Hacks to make Public share and USB shares private

Please note - I am not responsible for anything not working and you do this at your own risk. Also, by making any of the the following changes you are likely voiding the warranty (though these are very safe and reversible changes).

Also, these hacks are tested for Windows users but they should work for Mac users using Mavericks but I cannot confirm that. They work as of today with the latest firmware (v1.02.08) for EX2 …hopefully these will continue to work in future and not be blocked by WD in a future firmware release. There are few other hacks that I devised besides these but am not disclosing them lest WD blocks them in a future firmware release :slight_smile: I will also try (try is the keyword) to keep this post updated, should some of the steps require minor changes in a future firmware release. And though these have been tested on My Cloud EX2, they likely will work on EX4 and Mirror. I am not so sure about these working on the regular My Cloud because they use different codebase.

It’s a good idea to be a little familiar with linux/unix. Remember, Google is your best friend. If this helps you, please click on the star next to my username in the left panel to give me a kudo.

From the beginning I disliked the idea of a Public share and wanted to get rid of it but I could not via the dashboard. So I instead figured this hack to at least make the Public share private. I also mention below how to do the same thing to your USB shares, which I hate having as public. The only thing that I was not able to do was even after making USB shares private, is that the dashboard GUI still shows the USB shares as public. And trust me…I have tried A LOT of things :slight_smile: But I am okay with that, because despite what the dashboard says, the USB shares ARE in fact private after the hack.

Making the Public share private (this change persist after reboots):

  • SSH into the device and cd to /mnt/HD_a4/.systemfile/
  • Backup .smb.xml preserving file permissions, etc. to a file called .smb.xml.bak :
           cp -p .smb.xml .smb.xml.bak
  • Open .smb.xml in vi
  • Review the xml file before making any changes
  • Changes we need to do will be under the first section, with Public
  • Chage yes to no
  • Next set user access permissions for <read_list></read_list> (granting read-only privs), <write_list></write_list> (granting read-write privs) and set  <invalid_users>#nobody#</invalid_users> - the usernames that you use for read_list and write_list will need to be enclosed with # and multiple names will need commas to separate the usernames but there should be no spaces. Look at other shares you have created in the sections below Public’s and use them for guidance
  • Set <web_public> and <media_flag> to have values like your other shares as well (for mine it is set to 0 but that may not be the case for you). The previous steps are the most important ones (setting to no and setting permissions) and this step may or may not be required but I keep them the same as other shares anyway…since I don’t plan on using the Public folder.
  • Save the file changes and reboot EX2 - then go to dashboard and click Shares and then Public to verify your changes are now in effect
  • Should you ever want to reverse this change, simply copy over the .smb.xml with the .smb.xml.bak (assuming you have not created or altered other shares - if you have then just reverse the edits by hand) and reboot

Making the USB shares private (this change is reversed after a reboot - you’ll have to do them everytime after a reboot):

  • Also note that this change though takes effect, it will not be reflected in the dashboard GUI - on dashboard it will continue to show the share as Public
  • And since the file mentioned below gets freshly generated after every reboot, no need to backup the original file - instead backup the file with your changes AFTER making them
  • SSH into the device and cd to /etc/samba/
  • Open smb.conf in vi
  • Review the file before making any changes
  • Look for the USB device section(s) (identified by ‘comment = USB Device Share’)
  • For the particular USB device you wish to make private, delete the lines ‘guest ok’ and ‘writable’
  • Copy over the following lines from another private (non-USB) share:

read list =
write list =
invalid users =
valid users =

  • Using the other shares as guidance set the read list, write list and valid users according to your needs - invalid users should be set to nobody
  • Save the file
  • To avoid making these edits after every reboot, copy file over to /usr/local/config:
          cp /etc/samba/smb.conf /usr/local/config/smb.conf.bak
  • Everytime after a reboot, SSH in and copy the file over
  • Changes in the conf file are monitored every few seconds and should take effect within a minute automatically
  • Test by trying to go into a USB share from Windows explorer to which you do not have access (basically read list and write list don’t have the username that you use for your Windows) - you will be prevented from accessing it
  • But if for some reason the changes do not take effect automatically, you have to kill the smbd service - first run ‘ps -p $$ | grep smbd’ and then based on the PID value (the number in the leftmost column from the result of the last command) you issue kill command like so, 'kill ’ and finally restart smbd service by issuing the command, ‘smbd -D’. This will definitely cause your changes to take effect.

Please vote on my suggestion USB shares ->  http://community.wd.com/t5/Personal-Cloud-Ideas/EX2-USB-shares-need-configurable-permissions-configu… - to vote click on the up arrow next to my name in the linked post.

I need more votes to get WD to consider implementing the changes requested in my suggestion. For now I have devised the hacks above but would prefer to see this in the firmware so that everyone can avail of this benefit without doing these hacks.

Since mine is still so new that no dust has gathered on top, I’m going to hold out for an official firmware update from WD to correct this and a few other short sighted options before I manually change the permissions.  NIce write up though!  Thanks Cyber!

Yep, certainly…firmware fix is the best solution…but WD has so far not indicated any intention of considering my suggestion. Thanks for your vote…only have 6 votes so far…usually when the votes get to 15 or higher do they give it a serious consideration. Until then, my suggestion will stay as-is. And I am not gonna hold my breath. Which is why I have incorporated several of my hacks into their firmware code and built me a custom firmware so that everything’s automatic and nothing is lost on reboot.