Hello,
I’ve been setting up Datasets with the SMB preset, including setting the owner and group on creation. The SMB shares behave exactly as expected, as far as which users have the ability to mount them.
However, even when I enable Access Based Share Enumeration (ABSE) in the share settings, any user that connects to the server via SMB can see all the active shares, even the ones that they don’t have access to that should be hidden via SMB ABSE.
I’ve done some research on this the last two days, and apparently I separately and additionally configure the SMB ACL, and not just the dataset ACL. See: Managing SMB Shares | TrueNAS Documentation Hub
Apparently, the default per-share SMB ACL allows any user to to have full access to any share, including read/write (?!) and enumeration, and depends on the ZFS dataset ACLs to actually impose restrictions?
At least, that’s how I’m interpreting the default settings below:
Intuitively, it feels like enabling ABSE should automatically adjust the SMB ACL (otherwise the checkbox has no effect unless the user manually adjusts the SMB ACL), which makes me think I’m missing something.
I wanted to double-check here that I actually have to do this for every share that I want to use ABSE with.
Thanks!