Hello Guest, if you are reading this it means you have not registered yet. Please take a second, Click here to register, and in a few simple steps you will be able to enjoy our community and use our OpenViX support section.
Results 1 to 11 of 11

Thread: Filesystem of hard disk in H7 is open on the network - What did I do

  1. #1

    Title
    Senior Member
    Join Date
    Nov 2019
    Posts
    221
    Thanks
    28
    Thanked 15 Times in 14 Posts

    Question Filesystem of hard disk in H7 is open on the network - What did I do

    Hi All,

    A quickie question. I was doing some browsing on my network at home today (while setting up a home NAS box) and I noticed that I can see the ZGEMMA box and two shares underneath:

    2021-04-15 19_36_42-ZGEMMAH7.png

    It's been a while since I set the box up and I have gotten a bit rusty as I have just been using it for its intended purpose for about 1 year with no tweaking). I suspect that I may have inadvertently shared out the main FS (twice) as I was doing my setup way back when but I can't remember what I need to do to secure the system again on the network. I'm not worried for myself but I worry that some little fingers might accidentally delete some files inside the critical system folders. I just wanted to check:

    1. Where do I see these shares in the GUI
    2. Should I remove them (would it cause other things to break?)
    3. If 2. is "no" then should I (can I) set up some security to prevent accidental messing

    what should be publicly visible on the LAN from the OpenVix box??

    Thanks
    Paul

  2. #2
    BrokenUnusableAccount
    As far as I know this is normal and if you set a password for Telnet, SSH and FTP on your H7 the shares should only be accessible with that password.
    To set a password see: https://www.world-of-satellite.com/s...l=1#post503909

    Also I think the shares probably won't be accessible from Windows if you uninstall (or disable) the samba plug-in, but I'm a little puzzled that it was loaded without you knowing but perhaps it's loaded by default.

  3. #3

    Title
    Member
    Join Date
    May 2018
    Posts
    55
    Thanks
    11
    Thanked 7 Times in 4 Posts
    As I know, password is mandatory in Openvix 5.4, so any possible unwanted network access would be denied without entering login and password. Also, samba is not installed by default. I must update packages in a fresh Openvix installation to be able to install and run Samba. So I believe you have no problem with sharing.

  4. #4

    Title
    Senior Member
    Join Date
    Nov 2019
    Posts
    221
    Thanks
    28
    Thanked 15 Times in 14 Posts
    Quote Originally Posted by Clemente View Post
    As I know, password is mandatory in Openvix 5.4, so any possible unwanted network access would be denied without entering login and password. Also, samba is not installed by default. I must update packages in a fresh Openvix installation to be able to install and run Samba. So I believe you have no problem with sharing.
    hi,

    thanks for both replies.

    So more checking.

    I am running 5.3.019 and don't really want to upgrade just now as I did lots of setup and tweaks that I would need time to get to the bottom of to reincorporate them into the latest release.

    Checked and when I go into the options to install samba it suggests that it will install it which suggests it is not currently installed:

    2021-04-16 09_10_31-Zgemma H7 - OpenWebif - Personal - Microsoft​ Edge.png

    Next, I looked at the password option and the screen is presented to "change password" so I did that to a random password and rebooted.


    Bizarrely - I could still access the shares anonymously even though I don't think SAMBA is installed explicitly and I set a random password.

    Most odd! Could I have somehow installed SAMBA at the command line (and forgotten I did it as I did a lot of things when starting out) and it does not show up as installed in the GUI? If so can some kind sole guide me through the CLI to check and secure as I am not a linux guru :-)

    I'm really happy with the setup apart from this and am loathed to upgrade it or reinstall it for the fear of spending days tweaking the GUI to the way I like (EPG) and all the other crap that needs handholding like the EPG download process etc.


    thanks
    Paul

  5. #5
    ccs's Avatar
    Title
    ViX Beta Tester
    Join Date
    Sep 2014
    Posts
    5,836
    Thanks
    554
    Thanked 1,276 Times in 1,089 Posts
    What type of box can see the H7?

    Are you running NFS (same section as Samba)?

    These two telnet/putty commands will tell you if Samba or NFS is actually running...

    Code:
    root@vuultimo4k:~# ps -cef|grep -i smb
    root      1693     1 TS   19 10:09 ?        00:00:00 /usr/sbin/smbd
    root      1697  1693 TS   19 10:09 ?        00:00:00 /usr/sbin/smbd
    root      1698  1693 TS   19 10:09 ?        00:00:00 /usr/sbin/smbd
    root      1943  1903 TS   19 10:09 pts/0    00:00:00 grep -i smb
    root@vuultimo4k:~# ps -cef|grep -i nfs
    root       516     2 TS   39 10:08 ?        00:00:00 [nfsiod]
    root      1634     2 TS   19 10:09 ?        00:00:00 [nfsd]
    root      1635     2 TS   19 10:09 ?        00:00:00 [nfsd]
    root      1636     2 TS   19 10:09 ?        00:00:00 [nfsd]
    root      1637     2 TS   19 10:09 ?        00:00:00 [nfsd]
    root      1638     2 TS   19 10:09 ?        00:00:00 [nfsd]
    root      1639     2 TS   19 10:09 ?        00:00:00 [nfsd]
    root      1640     2 TS   19 10:09 ?        00:00:00 [nfsd]
    root      1641     2 TS   19 10:09 ?        00:00:00 [nfsd]
    root      1951  1903 TS   19 10:09 pts/0    00:00:00 grep -i nfs
    root@vuultimo4k:~#
    Last edited by ccs; 16-04-21 at 10:11.

  6. #6
    twol's Avatar
    Title
    Moderator
    Join Date
    Apr 2012
    Posts
    8,383
    Thanks
    987
    Thanked 2,888 Times in 2,243 Posts
    You have a h7 with multiboot, so you can keep the current image (in slot 1 I assume).
    If you do a settings backup (Menu/Setup/ViX/Backup settings . ensure its saved on hdd or usb(menu button)), flash the latest image online to a spare slot using ImageManager and on re boot restore the settings backup, the new image should be same as old image as far as settings are concerned...... except you need to set a password as required by 5.4
    If you are not happy you can long press power button and go to MultiBoot Image Selector and select the old image and reboot.

    So you can always keep the old image until you are happy with new image version
    Last edited by twol; 16-04-21 at 10:40.
    Gigablue Quad 4K & UE 4K
    .........FBC Tuners:
    ------------------> DUR-Line DCR 5-1-8-L4 Multiswitch to 1.5M dish(28.2E)
    ------------------> Spaun SUS 5581/33 NFA Multiswitch to 80 cm dish(19.2E)
    .......................> FBC & DVB-S2X into 90cm dish (27.5W) Opticum robust Unicable LNB
    AX HD61, Edision Osmio 4K+, Zgemma H9Combo, Octagon SF8008 , gbtrio4k, h9se using Legacy ports on multiswitches
    Zgemma H9 C/S into Giga4K

  7. #7
    BrokenUnusableAccount
    Quote Originally Posted by smipx View Post
    Bizarrely - I could still access the shares anonymously even though I don't think SAMBA is installed explicitly and I set a random password.

    Most odd! Could I have somehow installed SAMBA at the command line (and forgotten I did it as I did a lot of things when starting out) and it does not show up as installed in the GUI? If so can some kind sole guide me through the CLI to check and secure as I am not a linux guru :-)
    I had a weird feeling that had happened to me, which was why I used the word probably in my first reply.
    Weird. I can't explain it.

    Maybe the samba password is separate from the main password?

  8. #8
    birdman's Avatar
    Title
    Moderator
    Join Date
    Sep 2014
    Location
    Hitchin, UK
    Posts
    7,771
    Thanks
    235
    Thanked 1,656 Times in 1,305 Posts
    Quote Originally Posted by BefuddledBrian View Post
    Maybe the samba password is separate from the main password?
    It does have its own password file - under its private directory.

    I think you can set per-share id/passwords under
    Main Menu -> Setup -> Network -> Mounts -> Mount Manager

    It's not installed on my et8000 and any attempt to find a CIFS file system there fails to connect to the network port. So if it's showing then it is installed and running.
    MiracleBox Prem Twin HD - 2@DVB-T2 + Xtrend et8000 - 5(incl. 2 different USBs)@DVB-T2[terrestrial - UK Freeview HD, Sandy Heath] - LAN/USB-stick/HDD

  9. The Following 2 Users Say Thank You to birdman For This Useful Post:

    BrianG61UK (12-11-23)

  10. #9

    Title
    Senior Member
    Join Date
    Nov 2019
    Posts
    221
    Thanks
    28
    Thanked 15 Times in 14 Posts
    Quote Originally Posted by ccs View Post
    What type of box can see the H7?

    Are you running NFS (same section as Samba)?

    These two telnet/putty commands will tell you if Samba or NFS is actually running...

    Code:
    root@vuultimo4k:~# ps -cef|grep -i smb
    root      1693     1 TS   19 10:09 ?        00:00:00 /usr/sbin/smbd
    root      1697  1693 TS   19 10:09 ?        00:00:00 /usr/sbin/smbd
    root      1698  1693 TS   19 10:09 ?        00:00:00 /usr/sbin/smbd
    root      1943  1903 TS   19 10:09 pts/0    00:00:00 grep -i smb
    root@vuultimo4k:~# ps -cef|grep -i nfs
    root       516     2 TS   39 10:08 ?        00:00:00 [nfsiod]
    root      1634     2 TS   19 10:09 ?        00:00:00 [nfsd]
    root      1635     2 TS   19 10:09 ?        00:00:00 [nfsd]
    root      1636     2 TS   19 10:09 ?        00:00:00 [nfsd]
    root      1637     2 TS   19 10:09 ?        00:00:00 [nfsd]
    root      1638     2 TS   19 10:09 ?        00:00:00 [nfsd]
    root      1639     2 TS   19 10:09 ?        00:00:00 [nfsd]
    root      1640     2 TS   19 10:09 ?        00:00:00 [nfsd]
    root      1641     2 TS   19 10:09 ?        00:00:00 [nfsd]
    root      1951  1903 TS   19 10:09 pts/0    00:00:00 grep -i nfs
    root@vuultimo4k:~#
    Hi ccs, Thanks for that.

    I can access the shares from both a fresh install of Windows 10 (so no SMB1) and from Linux Mint Live - with Mint I cannot browse the box for shares but I can manually specify network://ZGEMMAH7/Harddisk and get in if I enter the password I specified on the password box under Setup>Network>Password in the OpenVIX menus. In Windows it just seems to let me in without having to enter any password.

    Since I set the password up what has changed (for the good on Windows) if that if I try to FTP or telnet to the box I have to use the password I set in the menu's to gain access now so the password is working for them.

    Now... bear with me here...
    On Windows I just see ZGEMMAH7 in the network browse window and can double click it and see the two shares Root and Harddisk and can access them anonymously
    On Mint I can go to Network in the nemo and I see: ZGEMMAH7 and zgemmah7 and "FTP File Server on zgemmah7" and "Windows Network"

    If I double click the ZGEMMAH7 I get nothing displayed in the contents window but I can append the share name to the end SMB://zgemmah7.local/Harddisk and then select "Registered User" and then enter root as the user any my password and domain local and get access to the share.
    If I double click the zgemmah7 I get the password prompt and if I enter the password I get permission denied (as I assume its using the linux mint user ID)

    The output of the commands above for me are as follows:
    2021-04-16 16_03_08-Window.png

    Curioser and curioser

  11. #10

    Title
    Senior Member
    Join Date
    Nov 2019
    Posts
    221
    Thanks
    28
    Thanked 15 Times in 14 Posts
    Quote Originally Posted by birdman View Post
    It does have its own password file - under its private directory.

    I think you can set per-share id/passwords under
    Main Menu -> Setup -> Network -> Mounts -> Mount Manager

    It's not installed on my et8000 and any attempt to find a CIFS file system there fails to connect to the network port. So if it's showing then it is installed and running.
    Hi, My Mount Manager screen is empty:

    2021-04-16 16_06_44-Window.png

  12. #11

    Title
    Senior Member
    Join Date
    Nov 2019
    Posts
    221
    Thanks
    28
    Thanked 15 Times in 14 Posts
    Quote Originally Posted by twol View Post
    You have a h7 with multiboot, so you can keep the current image (in slot 1 I assume).
    If you do a settings backup (Menu/Setup/ViX/Backup settings . ensure its saved on hdd or usb(menu button)), flash the latest image online to a spare slot using ImageManager and on re boot restore the settings backup, the new image should be same as old image as far as settings are concerned...... except you need to set a password as required by 5.4
    If you are not happy you can long press power button and go to MultiBoot Image Selector and select the old image and reboot.

    So you can always keep the old image until you are happy with new image version
    Thanks for that. I guess when I have more time and the wife is at work I might have to do that.
    Problem is that I have modifies the EPG files to the way I like them and if I upgrade I will get he new EPG py code and operation and the two are mutually exclusive. I would have to do all of that again or unpick my changes and reincorporate the changes I want that are not in the new code as well as some skin changes that I made to give the look I wanted. It's all setup just nice and I know it will open up a world of work for me.

    Are you (we) us saying that the 5.4 release had some changes to fix a security loophole and that 5.3 is basically insecure from the SMB point of view? Okay granted its only on my own LAN and not on the WAN so its not a biggie but it would be good to know so that any visitors are warned not to tit about with the files and folders under those shares when they are in bed and bored and fiddling about with their laptops.
    :-)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
This website uses cookies
We use cookies to store session information to facilitate remembering your login information, to allow you to save website preferences, to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners.