I have a server running TrueNAS Scale 25.10.2.1. I have a dataset structure that has top level dataset called “data”, a child dataset within it called “folder” and a child dataset within that called “drop”. All permissions are assigned to groups. Each dataset has a read-only group and a read-write group. Users are added to the groups as desired to give them the necessary permissions. The “drop” dataset is a bit unique in that, like its name, it needs to act like a drop box to certain users. That dataset has an additional group assigned permissions that do not permit opening or reading the contents of that dataset but allow those users to drop files into it. The dataset must be visible to those users in order for them to see the folder and drop items into it. I have done this permissions arrangement many times before on earlier versions of TrueNAS Scale (25.04.x and earlier) and Core. For some reason, in 25.10.x versions the dataset is not visible unless I grant that group read-data permissions, which I do not want.
All clients are Windows clients connecting through SMB.
Knowing I had this working in earlier installations I installed TrueNAS 22.12.3.2 on a VM and set up this same structure. Everything worked as expected. The users who needed access to read and modify the contents to the “drop” dataset were put in the “g_drop_rw” group and those that were to only be able to drop files into it were put into the “g_drop_drop” group. All could see the folder but the “g_drop_drop” users could only drop files into it and not open the dataset itself. All was well. I then updated to 23.10.1.3… all continued to work as expected. I then updated to 24.04.2.5… all continued to work as expected. I then updated to 24.10.2.1… all continued to work as expected. I then updated to 25.04.1… all continued to work as expected. I then updated to 25.04.2.6… all continued to work as expected. I then updated to 25.10.1… the “drop” dataset disappeared to the “g_drop_drop” users! No other changes, no permission changes, just the one update broke it. I then updated to the latest stable 25.10.3 but it was still broken. I then reverted to 25.04.2.6 and it was again visible to the “g_drop_drop” group members.
This looks like a bug in 25.10.x but I am not an NFSv4/SMB specialist.
Smile icon on upper right of the TrueNAS GUI is for Feedback / Report a Bug. You can attempt to create a bug ticket and make sure to attach a Debug Dump. Post a link or the ticket number in the forum thread
Ok, I had to do this manually offline as the system is offline. The ticket link is below. I uploaded a debug dump as directed. Hope I did this correctly.
Tried the ticket route. It was closed with the following summary:
This work item involved investigating a dataset visibility issue related to SMB permissions after a version upgrade, which was ultimately closed without changes.
The issue was identified as not being a bug in TrueNAS code, and the team suggested community forums for further assistance.
The issue was closed without any modifications, and no further action was taken by the TrueNAS engineering team.
The user was advised to seek support through community channels if needed, and no resolution was implemented in the work item.
Also stated:
NAS-136499: Enable access-based-enumeration for NFSv4 acltype shares reintroduced access-based enumeration by default for SMB shares with NFSv4 ACLs to roughly match FreeBSD behavior where paths only are visible to clients if they can read it. FreeBSD pairs this accidentally with READ_ATTRIBUTES permission, which prevents stat(2) from succeeding and causes samba to accidentally drop the share from the dir listing (from the versions of samba we supported in 13), this was always somewhat problematic / accidentally working in FreeBSD (samba has separate provisions for hiding unreadable files). Due to customer and community request we reintroduced this default capability for NFSv4 ACL based shares in 25.10.
The problem I am having is that on the 8 FreeBSD-based TrueNAS Core 13.0-U6.8 systems that I manage and the 4 TrueNAS Scale 25.4.2.6 systems all operate the same way as regards to the NFSv4 ACLs and SMB shares. The only system that has introduced this problem of making a sub-dataset disappear despite it having everyone@ Traverse permissions and special permissions to write and execute from the “drop” group (but not read) is the 25.10.x versions. Saying that the changes made were to make 25.10.x more closely match the FreeBSD implementation makes no sense to me because it used to and now it does not.
If there is a kind soul that can direct me on what I need to change to make this work I would be eternally grateful as right now I cannot update my systems without breaking the functionality I rely on.
Is there someone who can advise me on creating a child dataset of a shared dataset that has “drop files in only” permissions. Members of a certain permissions group can only drop files into the folder but cannot read the contents of the folder. I need this to work with SMB connected Windows clients. This works in TrueNAS Core and Scale versions up through 25.4.x but not in 25.10.x due to changes made in that build release. Thank you.
