Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Keyfile Permissions

Featured Replies

Hello everyone!

Just setup a fully encrypted array and I noticed that by default the keyfile `/root/keyfile` is readable by all users. Wanted to see if maybe I am missing a security setting somewhere or if this is actually the default... I did write a quick user script to run at array startup which simply performs `chmod -R og-rwx /root`.

The /root location will not be visible acros the network so not easily accessible.    If you can log in as root then the permissions are irrelevant.

  • Author
2 minutes ago, trurl said:

 

I am not storing a keyfile. When I enter my keyfile to start the array, Unraid writes the keyfile to `/root/keyfile`.

  • Author
5 minutes ago, itimpi said:

The /root location will not be visible acros the network so not easily accessible.    If you can log in as root then the permissions are irrelevant.

Trying to set up different user accounts, they still would be able to access it with the default permissions--if I am not mistaken.

18 minutes ago, Eadword said:

Trying to set up different user accounts, they still would be able to access it with the default permissions--if I am not mistaken.

What user accounts?   Unraid does not really support user accounts in the traditional Linux sense.    In Unraid the user accounts are only intended to allow you to control share access, and /root is not part of any share.

2 hours ago, Eadword said:

I am not storing a keyfile. When I enter my keyfile to start the array, Unraid writes the keyfile to `/root/keyfile`.

Did you actually read the linked thread? The whole point was explaining that the keyfile isn't actually in persistent storage. Here is the link again as a plain URL:

 

https://forums.unraid.net/topic/73751-dont-store-a-keyfile/

 

2 hours ago, Eadword said:

When I enter my keyfile to start the array, Unraid writes the keyfile to `/root/keyfile`.

This is needed to start the array.

Once the array is started you can delete this file using the GUI (see Main menu).

 

Ps. regular users can not read this file, because regular users can not login to the system

Edited by bonienl

  • Author
6 hours ago, trurl said:

Did you actually read the linked thread? The whole point was explaining that the keyfile isn't actually in persistent storage.

 

Yes the link was illuminating to see that it is actually using a tmpfs mount or something, however, rephrasing my point to be "it's still in the filesystem" would be more accurate and any user could read it given the permissions. At least, that is where my mind went based on normal unix logic. Since apparently unraid doesn't really support users other than root according to itimpi, this point is moot.

17 hours ago, Eadword said:

Yes the link was illuminating to see that it is actually using a tmpfs mount or something, however, rephrasing my point to be "it's still in the filesystem" would be more accurate and any user could read it given the permissions. At least, that is where my mind went based on normal unix logic. Since apparently unraid doesn't really support users other than root according to itimpi, this point is moot.

Yes we'll change that to 600 in next release, though at present doesn't make any difference.

Archived

This topic is now archived and is closed to further replies.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.