Hide SMB Share

stefan_malte_schumac · May 7, 2025, 10:55am

Hello everybody

A customer, for whom I have set up a TrueNAS Scale installation (still in testing mode, updated yesterday to the current release) very urgently wants to hide certain directories from ordinary users. I would have given up long ago on the issue and decided that the users not being able to access the directory would be enough. I have found repeatedly two keywords “Enable Access Based Share Enumeration” and “Enable Access Based Enumeration” but I can’t find where to set these option. Also, I am unsure of the steps after enabling them. Is it enough just to give RW-Permissions to the Group to whom the folder belongs or are there additional steps I need to follow?

Yours sincerely
Stefan

Johnny_Fartpants · May 8, 2025, 6:12am

Hi,

Is it the share itself you’re trying to hide or directories within the share that users have no permissions to access?

stefan_malte_schumac · May 12, 2025, 7:14am

Hi
The customer wants the share itself hidden. I do not plan on creating any shares below the main share and plan on regulating access via file permissions.

Yours
Stefan

Johnny_Fartpants · May 12, 2025, 7:20am

Ok sure. Some people have different levels of permissions within a given share hence why I was asking.

I’ve heard a few people now with this issue and I presume it’s related to the latest version?

stefan_malte_schumac · May 12, 2025, 7:27am

No, the problem already existed before the latest update. Is there any way I can find out the installation date of TrueNAS? Any logs which are created on first install and which would show which version I installed?

Johnny_Fartpants · May 12, 2025, 7:29am

The version should be displayed on the dashboard.

You will also most likely have boot environments created for initial install and all updates after that.

essinghigh · May 12, 2025, 8:57am

Shares → Windows (SMB) Shares → Edit / Pencil Icon → Advanced Options → Tick “Access Based Share Enumeration”
If you have the purpose set to “Default share parameters” this will be greyed out, you can set the purpose to “No presets” to allow editing these.

If you’re also looking to hide the directories, see By default make files and folders you have no rights to see hidden over SMB / Difference in SMB Share Behaviour Between CORE and SCALE - #28 by Johnny_Fartpants

System → Boot
The boot environments should have a “Date Created” column

Alister · May 12, 2025, 1:41pm

Define hidden

Just hidden from casual browsing? If it’s only windows clients adding a $ to the end hides it from view

gaze · September 18, 2025, 12:35am

Hello everyone,

I am also trying to provide each user with a private dataset in TrueNAS Fangtooth 25.04, such that the dataset is invisible to other users via SMB/Windows.

Here is what I have done so far:

Dataset setup

ACLs configured: only one user has full access.
Group and all other users explicitly set to Deny Full Control.
ACLs applied recursively to cover all subfolders and files.

SMB Share settings

Access Based Share Enumeration (ABSE) enabled.

CLI / Shell

Additional SMB parameters set:
midclt call sharing.smb.update <ID> '{"auxsmbconf":"hide unreadable = yes"}'
midclt call sharing.smb.update <ID> '{"auxsmbconf":"hide unwritable = yes"}'
SMB/CIFS service restarted:
midclt call service.restart cifs

Windows testing

Created a new connection to the SMB share.
The private folder is still visible to other users, even though they have no permissions.

I do not understand why the folder remains visible. Is there something I am missing to make the dataset folder truly invisible to other users in Windows?

I also tried the steps from the following post, but it didn’t work either:
https://forums.truenas.com/t/accepted-25-10-by-default-make-files-and-folders-you-have-no-rights-to-see-hidden-over-smb/31584/27

Any advice if i missed something or workaround would be greatly appreciated

bacon · September 18, 2025, 12:10pm

Configure the share ACL, it’s different from the filesystem ACL.

I would also recommend to not set “hide unreadable” and “hide unwritable” - it’s not required for hiding shares in share enumeration and will only slow down folder enumeration.

gaze · September 18, 2025, 1:11pm

Thank you! I didn’t know that the setting was separate.

So I accidentally just adjusted only the ACL settings from the file system…

Savicava · September 18, 2025, 8:10pm

This is how I hide SMB share from my familiy members:

Setting is under the “Shares” section, and my TrueNAS is ElectricEel-24.10.2.2
Keep in mind that my family is not tech-savvy and that the hidden share could be accessed via the direct link/shortcut if the user has been granted permission.