Security issue with SMB mount sub folders under /homes

Windows Access Rights Management
Post Reply
christophe_y2k
New here
Posts: 3
Joined: Sat Feb 04, 2023 8:53 pm

Security issue with SMB mount sub folders under /homes

Post by christophe_y2k »

Hi,
have many LDAP users and groups.

When user login for the first time in web interface of QNAP QuTS hero h5.0.1.2277 that create a subfolder with username under /homes
ex: my user is "username1" after the first login system create "/homes/usernname1"
after another one ... system create "/homes/usernames2" etc... etc ... and that OK

But, for use SMB access to this folder under windows i mount \\NAS\home or \NAS\homes\username1 with login/password of username1
for can do that i need to set (R/W) [x] write right to the folder "/homes" if not i can't mount username1 a sub folder of /homes...

But the user can access to all other sub folders of /homes and this is a very big security issue for me...
one loged smb user can access to all other users home folder

What i do wrong ?
User avatar
Toxic17
Ask me anything
Posts: 6469
Joined: Tue Jan 25, 2011 11:41 pm
Location: Planet Earth
Contact:

Re: Security issue with SMB mount sub folders under /homes

Post by Toxic17 »

Is the user an admin on the NAS perhaps?
Regards Simon

Qnap Downloads
MyQNap.Org Repository
Submit a ticket • QNAP Helpdesk
QNAP Tutorials, User Manuals, FAQs, Downloads, Wiki
When you ask a question, please include the following


NAS: TS-673A QuTS hero h5.1.2.2534 • TS-121 4.3.3.2420 • APC Back-UPS ES 700G
Network: VM Hub3: 500/50 • UniFi UDM Pro: 3.2.9 • UniFi Network Controller: 8.0.28
USW-Aggregation: 6.6.61 • US-16-150W: 6.6.61 • 2x USW Mini Flex 2.0.0 • UniFi AC Pro 6.6.62 • UniFi U6-LR 6.6.62
UniFi Protect: 2.11.21/8TB Skyhawk AI • 3x G3 Instants: 4.69.55 • UniFi G3 Flex: 4.69.55 • UniFi G5 Flex: 4.69.55
christophe_y2k
New here
Posts: 3
Joined: Sat Feb 04, 2023 8:53 pm

Re: Security issue with SMB mount sub folders under /homes

Post by christophe_y2k »

Toxic17 wrote: Sat Feb 04, 2023 10:50 pm Is the user an admin on the NAS perhaps?
No, standard LDAP user
Post Reply

Return to “Windows”