Hi everybody
Firstly: I am new to TrueNAS, but not to Samba and not to Unix File Permissions in General. I am currently evaluating if TrueNAS is the right tool of choice for a customer. I created 6 Test users and now want to create different folders like Administration or Developers etc. to which only Members of a select group have access. I created a group in Credentials and gave them access rights in Samba. Now sschumac can access the Group “Geschaeftsfuehrung” and create a file in it. I then added sschumac2 to the Group “Geschaeftsfuehrung” and the user didnt see any of the files created. I then noticed in the dataset view that for every dataset sschumac and sschumac2 accessed a Sub-Dataset was created, to which only the creator has access. Where did I go wrong?
Yours faithfully
Stefan Malte Schumacher
Can you share a screenshot of your dataset ACL.
Hi Johnny.
I did a completely new setup, from the disk setup to the datasets. I now selected mirror instead of raidz2 (its four drives only anyways) and created new shares and datasets. I first thought that I somehow had gotten it right this time but a screenshot sometimes says more than a thousand words.
Hi. Here is an additional image of the acls of the share. Years of working with iptables have led me to the assumption that you first allow access and then deny the rest. Does that also apply to ACLs (Share or FS) or do I not have to keep my rules in a specific order?
I generally leave Share ACLs alone and work with the defaults and instead control access at the dataset level with ACLs there.
I suggest you create a dataset using the SMB preset and then edit the dataset ACL allowing your group access. Leave the owner and owner group as root remove any other groups that are not needed and see how that goes.
1 Like
If you DENY access to everyone, then no one will be able access a share.
