Hide a share

Question

New  to isilon here. Is there a way to hide a SMB share from users, other than root/administrator? thanks

sluetze · Accepted Answer

Another thing, that helps (not with the share but with the content) is access based enumeration.
If you define the ACLs in a way, that only specific people can access that directory, ABE enables you to "hide" all content which is inaccessible for the user. This enables you to

a) don't give more informations about other directories to the user, which he can't access (which is no security at all, but helps you with the userquestions "hey why can't i access Project ABC? Something is broken"

b) increase user satisfaction, since it is really frustrating to navigate through directories without having access to half of the folders

So the only way to get it secure is using ACLs. Best is follow the best-practice of "whitelisting" and try not to use "blacklisting" (deny-ACLs). In combination with ABE and hidden shares you can deliver a secure (to a point..) and userfriendly environment.

crklosterman · Answer

Also keep in mind 1 key point here, which is that security by obscurity is not security at all.

crklosterman · Answer

As with any SMB Shares, you can hide the share by naming it with a `$` at the end. So a share called \\isilon1\financials, everyone could see if they browsed to \\isilon1\. If the share name was instead called \\isilon1\financials$ then just browsing to \\isilon1\ nobody would see it. That said this has zero effect on who can access the share, that is instead controlled by the SMB share permissions, and then subsequently if the user has rights to the share, access is controlled by the underlying filesystem permissions on disk.

Make Sense?

~Chris Klosterman

Principal SE, Datadobi

chris.klosterman@datadobi.com

Isilon

Hide a share

Was this post helpful?