Model: My Cloud Pro PR4100
Firmware Version : 2.21.126
To guard against crypto ransomware and other threats, I recently created a new user account and granted it “Read Only” access to the shares/files stored on my NAS. However, I was horrified to discover that this user account has network (Samba) “Read/Write” access to the recycle bins for ALL shares.
In this case, I believe that the logged in user account should have the same permissions that are granted to the share which the Recycle Bin is associated with.
SHARE_1 (Read Only)
SHARE_1_RECYCLED (Read Only)
SHARE_2 (Deny Access)
SHARE_2_RECYCLED (Deny Access)
SHARE_3 (Read / Write)
SHARE_3_RECYCLED (Read / Write)
This is a HUGE security vulnerability, so I suggest fixing it ASAP.