Hello everyone!!!
I have migrated from truenas core to scale, in the previous version I had an AD synchronized with users and groups, in shared folders. When logged in with a specific user, he could only see his folder; the remaining users’ folders were not visible. but in truenas scale I see all the users’ folders although they can only access their folder.
My strcture on the poll:
Pool 1
archivos (smb share)
|___ juan
|___ omar
|___ pepe
I repeat the same settings that core, just one missing thing, in truenas core a can set a homelad/users on the @owner but this config dont appear in scale.
I’m still learning about truenas and all about linux permission, so i think i miss something here.
I think what you are looking for is in the share settings you need to check the “Access Based Share Enumeration” box which limits visibility based on permissions. It’s off by default.
I only share via smb the parent dataset (archivos), the childs dataset (Juan,Omar,pepe) only select smb when i created this dataset. I don’t shares those folders.
Wtb sorry for my english.
If you enable ‘Access Based Share Enumeration’ on the smb share settings, it should hide folders that the user does not have access to (this included subfolders of the share)
So then I must be doing something wrong, maybe in permissions. In this smb share folder I set in the acl the group homeland/domains user with read permission. If I quit this permission then how those user can access to the folder?
Pool datasets
– archivos (smb share with acl: group: homeland/domain user->read)
|____ Juan
|____ Omar
|____ pepe
For clarification I enable “Access Based Share Enumeration” on the dataset archivos Wich is the parent dataset. And its the only one that I share via smb.
When you recursively applied the new permissions to archivos, it looks like you gave the whole group modify rights to each directory. That’s probably why everyone who’s a member of that group can see everyone else’s share.
It sounds like you want each dataset under archivos to prohibit access to the group. The normal Unix permissions for that would be 700 for each dataset under the parent.
In my parent dataset “archivos” I set a ACL to group domain/users that don’t belong to the user admis.
And follow ur suggestion how set to child dataset the 700 since those are smb type when I created it. Like I said above I just set up all this on truenas core and work fine, not when doing in scale.
Note: if I have a smb share, all the childs dataset must have the same type of share???
Yeah, you’re absolutely right. TrueNAS uses ACLs instead of Unix permissions for SMB shares because they map more cleanly to Windows permissions.
From the shell, you can run getfacl /path/to/archivos to see the ACLs listed out. Do that for each of the child directories and maybe you’ll see something out of place.
I just checked my similar setup and the parent directory is owned by a local user and group and it shows the no_propagate flag for group@, but I’m still running Core, however, and FreeBSD’s version of setfacl works differently from Linux’s version.
Thanks for reply, tonight I will put together all yours suggestions and make some researchs to find the solution. I hope!!!
Any docs to read about.?
I really like truenas and trying to get deeper and create more complex scenarios this is the only way to learn.
