Hi guys,
I have got a MyBook Live Duo for quite some time now and use private shares quite successful to limit access.
The main reason was to avoid unintentional deletion but also to hide some content.
This worked fine in my home network for several Windows and Mac devices and a WD TV having access to the NAS.
Some shares are visible to only some, most are public. Another share is not visible at all, unless the correct user/pw is presented. So far so good…
Recently I tried a Fire TV (Amazon) and installed Xbmc, and everything works fine.
Even too good: Without any deeper knowledge I choosed the option NFS at Xbmc, and all (!) shares got visible and accesible. I found some links, this would work for the public share only (maybe got this wrong), but it works fine for all shares.
The strange thing: I did not add any user information, nor any password.
Also the one mentioned private share (enabled for a specific user only, not even Admin) is visible, accessible and so on.
The “Media Streaming” feature and DLNA are completely disabled @MyBook.
As I mentioned: On Win and Mac the security seems to work, but not for Xbmc.
Anything I missed? Or a “feature” = security bug?
Best
Scarabeus wrote:
Hi guys,
I have got a MyBook Live Duo for quite some time now and use private shares quite successful to limit access.
The main reason was to avoid unintentional deletion but also to hide some content.
This worked fine in my home network for several Windows and Mac devices and a WD TV having access to the NAS.
Some shares are visible to only some, most are public. Another share is not visible at all, unless the correct user/pw is presented. So far so good…
Recently I tried a Fire TV (Amazon) and installed Xbmc, and everything works fine.
Even too good: Without any deeper knowledge I choosed the option NFS at Xbmc, and all (!) shares got visible and accesible. I found some links, this would work for the public share only (maybe got this wrong), but it works fine for all shares.
The strange thing: I did not add any user information, nor any password.
Also the one mentioned private share (enabled for a specific user only, not even Admin) is visible, accessible and so on.
The “Media Streaming” feature and DLNA are completely disabled @MyBook.
As I mentioned: On Win and Mac the security seems to work, but not for Xbmc.
Anything I missed? Or a “feature” = security bug?
Best
No, you’re missing the fact that NFS, by its very nature, has no security. It’s not a bug – that’s just how NFS works.
Unless you MUST use NFS in XBMC for some reason, just use SMB instead. It’s more secure.
Oh - thanks a lot for this info, TonyPh12345.
What is somehow strange, in my opinion:
There is this NAS and everything is “secure”: public shares and private shares for limited access.
But somewhere in dust is NFS, which allows to access everything by everybody…
I can try to use SMB in my setup (no idea so far, but maybe possible).
But: can I disable the NFS support at the NAS to have at least some security?
Shouldn`t it be disabled by default?
At least I’m not aware to have enabled this somehow in the past.
The other way around: why to introduce a secure front door with many different keys, if the backdoor is always open…?
Best regards.
Those are good questions – answers I don’t really know.
ok, but anyway thanks for your statement.
@world: please feel free to resolve this issue… :dizzy_face:
every hint is highly appreciated.
I will go for a request to WD directly - let’s see what happens.
Hi guys,
to keep you informed.
I got in contact with the WD support, and the issue is still pending. The first attempts by a helpful guy at WD did not solve it, but the case got now forwarded to the technical department for a while now. When they answer, I will report.
To remember:
Access to all share without any password was possible via NFS, but not (correctly) via e.g. SMB.
During my search I found this link - thanks to the original poster:
https://gist.github.com/cam8001/ff5880d8a70e14661af2
I connected via SSH (using Terminal on a Mac) and disabled these services permanently from the startup-options of the MyBook:
/etc/init.d/nfs-kernel-server stop
/etc/init.d/nfs-common stop
So there is no NFS support and so no access anymore - at least using this protocoll. SMB still works fine - sufficient for my needs.
While solving this „hole“, the situation stays with the unpleasant feeling that other holes do still exists, without being aware of them.
