Private SMB Datasets and Shares Jank - Bug(s), feature, or misconfiguration?

Hello wizards,

I followed the documentation on adding Private SMB Datasets and Shares, but have run into two instances of janky behavior. It works, but smells fishy, or maybe in this case, eely, so I’m afraid to start loading it up with data until I understand what’s happening.

Running TrueNAS ElectricEel-24.10.1

---

1) Private directories are not shown on the datasets pane, but are when editing User Directories and Permissions

I’ve ran through the document and created home directories for 4 users, and it works as expected over the network, with each user having access to their own private directory. However, the directory folders do not appear on the datasets pane on Truenas:

but they do appear when you view the directories and permissions when editting a User (Credentials - Users - Edit):

I noticed this when trying to add an additional encrypted dataset under the user directory, for users to store more sensitive files, but since I couldn’t access the directories from the datasets pane, I was prevented from doing this. Further testing led me to issue #2.

---

2) Truenas will automatically create datasets under the private dataset for any user who clicks on the dataset, even if they don’t have access

I I created a test user (ttester) that I didn’t set up with a home directory. However, I noticed that the behavior from the windows file explorer behaved exactly the same as the user accounts that I had configured with a home directory. The test had access to it’s own private directory without an issue, and the other users didn’t have access to the test account’s private directory.

Turns out, TrueNAS was automatically creating a private directory for the test account, or rather in this case, a dataset, which is viewable in the Datasets pane:

This is both desired and undesired behavior:

• Desired, because now I can see the dataset and add nested encrypted datasets to the private dataset
• Undesired, because I don’t want random users to be able to create their own private datasets without permission, and it’s also not behaving like the documented private shares do.

But easy fix, just change who’s allowed to traverse the private dataset from everyone@ to the family group all four users are a part of:

(Note: just learned that I should change owner@ and group@ to truenas-admin and truenas-admin, will do that)

And it appears to work, the test user (ttester) doesn’t have access to the private share anymore… However, even though ttester can’t access the share, Truenas will still create a private dataset for it whenever I click on the shared directory in the windows explorer; access denied notification appears, but ttester dataset is still created. I’m not sure how to prevent this from occurring at this point.

One guess I have is that this is a bug related to the “export Recycle Bin” option, as Truenas automatically creates this subdirectory in every users private folder. I turned this option on as suggested by the documentation.

---

Another interesting note, the behavior of a multi-user time machine share is like ttester, and not like that of the users configured with home directories. The multi-user time machine share automatically creates private dataset for the user when the user clicks on the share in the Windows File Explorer:

This makes me wonder if the ttester behavior is actually the correct and intended behavior for private shares.

---

Any thoughts about why this behavior is occurring would be greatly appreciated! I know I must be making a configuration error somewhere, but am not sure where.

Some other info about the configuration:
The “shares” parent dataset was created with the generic preset. Both the private and shared_storage datasets nested under it were created with the SMB preset (these are the actual shared datasets). The shared_storage works as expected this way, but please tell me if I made a mistake and should’ve configured the “shares” dataset as SMB as well. I borrowed this structure from the documentation.

Looking at this fairly quickly, I’m thinking one part working as intended, one part potentially incorrect documentation, and one part possible bug.

This is working as expected. Directories do not appear on the Datasets screen. This is the same as the behavior if you were to create a new directory in your shared dataset via windows or CLI.

This is also expected, as far as I know. My understanding of Private SMB Datasets and Shares is that it is meant to automatically create a sub-dataset for all users who access the share, but looking over the current documentation, this is unclear. I also suspect that the step of configuring a per-user home directory is unnecessary when using this setting.

We’ll look into confirming and clarifying the documentation on this in the near future.

This is the part I suspect may be a bug. It does not sound intended that a user without access to the share should still have a private dataset created.

I suggest you gather a debug from the system and submit a bug report so our engineers can look into this.

Great to know. That’s what I originally assumed, but saw some (probably old) posts from users on the forum with folders shown on the Datasets screen, so I wasn’t sure.

Awesome, this would be my preferred implementation anyways, since it allows for nesting additional datasets under the per user private datasets. I should ask, any reason why me nesting datasets under a private dataset might be an issue, or is there a better way to go about this?

Great, I’ll do this and also see if disabling “export Recycle Bin” fixes the issue. I’m not sure if I’d want to use the recycle bin feature anyways. Is the only way to clear the recycling bin to manually delete the files in each users .recycle share, or does the system automatically clean it out under certain conditions?

Thanks for your help!

I’m looking into your posted comments to sort out which is Windows verses TrueNAS behaviors but the answer to your question about the shares parent dataset being created using the SMB shares preset is yes.
The SMB preset is configured under the hood to set permissions and functions specifically for an SMB share.
Since this is a test setup you can recreate it using the SMB preset. It creates both the dataset for the share and the share at the same time.
You can also just do this from the Add SMB screen (Shares > Click Add on SMB widget to open the Add Shares Screen).
This way you can create the dataset with the proper ACL permissions and modify your SMB share options at the same time. Click Advances Options to select your Share purpose and make any Other Options selections you want to assign the share.
Most of what you’ve documented appears to be related to incorrectly set permissions.
I’ll post again if I find any other information that helps explain what you encountered.

Sorry Bella, I’m a little confused, as I don’t believe this was my question, but I could be misunderstanding. My issue was not related to Truenas creating a dataset automatically when a SMB share is created within the Truenas web console. Rather, the issue I ran into was datasets being created automatically from the windows explorer, whenever a user clicked on the private share, even if said user did not have permission to traverse the private share. I also ran into behavior that wasn’t clarified in the docs, namely that configuring a per-user home directory is not necessary with private shares and potentially detrimental, as noted by DjP above.

I submitted a bug report to the iXsystems team, which unfortunately ended up being brief (I ran into a UX issue when submitting the bug report when using filing a ticket from within the Truenas Scale web console; if you accidentally click anywhere outside the “Send Feedback” pop-up window, it will dismiss the window and erase the written bug report message), but regardless it looks like it’s been fixed in the upcoming 25.10 release (if I understand the bug report correctly).