Currently anyone with LAN access can type into windows explorer the following:
\\vuduo\ or \\bm750\ depending on the image loaded, or just type in the plain ip address with leading \\.

that will get full access to the vuduo as if its another Windows PC with shared folders; and its full read/write access including the config files not just the hard drive. Is there anyway to disable this? or atleast stop sharing the ConfigFiles and make the hard drive read only? Its a huge security hole, anyone with LAN access could potentially stop the vuduo from booting by deleteing the boot files or even wrose enjecting harmfull code into the startup files, eg telling the vuduo to erase the boot block on next startup, they could basicly do anything.

I am sure there is a configfile to change the settings for this, am hunting for it right now, but if someone could enlighten me it would save me time

Found a temporary solution to this, I have added a command to the end of the rcS file in /etc/init.d/

"killall smbd"

I can still not find where the smbd config files are, or which startup file is loading the process on boot. So the simplist way for now is to just kill the process after is it starts, this way I know my box is secure.

If you are on a LAN with a large number of computers connected, eg an apartment block with shared internet connection, and people whom you do now know, then it is paramount you get your vuduo secured if you are going to plug it into the LAN.

Also change the telnet password using the command "passwd" and enable authentication for the enigma2 webinterface.

If you dont know how to secure the vuduo and you are in my situation, I suggest getting a NAT router, a standard wireless router with RJ45 WAN port will do, this will firewall your box from the rest of the LAN while still allowing internet access.

This can be turned off, what image are you using?

using open pli

You've most likely got NFS-Server installed. Go to plugins and select it. The set the export to a folder that you would like to share on your network i.e. /media/hdd/movie

Also, why would it matter to be honest? Unless you have an unsecured network, or have people on the network you don't want to have access to it, then there's no problem. If it's either of the other 2, then sort out those problems I would say. Think it's quite handy to have the samba sharing personally :p

You've most likely got NFS-Server installed. Go to plugins and select it. The set the export to a folder that you would like to share on your network i.e. /media/hdd/movie

I just installed Client for Microsoft Networks on my XP to test this issue.
Yes indeed, even though my NFS server setup only says:
Export: /media/hdd/movie

Still, also the whole var directory is exported under the name \\vuduo\Configfiles
It is exactly as if connected via ftp and gone to var.
Including all my private sharing settings: servers, ports and passwords.

As to the other NFS share: \\vuduo\Harddisk - it shows the whole disk, not only movie subdirectory.

So for now, I have mapped var to A:, HD to B:
Very convenient, especially that those letters are not allowed for local drives, but is there a way to put passwords on those shares?
Until now, I did not even have client for Microsoft networks or file and printer sharing on my PC - seemed safer that way.
But now, I want to see Duo NFS shares from PC and CIFS shares on PC from Duo, so I have installed them.
Works in both directions very nicely.

So CIFS may be protected by user/password, surely Samba also allows passwords, even encrypted passwords, etc.
Something like: smbpasswd -a root
Unfortunately, such a command is not supported in PLi

As to no need of password protection inside LAN, today many ISPs have some sort of LAN/WAN thing going, and there might be quite a number of unknown to you people on your LAN, even if you do not realize you are on a LAN.

Any ideas?

CORRECTION: I now think that those two shares, Configfiles and Harddisk, are not NFS shares, but Samba (SMB/CIFS) shares.

Here, expanding, continuing from my previous post:

As to NFS, it does not support authorization per user, but per host only.

If you look in etc/exports file, you will see one line there:

/media/hdd/movie *(rw,no_root_squash,sync)

Here we see two things:

1. Yes, only /media/hdd/movie is exported

2. The allowed hosts are * (asterisk) - instead, the name of your specific PC should be used or its IP address. That would solve a security issue. But not the security issue as initially described by the author of the thread.

When I accessed those shares from Duo, exports file was completely ignored, as was ignored the whole NFS server plugin,
those two shares: Configfiles and Harddisk are defined in Samba.

Somebody here steered the discussion to NFS server and its settings, but I think that we should look at Samba instead.
And as I wrote before, I think that Samba supports user/password, but perhaps not this particular Samba that is present in PLi

Anyway, NFS server is one thing, and Samba - quite another, Samba is for sharing in SMB/CIFS, not NFS.

Because this subset of Samba seems not to support password command, perhaps it can be done some other way?
In some script or configuration file?

Alternative: yes, to kill Samba altogether, and to use the NFS server plugin instead.
If your PC is running windows, though, you need a special support for NFS.
In Windows 7 it is present and client for NFS can be easily added.
In Windows XP, we need to download "Windows Services for Unix" from Microsoft.

And, to increase security, to replace that * in exports with a specific computer.


UPDATE:

here they are:

etc/samba/smb.conf

here you can meddle with those two shares, Configfiles and Harddisk, setting them read only, non public, or changing their paths, etc.
there is also a password file: etc/samba/private/smbpasswd which is currently 0 length, it seems that it is supposed to be encrypted,
the question is: is there a way to add users/passwords to samba with some command in this PLi version or not.
If not, it may be difficult to manually make that smbpasswd file.

So perhaps it is possible to do something about samba security, and NFS may not be needed after all, so the only NFS share may be removed from exports file in that case

I started with PLi for newbies with Samba pre-installed, interesting, is it pre-installed in other images?
Perhaps it can be uninstalled and a different Samba version/plugin installed instead?
One with user/password management capabilities, for example.