Hi All,

A quickie question. I was doing some browsing on my network at home today (while setting up a home NAS box) and I noticed that I can see the ZGEMMA box and two shares underneath:

61891

It's been a while since I set the box up and I have gotten a bit rusty as I have just been using it for its intended purpose for about 1 year with no tweaking). I suspect that I may have inadvertently shared out the main FS (twice) as I was doing my setup way back when but I can't remember what I need to do to secure the system again on the network. I'm not worried for myself but I worry that some little fingers might accidentally delete some files inside the critical system folders. I just wanted to check:

1. Where do I see these shares in the GUI
2. Should I remove them (would it cause other things to break?)
3. If 2. is "no" then should I (can I) set up some security to prevent accidental messing

what should be publicly visible on the LAN from the OpenVix box??

Thanks
Paul

As far as I know this is normal and if you set a password for Telnet, SSH and FTP on your H7 the shares should only be accessible with that password.
To set a password see: https://www.world-of-satellite.com/showthread.php?63400&p=503909&viewfull=1#post503909

Also I think the shares probably won't be accessible from Windows if you uninstall (or disable) the samba plug-in, but I'm a little puzzled that it was loaded without you knowing but perhaps it's loaded by default.

As I know, password is mandatory in Openvix 5.4, so any possible unwanted network access would be denied without entering login and password. Also, samba is not installed by default. I must update packages in a fresh Openvix installation to be able to install and run Samba. So I believe you have no problem with sharing.

As I know, password is mandatory in Openvix 5.4, so any possible unwanted network access would be denied without entering login and password. Also, samba is not installed by default. I must update packages in a fresh Openvix installation to be able to install and run Samba. So I believe you have no problem with sharing.
hi,

thanks for both replies.

So more checking.

I am running 5.3.019 and don't really want to upgrade just now as I did lots of setup and tweaks that I would need time to get to the bottom of to reincorporate them into the latest release.

Checked and when I go into the options to install samba it suggests that it will install it which suggests it is not currently installed:

61893

Next, I looked at the password option and the screen is presented to "change password" so I did that to a random password and rebooted.


Bizarrely - I could still access the shares anonymously even though I don't think SAMBA is installed explicitly and I set a random password.

Most odd! Could I have somehow installed SAMBA at the command line (and forgotten I did it as I did a lot of things when starting out) and it does not show up as installed in the GUI? If so can some kind sole guide me through the CLI to check and secure as I am not a linux guru :-)

I'm really happy with the setup apart from this and am loathed to upgrade it or reinstall it for the fear of spending days tweaking the GUI to the way I like (EPG) and all the other crap that needs handholding like the EPG download process etc.


thanks
Paul

What type of box can see the H7?

Are you running NFS (same section as Samba)?

These two telnet/putty commands will tell you if Samba or NFS is actually running...


root@vuultimo4k:~# ps -cef|grep -i smb
root 1693 1 TS 19 10:09 ? 00:00:00 /usr/sbin/smbd
root 1697 1693 TS 19 10:09 ? 00:00:00 /usr/sbin/smbd
root 1698 1693 TS 19 10:09 ? 00:00:00 /usr/sbin/smbd
root 1943 1903 TS 19 10:09 pts/0 00:00:00 grep -i smb
root@vuultimo4k:~# ps -cef|grep -i nfs
root 516 2 TS 39 10:08 ? 00:00:00 [nfsiod]
root 1634 2 TS 19 10:09 ? 00:00:00 [nfsd]
root 1635 2 TS 19 10:09 ? 00:00:00 [nfsd]
root 1636 2 TS 19 10:09 ? 00:00:00 [nfsd]
root 1637 2 TS 19 10:09 ? 00:00:00 [nfsd]
root 1638 2 TS 19 10:09 ? 00:00:00 [nfsd]
root 1639 2 TS 19 10:09 ? 00:00:00 [nfsd]
root 1640 2 TS 19 10:09 ? 00:00:00 [nfsd]
root 1641 2 TS 19 10:09 ? 00:00:00 [nfsd]
root 1951 1903 TS 19 10:09 pts/0 00:00:00 grep -i nfs
root@vuultimo4k:~#

You have a h7 with multiboot, so you can keep the current image (in slot 1 I assume).
If you do a settings backup (Menu/Setup/ViX/Backup settings . ensure its saved on hdd or usb(menu button)), flash the latest image online to a spare slot using ImageManager and on re boot restore the settings backup, the new image should be same as old image as far as settings are concerned...... except you need to set a password as required by 5.4
If you are not happy you can long press power button and go to MultiBoot Image Selector and select the old image and reboot.

So you can always keep the old image until you are happy with new image version

Bizarrely - I could still access the shares anonymously even though I don't think SAMBA is installed explicitly and I set a random password.

Most odd! Could I have somehow installed SAMBA at the command line (and forgotten I did it as I did a lot of things when starting out) and it does not show up as installed in the GUI? If so can some kind sole guide me through the CLI to check and secure as I am not a linux guru :-)


I had a weird feeling that had happened to me, which was why I used the word probably in my first reply.
Weird. I can't explain it.

Maybe the samba password is separate from the main password?

Maybe the samba password is separate from the main password?It does have its own password file - under its private directory.

I think you can set per-share id/passwords under
Main Menu -> Setup -> Network -> Mounts -> Mount Manager

It's not installed on my et8000 and any attempt to find a CIFS file system there fails to connect to the network port. So if it's showing then it is installed and running.

What type of box can see the H7?

Are you running NFS (same section as Samba)?

These two telnet/putty commands will tell you if Samba or NFS is actually running...


root@vuultimo4k:~# ps -cef|grep -i smb
root 1693 1 TS 19 10:09 ? 00:00:00 /usr/sbin/smbd
root 1697 1693 TS 19 10:09 ? 00:00:00 /usr/sbin/smbd
root 1698 1693 TS 19 10:09 ? 00:00:00 /usr/sbin/smbd
root 1943 1903 TS 19 10:09 pts/0 00:00:00 grep -i smb
root@vuultimo4k:~# ps -cef|grep -i nfs
root 516 2 TS 39 10:08 ? 00:00:00 [nfsiod]
root 1634 2 TS 19 10:09 ? 00:00:00 [nfsd]
root 1635 2 TS 19 10:09 ? 00:00:00 [nfsd]
root 1636 2 TS 19 10:09 ? 00:00:00 [nfsd]
root 1637 2 TS 19 10:09 ? 00:00:00 [nfsd]
root 1638 2 TS 19 10:09 ? 00:00:00 [nfsd]
root 1639 2 TS 19 10:09 ? 00:00:00 [nfsd]
root 1640 2 TS 19 10:09 ? 00:00:00 [nfsd]
root 1641 2 TS 19 10:09 ? 00:00:00 [nfsd]
root 1951 1903 TS 19 10:09 pts/0 00:00:00 grep -i nfs
root@vuultimo4k:~#
Hi ccs, Thanks for that.

I can access the shares from both a fresh install of Windows 10 (so no SMB1) and from Linux Mint Live - with Mint I cannot browse the box for shares but I can manually specify network://ZGEMMAH7/Harddisk and get in if I enter the password I specified on the password box under Setup>Network>Password in the OpenVIX menus. In Windows it just seems to let me in without having to enter any password.

Since I set the password up what has changed (for the good on Windows) if that if I try to FTP or telnet to the box I have to use the password I set in the menu's to gain access now so the password is working for them.

Now... bear with me here...
On Windows I just see ZGEMMAH7 in the network browse window and can double click it and see the two shares Root and Harddisk and can access them anonymously
On Mint I can go to Network in the nemo and I see: ZGEMMAH7 and zgemmah7 and "FTP File Server on zgemmah7" and "Windows Network"

If I double click the ZGEMMAH7 I get nothing displayed in the contents window but I can append the share name to the end SMB://zgemmah7.local/Harddisk and then select "Registered User" and then enter root as the user any my password and domain local and get access to the share.
If I double click the zgemmah7 I get the password prompt and if I enter the password I get permission denied (as I assume its using the linux mint user ID)

The output of the commands above for me are as follows:
61894

Curioser and curioser

It does have its own password file - under its private directory.

I think you can set per-share id/passwords under
Main Menu -> Setup -> Network -> Mounts -> Mount Manager

It's not installed on my et8000 and any attempt to find a CIFS file system there fails to connect to the network port. So if it's showing then it is installed and running.

Hi, My Mount Manager screen is empty:

61895

You have a h7 with multiboot, so you can keep the current image (in slot 1 I assume).
If you do a settings backup (Menu/Setup/ViX/Backup settings . ensure its saved on hdd or usb(menu button)), flash the latest image online to a spare slot using ImageManager and on re boot restore the settings backup, the new image should be same as old image as far as settings are concerned...... except you need to set a password as required by 5.4
If you are not happy you can long press power button and go to MultiBoot Image Selector and select the old image and reboot.

So you can always keep the old image until you are happy with new image version

Thanks for that. I guess when I have more time and the wife is at work I might have to do that.
Problem is that I have modifies the EPG files to the way I like them and if I upgrade I will get he new EPG py code and operation and the two are mutually exclusive. I would have to do all of that again or unpick my changes and reincorporate the changes I want that are not in the new code as well as some skin changes that I made to give the look I wanted. It's all setup just nice and I know it will open up a world of work for me.

Are you (we) us saying that the 5.4 release had some changes to fix a security loophole and that 5.3 is basically insecure from the SMB point of view? Okay granted its only on my own LAN and not on the WAN so its not a biggie but it would be good to know so that any visitors are warned not to tit about with the files and folders under those shares when they are in bed and bored and fiddling about with their laptops.
:-)