Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Better Defaults

Featured Replies

On 5/17/2019 at 7:42 AM, Eadword said:

While the current system is great for the average home network as a media server storing non-critical and non-confidential information on a private network, with a few changes, it could be ready for so much more...

 

Where I'm coming from: I'm new to unraid, and I am a long time Linux-user with widows as a side OS I avoid as much as possible. Currently I've been setting up a VFIO system, and because I won't just be using it to store media but to actually be my daily driver, I have certain security concerns with the current default configurations.

 

The following is a list of changes I've compiled, largely from http://kmwoley.com/blog/securing-a-new-unraid-installation/ and somewhat ordered by importance:

- SMB 1 disabled by default

- FTP and Tellnet disabled by default

- HTTPS enabled with a self-signed cert out of the gate (love the cert authority setup though!)

- make it more clear how to encrypt new drives (can't choose to encrypt when adding the device, has to be changed in the default filesystem setting)

- new shares not exported by default, and when exportrd, Private by default

- Don't export the USB boot media!!! (At least not by default and add an are you sure if you try to enable it)

- firewall such as UFW installed and enabled by default with only TCP port 80 and 443 set to LIMIT and whatever SMB uses opened. GUFW could be pulled from for the GUI. And providing quick check boxes for common ports would make it easy, possiblity auto enabling when you enable a core service.

- Docker Isolation through Linux namespaces / subuids

- allow tagging more shares for direct Linux VM mounting to prevent the need to pass through /mnt/user

- better multiple-user support, it's a server, right? So people other than root should be able to ssh in and access the UI; ideally root login would be disabled with use of a wheel group instead

- don't use 777 permissions by default, ideally users + groups, but at a minimum there is no reason for most things to be read, write, and execute by default!

- support for openvpn

- support for multiple different encryption keys


And add other lurking issues to this. Even if you're not exposing a system to the public internet, a lot of these things can still cause problems if the system is up 24/7. There is no such thing as a "friendly environment" outside air-gapped systems, and my daily driver will definitely not be air gapped.

 

Anyway, if you've made it this far and feel like this is a list of complaints, I'm sorry. I do like unraid and I already feel excited for where it's going.

Has any of this been resolved since may 2019? Asking for a friend considering a purchase and trying to get an idea as to how security focused unraid is.

On 2/15/2021 at 2:09 PM, raidfish said:

Has any of this been resolved since may 2019? Asking for a friend considering a purchase and trying to get an idea as to how security focused unraid is.

 

Nope...

  • 4 years later...
On 8/20/2019 at 12:35 AM, bonienl said:

You should have more trust in Limetech :)

Security is an important aspect and Limetech is constantly looking at improvements.

I trust limetech, but I dont trust users. Heres to hoping ops recommendations at least get put on the roadmap (hopefully within 6 years). Lack of basic security features is the #1 reasons I am not buying or upgrading more licenses. Still love unraid, just not its lack of enthusiasm to improve security.

1 hour ago, mtseymour said:

I trust limetech, but I dont trust users. Heres to hoping ops recommendations at least get put on the roadmap (hopefully within 6 years). Lack of basic security features is the #1 reasons I am not buying or upgrading more licenses. Still love unraid, just not its lack of enthusiasm to improve security.

Many of these have been implemented over the years. Can you be more specific with your comment about "lack of basic security features"? What are we missing?

  • 2 weeks later...
On 12/28/2025 at 1:29 PM, SpencerJ said:

Many of these have been implemented over the years. Can you be more specific with your comment about "lack of basic security features"? What are we missing?

I think what the problem is that LimeTech decided to 'grandfather-in' settings when changes to the security restrictions were made. For example, SMBv1 was not blacklisted/deactivated when the decision was made to disable SMBv1 for all new system installs. It was left for each individual to actually turn it off in SMB settings. (I completely understand why this choice was made as I have provided a lot of assistance over the years and I know that there are still a goodly percentage of Unraid users who are still using SMBv1 in 2026! IF LimeTech had been turned it off like MS did a few years, the Forum would have exploded with requests for help in fixing the problem. ) So Yes, LimeTech has implemented a lot of these changes but the final actual action to implement them was left to the Individual user.

One item that MS has initiated recently to block guest login from Windows clients to any server. I would assume that they have take the same action on their server products. I would hope that LimeTech would at least provide us with a setting to do the same thing on Unraid. I am well aware that you can easily add a line to SMB Extras section of the GUI to accomplish this but the setting would be a more proactive approach.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.