Hi, currently I have an share on my WD My Cloud configured to Public. It works ok, but I want to somehow limit it’s access without switching to SMB or FTP access. It’s not shared outside of my LAN private network, but I still don’t want any computer with the wifi password (of which there are quite a few) to be able to just look through my documents.
Ideally I’d just enter a user and password like it works with samba/windows shares, but apparently NFS does not support user/password authentification, instead it supports IP auth and UID auth, both of which can be easy to fake. Just configure ip static and create a new user with that id right? Or I’m missing something and UID auth is actually more than a wide open door.
I think kerberos might suit my purpose, but I need some extra packages, these packages (krb5-kdc being one) are available through apt-get, but they are probably 4k packages that might brick my device and/or not work at all, right? Do I need to set up that VM build environment to install kerberos packages? Should I downgrade to 3.x firmware? Is it easier to get something like a raspberry pi to act as a kerberos server and somehow limit access to the NAS with that?
Any advice is appreciated, the objective is that only known clients can access the NFS share, even in the LAN, so mac address restriction would work too, but only on the non-public shares if possible.
Why not just change the Public Access option for the Share to Off within the Dashboard? Once that option is set to off you can then assign User permission levels (Full Access, Read Access, No Access) to the Share. Would this not work for NSF (for what ever reason)?
NFS does not support normal user/password authentification, when I do those steps the share is unaccessible through NFS, since there’s nowhere to input a password.
Doing cd /media/wdmycloud/shareName returns permission denied, and I could find no logs on the server to get any more info, in theory it’s impossible to provide users through NFS, but maybe there’s another way, I’d be glad to provide any logs/information if you think it’s possible.
It does work with SMB, but that’s not what I’m looking for.
Perhaps you can restrict access based on IP Address or similar. You would probably have to edit the /etc/exports file to limit access. Unknown how this would affect the My Cloud or it it even works so do so at your own risk. See the following link for more information on how to configure NSF to provide network shares to specific clients:
But that Ip would still be usable from another machine, unless I configure the router to reserve it for a specific mac address. I wanted to leave the router alone cause it’s a pain to configure (it’s an old router I modded with openwrt that has not enough space for the web-gui).
I guess the /etc/exports combined with reserved ips on the router achieves what I needed, even if it is harder than I’d like. I’ll try it, thanks for the link.
You can apparently restrict access using the computer hostname too. That way you wouldn’t have to mess with configuring static IP address assignments in the old router. Of course the flip side is one could simply change the computer’s hostname to bypass being blocked out.
Edit to add: If the WiFi computers/devices use a specific range of IP addresses or are on a specific subnet one can block the entire subnet or range apparently. That link I provided mentions that as an option.
