modify. It's those cases when something went wrong and needs to be corrected.

Is the SMB share an appropriate venue to correct something? It seems the normal troubleshooting step is to run diagnostics, shut down and read the USB stick in another machine.

 

I'm just not convinced the benefits outweigh the inherent risks in the current security situation.

6 minutes ago, bonienl said:

What are the inherent risks?

 

10 hours ago, Ascii227 said:

During this attack the malware managed to scan the network (or maybe just looped through the arp table) and start systematically encrypting public shares.

 

10 hours ago, Ascii227 said:

I was unaware that by default unraid shares its root filesystem publicly over samba, and the ransomware was able to encrypt my whole flash drive.

 

  • Community Expert
23 hours ago, bonienl said:

The flash share is not a user share, i.e. it is always present regardless of the array status. Mixing this "special" share with user shares leads to confusion because user share properties such as "allocation method" or "minimum file size" do not apply to the flash device.

I was thinking it should be presented as an ‘always present’ Disk Share, not as a User Share.    The share settings that apply to Disk Shares DO apply to the ‘flash’ share.

  • 2 weeks later...
  • Author
On 10/24/2018 at 9:03 PM, bonienl said:

What are the inherent risks?

Just seen this in the 6.6.4 Changelog:

 

"webgui: Added warning when Flash device is set as public share"

 

A good compromise I feel, thankyou for listening.

Archived

This topic is now archived and is closed to further replies.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.