Restrict access to shared folders

Hi

I have a WD MyBook Live 1TB, running windows 7 professional and windows 7 home edition on other laptops on network. Is there any way to stop people editing or deleting files that are on shared music/video or pictures, other than creating a new share folder.

I would like others on the network to be able to see/play files but not be able to delete them or alter them

many thanks

There is a solution, but you have to tweak a the Samba Server settings withion the MyBook live and to do that you have to enable SSH access. It’s a tweak that so far has not broken the my MyBook Live’s ability to take updates and not broken anything else and the tweak does persist between FirmWare updates.

As always, you make the changes at your own risk.

The file `/etc/samba/overall_share’ has the foillowing block within it . . .

## BEGIN ## sharename = Public #
[Public]
  path = /shares/Public
  comment = Public share
  public = yes
  browseable = yes
  writable = yes
  guest ok = yes
  map read only = no
## END ##

 Make an alteration that reads . . .

## BEGIN ## sharename = Public #
[Public]
  path = /shares/Public
  comment = Public share
  public = yes
  browseable = yes
  writable = no
  guest ok = yes
  map read only = no
## END #

 At the top add the following block of text to the configuration file . . .

[Public_admin]
  path = /shares/Public
  comment = Admin/owner RW access to Public share
  browseable = yes
  invalid users =
  valid users = admin
  read list =
  write list = admin
  map read only = no

 I’ve noticed there is no need to re-start the samba service.

This creates a read only Public share and also a Public_admin share that the owner/admin user can use to make changes within the Public shares share.  If you don’t want network browsing to reveal the Public_admin sharethen changebrowseable = yestobrowseable = no`.

The Public share may also be accessible for read/write by FTP so you may wish to add the following two lines to the end of the /etc/vsftpd.conf file . . .

deny_file=Public
hide_file=Public

 Once done reload the FTP configuration by using the command . . .

/etc/init.d/vsftpd reload

Note that if you update the firmware then the FTP service configuration is also restored to the default so you’ll need to re-apply the deny_file and hide_file lines. The firmware update preserves the samba server shares settings.

I would love for Western Digital to include the facility to allow the Public folder to be switched from Read/Write to Read only (and back) for some future update as not everyone wants to have a Public folder enforced into them.

Enjoy.   :smiley:

Remember to make the least changes.  If you start to dread where you don’t understand what’s going on then you can render your MyBook drive to behave as a door stop!  My changes don’t break the rules. They only bend the rules slightly.

How to i access the said file to enable me to change its settings

With a question like that I think you don’t know Linux?  I’m asking that question because that will dictate how I edit my earlier reply.

You would be right, I do not know Linux whatsoever, sorry. I am good at following instructions and have a little knowledge of programming.

Thanks

Myron wrote:

There is a solution, but you have to tweak a the Samba Server settings withion the MyBook live and to do that you have to enable SSH access. It’s a tweak that so far has not broken the my MyBook Live’s ability to take updates and not broken anything else and the tweak does persist between FirmWare updates.

 

As always, you make the changes at your own risk.

 

The file `/etc/samba/overall_share’ has the foillowing block within it . . .

BEGIN ## sharename = Public

[Public]
path = /shares/Public
comment = Public share
public = yes
browseable = yes
writable = yes
guest ok = yes
map read only = no

END

 Make an alteration that reads . . .

BEGIN ## sharename = Public

[Public]
path = /shares/Public
comment = Public share
public = yes
browseable = yes
writable = no
guest ok = yes
map read only = no

END

 At the top add the following block of text to the configuration file . . .

[Public_admin]
path = /shares/Public
comment = Admin/owner RW access to Public share
browseable = yes
invalid users =
valid users = admin
read list =
write list = admin
map read only = no

 I’ve noticed there is no need to re-start the samba service.

 

This creates a read only Public share and also a Public_admin share that the owner/admin user can use to make changes within the Public shares share.  If you don’t want network browsing to reveal the Public_admin sharethen changebrowseable = yestobrowseable = no`.

 

The Public share may also be accessible for read/write by FTP so you may wish to add the following two lines to the end of the /etc/vsftpd.conf file . . .

deny_file=Public
hide_file=Public

 Once done reload the FTP configuration by using the command . . .

/etc/init.d/vsftpd reload

Note that if you update the firmware then the FTP service configuration is also restored to the default so you’ll need to re-apply the deny_file and hide_file lines. The firmware update preserves the samba server shares settings.

 

I would love for Western Digital to include the facility to allow the Public folder to be switched from Read/Write to Read only (and back) for some future update as not everyone wants to have a Public folder enforced into them.

 

Enjoy.   :smiley:

 

Remember to make the least changes.  If you start to dread where you don’t understand what’s going on then you can render your MyBook drive to behave as a door stop!  My changes don’t break the rules. They only bend the rules slightly.

Thanks Myron

worked it out.

thanks for the code to change all done and working fine

Sorted. Glad that it’s worked. My mind does find it a bit difficult to comprehend why Western Digital can’t build in this functionality by default.  At least put in the facility to let the MyBook Live owner choose how the Public folder operates.

For anyone else looking at this thread SSH needs to be turned on so first toy need to sign-on to the Web UP then go to http://MyBookLive/UI/ssh and enable SSH.  You also need a program that can establish an SSH connection and start a telnet session. For Windows the most popular program is PUTTY (  http://www.chiark.greenend.org.uk/~sgtatham/putty/ )

Once logged in you can use the nano text editor to easily make the changes to the configuration files and run the scripts and programs directly on the MyBookLive.

As always, all tweaks and changes done on the MyBook Live’s operating system is done at your own risk.

On my MYBW there was a way to change permissions for FTP and samba accès modifying the /etc/trustees.conf

[/dev/md2]/Public:*:RWBEX:read_only_user:DW:*:DU (I dont want these emoticons for : followed by D)

the read_only_user is the name of the user you want to restrict access.

then you shoud reload the permissions with something like this

/usr/local/bin/settrustees

On the MYBW this was lost at reboot :s

it is probably possible to add startup script copying the right trustees.conf file and executing this line.

I’m not sure but I think the scripts . . .

setSharePrivate.sh
setSharePublic.sh
setTrustees.sh

 . . . only replace an individual line within /etc/trustees.conf.  b_welding, your idea may work.

Hi Myron,

Have another problem. got access restricted on public share but my laptop went down when i was connected to public_admin. now the drive won’t let me connect with another laptop until i disconnect mapped drive. any ideas

i have tried removing public_admin and re adding but does not work

thanks :frowning:

Have you tried rebooting the MyBook Live using the Dashboard UI and trying agaIn?

Hi

Yeah Tried that and set overall_share back to its original state before rebooting. still no joy

cheers