Hey there,
I have been contracted to build a new PC for a colleague of my mother. He has a QNAP NAS. Can you think of a way to mount the NAS as a Network drive in read only mode while being able to write data to it in some other way.
The goal is to further cryptolocker-proof the system. The NAS is seldom written to. I've only worked with Synology so far and do not have access to a QNAP to test. That's why I'm asking.
you could create folder permissions to restrict the user from the rest of the drive but that is the only way i could think of.
http://docs.qnap.com/nas/4.2/SMB/en/index.html?share_folders.htm
https://wiki.qnap.com/wiki/Subfolder_Permissions
those may help
Only way to do that would be to use different users in the same group for this.
Does he run windows, if so it would require some trickery since the M$ driver stack does not support
using network mount points for different user from the same machine(yea lets all point fingers and laugh really... they didn't even update the error message until windows 10.........)
not without logging in and out etc. to different users on the "client" machine.
If he uses linux it's a fairly simple matter, simply mount the drive using different credentials and voila your up and running.
@Garfield Does the QNAP have a USB port for direct USB upload?
Just thinking an external USB drive could be used for uploading to the box in a pretty user friendly way?
So SMB read only to read from NAS, writing new docs to the USB, then occasionally uploading them?
Means the portable USB drive becomes a risk/liability for lost files, but only a few files rather than the whole box?
I have an old laptop as network storage. Use sftp and ssh. If you have ssh enabled then you can use sftp.
https://wiki.qnap.com/wiki/How_to_SSH_into_your_QNAP_device
You could use cyberduck, mountain duck, or linux has it built in.
um, just wondering how this enables the OP's client's mother to use a system without hassle, but not open a phishing email and bring the QNAP NAS and the entire network to it's knees... I might be mis-reading at 02:11 am however...
@Lauritzen
It's Windows. For Linux I'd just written him a mount and unmount script. But the Crypto-Trojan danger is not that great under Linux.
@Trooper_ish
Yes it does. But it's hidden away in the cellar, three stories from the office and behind a fire-proof door (I wish I was joking, the powerline connection barely pulls 50 Mbit).
@LiquidMeson
That's probably my best bet. I know of the top of my head that Clonezilla supports SSH (or SFTP for that matter).
This might be the winning hint.
@Trooper_ish
My mother's colleague. A history and religion teacher.
My wishful thinking for the setup was: Read-Only Windows Network Drive and Writing files via some other way. Because: A cryptolocker will encrypt network drives that the machine can write to but probably will not randomly launch applications and try to enable SSH or FTP connections over the network.
Thanks for all the answers @all.