Index visibility based on SMB Permissions

General discussion related to "Everything".
Post Reply
Hybred
Posts: 6
Joined: Thu Apr 11, 2019 12:55 pm

Index visibility based on SMB Permissions

Post by Hybred » Thu Apr 11, 2019 5:37 pm

Hello.

Love this tool, it's been a great asset for me. I'm trying to share an Index with a group of users who have varying permissions throughout the network. I have the central ETP server relaying the index perfectly over network shares. But now I'm coming into a question in regards to visibility and permissions.

Right now if I were to index a particular drive, the SMB permissions to even see certain files is not taken into consideration. Which makes sense given the way the Everything service is setup. The server sees everything, therefore it indexes everything. But since they due not have access they can't open the files. The filenames themselves they can see. Along with the location. This is not ideal. If a filename has a particularly sensitive name or location, I would prefer it not be pulled up in Everything at all unless they need to see it.

So I have two questions:

Is it possible to restrict visibility of items and their paths to those who don't have read access based on their user permissions?

or

Is it possible to establish connections with multiple ETP servers so I could setup one for each department, and then they could connect to each based on their permissions one time, and then have it connect to all the corresponding ETP servers?

Thank you!

void
Site Admin
Posts: 4717
Joined: Fri Oct 16, 2009 11:31 pm

Re: Index visibility based on SMB Permissions

Post by void » Fri Apr 12, 2019 1:49 am

Is it possible to restrict visibility of items and their paths to those who don't have read access based on their user permissions?
Currently no, Everything would need to index security IDs to make something like this possible.
I may add support for this in a future version of Everything.
Is it possible to establish connections with multiple ETP servers so I could setup one for each department, and then they could connect to each based on their permissions one time, and then have it connect to all the corresponding ETP servers?
Yes, please consider named instances.
Setup an ETP server for each unique named instance.

For example:
Everything.exe -instance "ETP User Group 1"
Setup this instance to index only D:\, W:\ and X:\
Set this instance to exclude D:\private, W:\sensitive info
Set a unique ETP server port from Tools -> Options -> ETP/FTP server -> Listen on port.
Enable the ETP server from Tools -> Options -> ETP/FTP Server -> Enable ETP/FTP server.

Everything.exe -instance "ETP User Group 2"
Setup this instance to index only D:\, Y:\ and Z:\
Set this instance to exclude D:\private, Y:\classified
Set a unique ETP server port from Tools -> Options -> ETP/FTP server -> Listen on port.
Enable the ETP server from Tools -> Options -> ETP/FTP Server -> Enable ETP/FTP server.

The downside to this is each ETP server will need to run on a unique port.

Hybred
Posts: 6
Joined: Thu Apr 11, 2019 12:55 pm

Re: Index visibility based on SMB Permissions

Post by Hybred » Mon Apr 15, 2019 1:26 pm

Thanks for the detailed response.

Requiring separate ports should be fine.

Question though, can a client connect TO multiple ETP servers? Ideally the user would connect to each Departments ETP server they need one time and it would just pull from all the ETP servers on load.

Also, if I wanted to deploy this to multiple users -- what do you recommend? Is there a base config file that I can inject into based on permission requirements?

Thank you.

void
Site Admin
Posts: 4717
Joined: Fri Oct 16, 2009 11:31 pm

Re: Index visibility based on SMB Permissions

Post by void » Wed Apr 17, 2019 12:03 am

Question though, can a client connect TO multiple ETP servers?
No, only one.
You could setup your ETP server to index any folder from Everything on the server -> Tools -> Options -> Folders -> Add folder...
Also, if I wanted to deploy this to multiple users -- what do you recommend?
You will need setup and copy your Everything.ini to your clients:
On one client, setup the desired settings, such as Home -> Index -> ETP Server to have clients auto connect to your ETP server.
Push out your Everything.ini to clients in %APPDATA%\Everything\Everything.ini

Hybred
Posts: 6
Joined: Thu Apr 11, 2019 12:55 pm

Re: Index visibility based on SMB Permissions

Post by Hybred » Wed Apr 17, 2019 1:38 pm

If I centralize all folders onto one ETP server, how do I separate visibility of sensitive information based on permissions? (Back to original question.)

NotNull
Posts: 1240
Joined: Wed May 24, 2017 9:22 pm

Re: Index visibility based on SMB Permissions

Post by NotNull » Wed Apr 17, 2019 3:34 pm

Short answer: Not possible.

There is just one set of credentials per ETP-Server. That means when you have access to the server, you can see all indexed files (that's not the same as beng able to access them).

Hybred
Posts: 6
Joined: Thu Apr 11, 2019 12:55 pm

Re: Index visibility based on SMB Permissions

Post by Hybred » Wed Apr 17, 2019 5:24 pm

That is what I figured. Just hopeful. :)

Thank you.

Post Reply