I’ve seen from Myron here how to go on about setting only an admin user to being able to access the folder. Now what I’m wondering is if it’s possible to remove it altogether, or at least hide it from everywhere (SMB, FTP, WebUI, etc.)
Is this possible? I think it’s quite crazy to delete the whole “Public” folder in “shares/Public”, right?
On a related note, I have my shares named “MBLD” and “MBSEII”. Then, when browsing via SMB (Windows 7), they show in lowercase letters. Some apps show them correctly, others in lowercase. Why is that? Some Samba quirk?
To be honest, for what it’s worth, I would be inclined to keep the Public folder there. Just set the ACL to nothing but Admin can access it. Remoing the Public folder may break other software in the NAS.
If i set it to admin access, will it be hidden when accessing the disk via SMB? I mean, I access \MBLD and have my shares there, plus the Public folder. Will it disappear from there?
It will not dissapear but anyone who is not Admin will get the usual access denies messages.
The note-to-myself that I made on this issue is . . .
Restrict the `Public` share for the NFS, AFP, FTP and SMB access.
You need to access the MBL's Linux's command line. Instructions are littered through this community.
Using the nano text editor edit /etc/trustees.conf find ...
/shares/Public:*:RWBEX:*:CU
... change this to ...
/shares/Public:admin:RWBEX:*:CU
Do the same change to /tmp/trustees.mod. Within this file if you see `admin:RWBEX` for Public
within the DENY LIST then remove it from the appropriate line. Make sure there is one : and not :: if
you do this.
Issue the following command:
settrustees -f /tmp/trustees.mod
The `Public` share and directory is now only accessible to the owner/admin user.
I think now this does not persist over updates so after an upgrade or altering the Public share on the Dashboard UI, this has to be re-applied.
Did it stop working after the last firmware update?
What I didn’t do before was add user accounts to the ###DENY LIST section of /tmp/trustees.mod but after writing that maybe somethings been done in the kernel binary to exclude Public from bring restricted?
I wonder if it may be possible to soft-link the Public to the bit-bucket? Some more work will be needed here as in this case I’m pretty sure the likes of the Twonky and iTunes servers are liable to break.
This is my only real criticism of the WD Firmware and that not being to easily make Public a read only folder for all except the owner(admin).