Basic system security

[asl]

I recently posted to the Backup and Data Protection forum about restricting access to files and folders at the operation system level, instead of on Windows-Share level.

Since there was no feedback there, I'd like to bring up the topic as a feature request.
Basically I'd like to

• prevent apps running on the NAS to read all my files
• prevent apps running on the NAS to write or delete all my files
• prevent apps running on the NAS to erase the entire NAS

Apps should

• run under their own uid, in particular not as root
• have read-only access to the NAS OS
• be given selective access to shares, e.g. by using ACL permissions

That way e.g. media servers can access the music and video library, but not private Office documents.

Even one step further one could use linux containers to create virtual environments for every app.

I'd hate to see crypto trojans taking over the entire NAS.

[liefde]

Yes, it's really horribly insecure. Some apps don't even offer any access control, let alone SSL/TLS over the webservers they use.
And I still wonder why they don't just allow other OSs to be installed on their hardware, just any debian based option is better than the weirdness galore that is ADM. Like they make any money on all their ADM or something. Silly corporate decisions, obviously.
Because I would gladly run OpenMediaVault on my AS604T. It's so much more evolved and secure.

Now I'm forced to use only 10% of the Asustor (namely it's RAID storage via NFS) and have an OVM (OpenMediaVault) running on a RaspBerry Pi 3 nearby.

[father.mande]

Hi,

My 2 cents ...

1 Openmediavault ... can be a solution if you accept to be based on a distribution now obsolete (even in term of security patch) and not supporting some kind of software (mediavault is based on Debian Wheezy nor current Jessie) BUT the concept is clearly one of the best (ref. Core paragraph of Features in official openmediavault web site) .

2 using A.C.L. Linux can be a solution (even you have to manage it yourself using getfacl and setfacl) to have a better approach for Linux (only) environment
... BUT for a mixed environment with Windows users ... Windows A.C.L. is available and can clearly solve access management from any Windows users to your data

3 I agree with the fact that Applications able to run at user level can be launch under a specific user ... for my own APKG like hx-engine ... all is started under a user and not under root
... BUT Asustor is a little more better than other NAS provider ... because admin is NOT root ... so partially this help
BUT AT ALL lot of services need and can be start ONLY by root ... so "apps run under their own UID" is correct or not depending of each application or services

4 you must also delimit the content of "have read only access to the NAS O.S." ...
... for a part it's true ... BUT now a part of the structure is rebuild at each boot ... and other part MUST be accessible by root (and only by root) as in any Linux distribution ...
... remember that in lot of Linux distribution ... install need to be root ... so we return to previous point ... keep root but limit drastically his usage ...

5 .... always returning to root rules v.s. user rules for managing application access (but as before which application ?)

Security is important ... but also requirement are not the same depend of the users and the usage of a NAS
... so if I totally agree for some increase (like proposed Linux A.C.L.) ... and (step by step) application without root request ... step by step because it's easy to said this ... but not to implement this ... can move to be run under a user
... I also think that "easy" start and access can be keep for users without knowledge ...

AT end ... just remember than 90%+ of the security issues are from user itself (you, me, all) ... none from the system itself ... and you can have the best "lockbox" if you let hang the code or key or use your pets name or children first name all the software protection ... will be "no value" ...

Philippe.