Often times, Qumulo users are required to not only restrict access to file shares to a specific groups of users, but they also need the ability to hide the file shares altogether from unauthorized users. This could be due to compliance or security reasons, which might require an organization to separate the files belonging to different departments or subsidiaries. Or, it could be because there are you have multiple customers accessing your file system and you want to keep their files separated and secure from each other.
Here, we will show you how to accomplish that with SMB Shares in a Qumulo cluster. We will assume that you already have created an SMB share on your Qumulo cluster and somehow restricted the access to those shares to the users or groups that make sense for your scenario.
Creating SMB shares and giving permissions to specific users and groups is very easy in Qumulo’s file storage system. If you would like additional info about creating SMB Shares and SMB Share Permissions, the following two articles should be helpful here:
For users and groups, you can join the Qumulo cluster to an Active Directory (using Web GUI or CLI) and give the permissions to the specific group(s) or user(s) in the Active Directory.
You can also grant local users and groups these permissions (using web GUI or CLI).
Hiding the share from the unauthorized users
Once you have the SMB shares and permissions set up, SSH into your Qumulo cluster and run the following QQ CLI command to hide the shares from unauthorized users:
qq smb_modify_settings --hide-shares-from-unauthorized-users true
That’s all you need to do!
You can test it as a user from a Windows client machine by trying to navigate to the cluster host IP or FQDN. You will see that only the authorized shares for the user are listed. You can also test it by going to command prompt and typing:
net view <host ip or host fqdn>
From Mac client, you can test by listing the SMB shares in terminal:
smbutil view //<user>@<cluster host name or ip>
You will see that this lists only the shares that the user has access to.
Summary
As you can see, it’s very simple to hide the SMB file shares from unauthorized users. This feature is very handy when you need to securely separate the data of one business unit, department, or client from others in the same Qumulo cluster.
We hope you find this guide useful. It would be great to hear from you on how this helped your use case or if you have any follow up questions. Contact us here!
