Siutsch 9 Posted March 5, 2020 Posted March 5, 2020 A fundamental question about security, especially because of the current problems caused by the so-called Emotet Trojan:I use the emby server under Windows10 on the same PC where my Kodi Client is installed.The data is stored on a Synology NAS.Under Windows direct, I did not set up network drives directly on this PC, but use the UNC paths for the libraries, e.g. \\IP\Share\folder\...Since emby does not allow you to specify credentials, the logged in Windows user must have access to this shares on the NAS.In case of a Trojan infestation of the PC, especially Emotet should have no problems with encrypting the complete data on the NAS with these read/write rights, even if the network drives have not been assigned directly under Windows.It would be much safer if the access is not done with the logged in Windows user, but with another user whose credentials have to be transferred in emby.According to my understanding, a Trojan infestation of the PC should then no longer be able to access the data directly from the operating system and possibly compromise them.So is it possible to transfer access data to network drives as well?Thanks a lot.
Luke 38807 Posted March 5, 2020 Posted March 5, 2020 Hi, we don't currently have a way of allowing you to enter credentials into Emby Server. Is that what you're asking or is this a more general question?
Siutsch 9 Posted March 5, 2020 Author Posted March 5, 2020 I know, that emby has actually no way of allowing to enter credentials.I tried to explain why I think this is important, especially when emby is used on Windows. So I would like to know, if there are any plans to integrate it, or if the effort for it is even manageable.Thank you.
Luke 38807 Posted March 5, 2020 Posted March 5, 2020 Couldn't you also run emby as a windows service with a dedicated windows user account that has limited privileges to only what is necessary?
Siutsch 9 Posted March 5, 2020 Author Posted March 5, 2020 Good idea.I haben't tried to test this, but I will do.Thank you. 1
RobWayBro 27 Posted March 5, 2020 Posted March 5, 2020 Couldn't you also run emby as a windows service with a dedicated windows user account that has limited privileges to only what is necessary? This is what I do. 1
Ponyo 22 Posted March 6, 2020 Posted March 6, 2020 But how does that work? You can't give folder permissions to a local Windows user on a Synology shared folder AFAIK and I suppose Windows ACL's don't work unless you are on a domain. You could give the NAS user only read permissions but that isn't exactly a practical solution as Emby won't be able to write anything to the media folders anymore so all your metadata will have to be stored locally which has its own downsides.
Siutsch 9 Posted March 6, 2020 Author Posted March 6, 2020 (edited) If the name and password of the Windows user is the same as that on the NAS, this will work. So it should also work if you add a matching user as a service at startup. If this user is not the same user that Windows uses when logging in, then the operating system should not have access to the NAS shares, which would increase security. I will test this.Is here an instruction how to start emby as a service (haven't looked for it yet ...)EDIT:Found it:https://emby.media/community/index.php?/topic/50992-how-to-run-emby-server-as-a-windows-service/ Edited March 6, 2020 by Siutsch
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now