[Samba] Friendly Reminder: Huge number of small files performance regression from 3.5.16 to 4.6.5 with identical smb.conf

[Andrew Walker]

Andreas,

A few thoughts regarding your system
1) If it's a home system and you're specifically concerned about mitigating
CVE 2017-7494, (a) verify that your share isn't mounted 'noexec' - if it's
mounted this way then you're safe (b) if not (a), then add the [global]
parameter "nt pipe support = no". This will break functionality that relies
on support for named pipes, but downloading / uploading files should still
work normally.

2) If you need to use Samba 4.6.5, try starting with a minimal smb.conf
with logging turned up. Then review your samba logs. Note that setting log
level to "10' will probably be more verbose than you want. Choose an
appropriate level. Here's one from on of my testing machines. :

[global]
   guest account = awalker
   map to guest = Bad User
   log level = 10

[Donkey Vol]
   path = "/mnt/Donkey/Vol1"
   writeable = yes
   vfs objects = zfs_space
   guest ok = yes
   guest only = yes

3) The last firmware update looks like it was from 2014. You're probably
vulnerable to a lot more than just that single Samba CVE. If this is in a
business environment, perhaps look into migrating to a new appliance /
server that's not EOL.

If it's a home environment, and you like to tinker with things look for
guides on installing stock Debian on the Thecus (it looks the Thecus has
x86 hardware and an IDE DOM), and then adding Louis's Samba repo /
installing the package. I did this with an old WD MyCloud about a year or
so ago, and was much happier with the system afterwards. It's hackish, but
can be a fun side-project.

Andrew