Page 1 of 1

Index visibility based on SMB Permissions

Posted: Thu Apr 11, 2019 5:37 pm
by Hybred
Hello.

Love this tool, it's been a great asset for me. I'm trying to share an Index with a group of users who have varying permissions throughout the network. I have the central ETP server relaying the index perfectly over network shares. But now I'm coming into a question in regards to visibility and permissions.

Right now if I were to index a particular drive, the SMB permissions to even see certain files is not taken into consideration. Which makes sense given the way the Everything service is setup. The server sees everything, therefore it indexes everything. But since they due not have access they can't open the files. The filenames themselves they can see. Along with the location. This is not ideal. If a filename has a particularly sensitive name or location, I would prefer it not be pulled up in Everything at all unless they need to see it.

So I have two questions:

Is it possible to restrict visibility of items and their paths to those who don't have read access based on their user permissions?

or

Is it possible to establish connections with multiple ETP servers so I could setup one for each department, and then they could connect to each based on their permissions one time, and then have it connect to all the corresponding ETP servers?

Thank you!

Re: Index visibility based on SMB Permissions

Posted: Fri Apr 12, 2019 1:49 am
by void
Is it possible to restrict visibility of items and their paths to those who don't have read access based on their user permissions?
Currently no, Everything would need to index security IDs to make something like this possible.
I may add support for this in a future version of Everything.
Is it possible to establish connections with multiple ETP servers so I could setup one for each department, and then they could connect to each based on their permissions one time, and then have it connect to all the corresponding ETP servers?
Yes, please consider named instances.
Setup an ETP server for each unique named instance.

For example:
Everything.exe -instance "ETP User Group 1"
Setup this instance to index only D:\, W:\ and X:\
Set this instance to exclude D:\private, W:\sensitive info
Set a unique ETP server port from Tools -> Options -> ETP/FTP server -> Listen on port.
Enable the ETP server from Tools -> Options -> ETP/FTP Server -> Enable ETP/FTP server.

Everything.exe -instance "ETP User Group 2"
Setup this instance to index only D:\, Y:\ and Z:\
Set this instance to exclude D:\private, Y:\classified
Set a unique ETP server port from Tools -> Options -> ETP/FTP server -> Listen on port.
Enable the ETP server from Tools -> Options -> ETP/FTP Server -> Enable ETP/FTP server.

The downside to this is each ETP server will need to run on a unique port.

Re: Index visibility based on SMB Permissions

Posted: Mon Apr 15, 2019 1:26 pm
by Hybred
Thanks for the detailed response.

Requiring separate ports should be fine.

Question though, can a client connect TO multiple ETP servers? Ideally the user would connect to each Departments ETP server they need one time and it would just pull from all the ETP servers on load.

Also, if I wanted to deploy this to multiple users -- what do you recommend? Is there a base config file that I can inject into based on permission requirements?

Thank you.

Re: Index visibility based on SMB Permissions

Posted: Wed Apr 17, 2019 12:03 am
by void
Question though, can a client connect TO multiple ETP servers?
No, only one.
You could setup your ETP server to index any folder from Everything on the server -> Tools -> Options -> Folders -> Add folder...
Also, if I wanted to deploy this to multiple users -- what do you recommend?
You will need setup and copy your Everything.ini to your clients:
On one client, setup the desired settings, such as Home -> Index -> ETP Server to have clients auto connect to your ETP server.
Push out your Everything.ini to clients in %APPDATA%\Everything\Everything.ini

Re: Index visibility based on SMB Permissions

Posted: Wed Apr 17, 2019 1:38 pm
by Hybred
If I centralize all folders onto one ETP server, how do I separate visibility of sensitive information based on permissions? (Back to original question.)

Re: Index visibility based on SMB Permissions

Posted: Wed Apr 17, 2019 3:34 pm
by NotNull
Short answer: Not possible.

There is just one set of credentials per ETP-Server. That means when you have access to the server, you can see all indexed files (that's not the same as beng able to access them).

Re: Index visibility based on SMB Permissions

Posted: Wed Apr 17, 2019 5:24 pm
by Hybred
That is what I figured. Just hopeful. :)

Thank you.