view · edit · print · history

The NSLU2 supports the creation of hidden shares. This means that the share you create won't be visible from Network Neighbourhood but will exist and can be accessed.

Hidden shares are not truly hidden so do not rely on them as your only source of securing your environment. It is trivially easy via a Linux box to use smbclient to enumerate the hidden shares. For most home Windows environments this will be fine.

The process to create a hidden share is this:

  1. Create a share in the normal way using the Web interface (Administration -> Advanced -> Shares). A share may also have been created as part of adding a new user from the Administration -> Users web page.
  2. telnet / ssh to your NSLU2.
  3. vi /share/hdd/conf/share.info [or use your favourate text editor]
  4. Search for the line you wish to edit and add a $ at the end of the share name.

    For example, before editing:
    DISK=For everyone:/public/:administrators:7
    hidden=My hidden area:/hidden/:administrators:7

    After editing:
    DISK=For everyone:/public/:administrators:7
    hidden$=My hidden area:/hidden/:administrators:7
  5. Save the file and run the following command to force Samba to reload the shares:

  6. Browse your NSLU2 using Windows Explorer. You should not be able to view the share you created, and to access it remember to use the $ post-fix (e.g. in my example, \\NSLU2\hidden$ to get access)
  7. You will still be able to change the security of the share using the NSLU2 web interface.

**NOTE** This will not work when trying to hide ADMIN or DISK, as a "1" is added to the end these two when shared upon (re)starting samba.

Another way to hide shares in Network Neighbourhoodis to edit the file smb.conf, this way you can also hide the shares: ADMIN and DISK

For this you need Telnet access to the nslu2.

Open the file smb.conf with the the following command: vi /etc/samba/smb.conf

Find the following:

[ADMIN 1] valid users=@"administrators" comment= path=/share/hdd/data/ read only=yes write list=@"administrators"

Add the following line:

browsable = no

you can do the same with other shares you do not wish to see anymore. After this restart the samba service. You can still see these shares with the webinterface.

Chris Kantarjiev asks: Will the changes to /etc/samba/smb.conf survive a reboot? It seems that it is rebuilt during the boot process from files that are stashed in /share/hdd/conf/samba (or somewhere down there - there are many copies of smb.conf on an unslung slug...)

No, they won't survive a reboot! But you ca edit the smb.conf at start up with a Diversion-Script (see Diversion Script Information) and the command sed! (eg sed -i -e '/\[ADMIN\]/abrowsable=no' /etc/samba/smb.conf) Sorry 4 bad english!

One other way of making these changes and it surviving a reboot (share.info definately, not tried smb.conf) is to download the and edit the config file. Backup the config using the web GUI as normal. Open the config.bin which you have just saved using a compression utility (I used 7-Zip, it definately works), then navigate through the directory structure until you find the file you want to edit. Edit and upload back to your slug. It will reboot and your changes will have taken effect. I have successfuly used this process to edit share.info and CGI_ds.conf

Hiding the ADMIN and DISK shares

The easiest way I have found was to create/edit the file /etc/samba/user_smb.conf I simply added a section for an existing share containing "browsable=no". Copy the entire content of each share's section in /etc/samba/smb/conf into /etc/samba/user_smb.conf and add "browsable=no" to the end. This will survive a reboot!

view · edit · print · history · Last edited by pedxing.
Based on work by pedxing, slyhne, spankywetfish, jaku, Chris Kantarjiev, Mrhertog, tman, chi-zphpguicom, uSURPER, and Lennart.
Originally by uSURPER.
Page last modified on July 16, 2007, at 01:25 PM