Restrict access to shared folders

WD Legacy Products My Book Live
2

There is a solution, but you have to tweak a the Samba Server settings withion the MyBook live and to do that you have to enable SSH access. It’s a tweak that so far has not broken the my MyBook Live’s ability to take updates and not broken anything else and the tweak does persist between FirmWare updates.

As always, you make the changes at your own risk.

The file `/etc/samba/overall_share’ has the foillowing block within it . . .

## BEGIN ## sharename = Public #
[Public]
  path = /shares/Public
  comment = Public share
  public = yes
  browseable = yes
  writable = yes
  guest ok = yes
  map read only = no
## END ##

 Make an alteration that reads . . .

## BEGIN ## sharename = Public #
[Public]
  path = /shares/Public
  comment = Public share
  public = yes
  browseable = yes
  writable = no
  guest ok = yes
  map read only = no
## END #

 At the top add the following block of text to the configuration file . . .

[Public_admin]
  path = /shares/Public
  comment = Admin/owner RW access to Public share
  browseable = yes
  invalid users =
  valid users = admin
  read list =
  write list = admin
  map read only = no

 I’ve noticed there is no need to re-start the samba service.

This creates a read only Public share and also a Public_admin share that the owner/admin user can use to make changes within the Public shares share.  If you don’t want network browsing to reveal the Public_admin sharethen changebrowseable = yestobrowseable = no`.

The Public share may also be accessible for read/write by FTP so you may wish to add the following two lines to the end of the /etc/vsftpd.conf file . . .

deny_file=Public
hide_file=Public

 Once done reload the FTP configuration by using the command . . .

/etc/init.d/vsftpd reload

Note that if you update the firmware then the FTP service configuration is also restored to the default so you’ll need to re-apply the deny_file and hide_file lines. The firmware update preserves the samba server shares settings.

I would love for Western Digital to include the facility to allow the Public folder to be switched from Read/Write to Read only (and back) for some future update as not everyone wants to have a Public folder enforced into them.

Enjoy.   :smiley:

Remember to make the least changes.  If you start to dread where you don’t understand what’s going on then you can render your MyBook drive to behave as a door stop!  My changes don’t break the rules. They only bend the rules slightly.