Alternative configuratin files

Post Reply
theike
Posts: 27
Joined: Sun Mar 08, 2009 10:19 pm

Alternative configuratin files

Post by theike » Thu May 28, 2009 6:50 pm

This is a split from my 'findings'-thread...
--------------------------------------------
!!WARNING: Possible dangerous actions have to performed, you have been warned... !!

Ok, attached you will find the adjusted scripts. (addon: they are not allowed to be added... interested: PM me)

They allow user management on the device, including shares for every user including dedicated authentication. Featurelist:
* Persistent folders (patch in cleanconf)
* ReadOnly openshare (public readable)
run edmini.sh share reinstall once BEFORE adding new users
* User management in configuration (web interface)
Admin (not deleteable) and user accounts
For new users automatically a new share (user_<username>) is added, with correct rights applied (admin & user r/w, public no access)
* For deleted users only the account (login) and share are removed. Files stay available and have to be deleted manually (who extends the web-UI?)

You need a tweaked (opened) box with the backdoor or ssh/telnet available.

(Do not delete all additional users, as i have no option yet to recreate new users, delete 'default' user after creating new ones)

HAve fun, Theike

theike
Posts: 27
Joined: Sun Mar 08, 2009 10:19 pm

Re: Alternative configuratin files

Post by theike » Thu May 28, 2009 7:10 pm

As i have upgraded the script a bit i now have a slightly updated scripts, that address a issue i was not aware of initially.

next is the problem:
To reset a 'dead' networkspace LaCie has implemented a small recovery method. just flip off and on the device (relatively quickly) and the device will enter 'original' state. I have ot tested this, but i assume all changes applied to the snaps-folder are deleted, but the data partition is remaining untouched.

Problem: my patches are stored in this snaps-folder. and one of these patches contains the 'do not delete shared folders'-routine. So my user-folders might become deleted due to a powersurge or accidental powerswitch-flip.

I also had another issue... I hated my initial aproach as it was irritating to have so many shares that were a bit a pain to manage.

So what did i do?
I moved the user-folders to the myshare (admin share). This solves both issues. Now there are no more folders in the /home-folder that might be deleted by the cleanup-script. and it is clearer that the admin has access to the user-folders.

Contact me (PM) if you want a copy of the (updated) scripts...

Daan
Posts: 98
Joined: Thu Feb 05, 2009 8:46 pm

Re: Alternative configuratin files

Post by Daan » Thu May 28, 2009 8:38 pm

Hey Theike,

I think putting user folders in myshare or openshare is indeed the safe way to go.

Can you be a bit more specific about what your scripts do differently compared to the originals? I had a look at the previous versions but I found it hard to see what your modifications do.

Thanks,

Daa

theike
Posts: 27
Joined: Sun Mar 08, 2009 10:19 pm

Re: Alternative configuratin files

Post by theike » Fri May 29, 2009 10:17 pm

The only difference is that i now create the folders as a sub of the myshare-folder and create the shares for the additional user accounts there (so they are shares within the shared myshare, but with different access rights).

Admin now has 2 ways to access the shares. Admin has access to the specific shares (r/w) and as the shared folders reside in the myshare-folder he can access them there as well. All the rest is the same. (although the cleanup script would not need to be patched anymore).

During migration i had to patch the system myself a bit. Move the (shared) user folders from home to myshare, edit the /etc/EDmini.config (change shared folder path) and patched the samba config (/etc/samba/...). Next i rebooted the nas and it all worked like a charm :P

Regards,
Theike

belese
Posts: 16
Joined: Sun Apr 19, 2009 9:44 pm

Re: Alternative configuratin files

Post by belese » Fri May 29, 2009 10:35 pm

hey,

you can mount the original partition in rw , i don't remember option, but i look tomorow if you want , and remove it from original partition, i remove the link to the cleanconfig on the original partition, so if i dot a reset, all my share are not deleted. but your script must be better, bacause when i remove this script, all my previous usb sharing directory are not removed

Daan
Posts: 98
Joined: Thu Feb 05, 2009 8:46 pm

Re: Alternative configuratin files

Post by Daan » Wed Jun 17, 2009 6:34 pm

I have tried the new scripts. Rebooting did not delete anything from the /home folder except the /home/usbdisksdb* directories, so that's good.

Adding new users with the new scripts (running "edmini.sh share reinstall" each time before making a new user):

Code: Select all

SpaceNetwork /home # edmini.sh share reinstall
Reprocessing configuration files...
Creating global configuration headers
HTTP proto
BJR proto
HTTP proto
BJR proto
Reloading services
SpaceNetwork /home # edmini.sh user add daan pass     
Adding user daan
SpaceNetwork /home # edmini.sh share reinstall
Reprocessing configuration files...
Creating global configuration headers
HTTP proto
BJR proto
HTTP proto
BJR proto
Reloading services
SpaceNetwork /home # edmini.sh user add kris pass2
Adding user kris
SpaceNetwork /home # cat /etc/passwd
root:x:0:0:root:/root:/bin/sh
bin:x:1:1:bin:/bin:/bin/sh
daemon:x:2:2:daemon:/sbin:/bin/sh
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
operator:x:11:0:operator:/var:/bin/sh
nobody:x:65534:65534:Nobody:/:/bin/sh
anonymous:x:65534:65534:Nobody:/:/bin/false
admin:x:500:100:LaCie Ethernet Disk mini Admin:/home:/bin/false

new_root:x:0:0:root:/root:/bin/sh

daan:x:501:100:Linux User,,,:/home:/bin/false
kris:x:502:100:Linux User,,,:/home:/bin/false
SpaceNetwork /home #
So we now have two LaCie NetworkSpace users, whereas we could only have one with the original scripts. These users share a home directory, /home, which is also the home of admin.

Is that all or am I missing something?

Wouldn't be nice to give each user his home directory (like /home/myshare/user_daan) and give him write rights his home dir, read only to /home/openshare, no access to the other dirs?

Forgive me if I did not get it.

B.t.w., why don't you make "edmini.sh share reinstall" part of the procedure that makes new users, so that you don't forget to run it before

theike
Posts: 27
Joined: Sun Mar 08, 2009 10:19 pm

Re: Alternative configuratin files

Post by theike » Tue Jun 30, 2009 7:36 pm

Hi Daan

What you want is what i have.
You can create many users (select a user and in the dropdown select 'create new user')
All users get a 'personal' home folder in the 'myshare' (so admin can read/write them as well). Furthermore I changed the openshare to read-only access manually, so i didn't include it in the script.

And you only need to run reinstall when creating users, as updating (=change pw) does not require reinit (would cause lost connections in case of a huge file copy for example).

And... thanks for testing

Theike

Post Reply