Skip to content

Samba Add-on: Emphasizes security note #7294

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Nov 1, 2018
Merged

Samba Add-on: Emphasizes security note #7294

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
3328e6d
Samba: Emphasizes security note
cstuder Oct 31, 2018
a41d239
Samba: Updates configuration syntax
cstuder Oct 31, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
83 changes: 69 additions & 14 deletions source/_addons/samba.markdown
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,11 @@ featured: true

This add-on allows you to set up a [Samba](https://samba.org/) server to access Hass.io folders using Windows network shares.

<p class='note warning'>
It is <strong>strongly recommended to set a username and password</strong>. By using guest mode, you expose your configuration and secrets to every user in local network.<br />
Also be careful when setting up port forwarding for remote access. If you don't restrict access by setting a username and password, your configuration could be exposed to the entire internet!
</p>

```json
{
"name": "hassio",
Expand All @@ -35,17 +40,67 @@ This add-on allows you to set up a [Samba](https://samba.org/) server to access
}
```

Configuration variables:

- **name** (*Optional*): Set netbios name of Hass.io device. Default is `hassio`.
- **workgroup** (*Optional*): Set network workgroup name. Default is `WORKGROUP`.
- **guest** (*Optional*): Allow login without a username or password. Default is `true`.
- **map** (*Optional*): Control which folders will be exposed. `config` shares the Home Assistant configuration folder. `addons` shares the local custom repository. `share` shares a folder that can be accessed by add-ons and Home Assistant. `backup` shares access to snapshot files. `ssl` shares certificate storage. Be careful with the `ssl` option! Defaults are all set to `true`, except for `ssl`.
- **username** (*Optional*): Username for logging in if guest login is not used.
- **password** (*Optional*): Password for `username`. An empty password is not supported.
- **interface** (*Optional*): Interface that will start the share. Normally this is `eth0` for ethernet wired connection and `wlan0` for wireless connection. If you are running on an Intel NUC this could also be `enp3s0` for ethernet or `wlp5s0` for wireless connection.
- **allow_hosts** (*Optional*): The hosts that are allowed to connect to your Samba server. By default it is limited to people within the same local network.

<p class='note warning'>
Be careful when setting up port forwarding to the remote access. If you don't restrict access by requiring authentication and guest access is enabled, your configuration could be exposed to the internet!
</p>
{% configuration %}
name:
description: Set netbios name of Hass.io device.
required: false
default: "`hassio`"
type: string
workgroup:
description: Set network workgroup name.
required: false
default: "`WORKGROUP`"
type: string
guest:
description: Allow login without a username or password.
required: false
default: true
type: boolean
map:
description: Control which folders will be exposed.
required: false
type: map
keys:
config:
description: The Home Assistant configuration folder
required: false
default: true
type: boolean
addons:
description: The local custom addons repository
required: false
default: true
type: boolean
share:
description: The folder that can be accessed by add-ons and Home Assistant
required: false
default: true
type: boolean
backup:
description: Access to snapshot files
required: false
default: true
type: boolean
ssl:
description: Certificate storage (Careful! Sharing is set to `false` by default)
required: false
default: false
type: boolean
username:
description: Username for logging in if guest login is not used.
required: false
type: string
password:
description: Password for `username`. An empty password is not supported.
required: false
type: string
interface:
description: Interface that will start the share. Normally this is `eth0` for ethernet wired connection and `wlan0` for wireless connection. If you are running on an Intel NUC this could also be `enp3s0` for ethernet or `wlp5s0` for wireless connection.
required: false
type: string
allow_hosts:
description: The hosts that are allowed to connect to your Samba server. By default it is limited to people within the same local network.
required: false
default: '`["10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"]`'
type: list
{% endconfiguration %}