Problems with user permissions

TrueNAS General
1

Been running my server for 3-4 months now and all of a sudden I cannot access my SMB share anymore from any of my computers (mac / pc / …)

When checking via ssh:

root@vlasnas[~]# getfacl /mnt/FAST_STORAGE
getfacl: Removing leading ‘/’ from absolute path names

file: mnt/FAST_STORAGE

owner: root

group: root

user::rwx
group::r-x
other::r-x

I already deleted my account, added it again, set it as my home directory, run CHMOD 770 & CHMOD 755 on this folder => nothing works.

Somebody how is able to guide me please? I’m lost….

2

I have some questions:

  1. Do the clients see the share itself?
  2. What is the error message when you are trying to access it?
  3. What are the permissions on the share itself?
  4. How was the share created?
  5. Did you try to create another share?
  6. Did you create this share for the entire pool (or better said for the root dataset)?
3

Hello swc-phil,

thanks for the quick reply! My answers below:

have some questions:

  1. Do the clients see the share itself? I see the “files” mount - but not any subfolder (like FAST_STORAGE which is linked to a SSD disk)

  2. What is the error message when you are trying to access it?
    Windows: Windows cannot access \\192.168.2.234\files. You do not have the permission to access
    Mac: There was a problem connecting to the server - the share does not exist

  3. What are the permissions on the share itself?

    root@vlasnas[~]# getfacl /mnt/FAST_STORAGE/
    getfacl: Removing leading ‘/’ from absolute path names

    file: mnt/FAST_STORAGE/

    owner: root

    group: root

    user::rwx
    group::—
    other::—

  4. How was the share created? Share was created via UI

  5. Did you try to create another share? Did not tried that

  6. Did you create this share for the entire pool (or better said for the root dataset)? This share is linked to a SSD disk, other SATA disks need to be bought to foresee the “slow” storage part / archief

4

Question. On windows are you not logging into the share with the actual user/pass you set in Truenas? I think guest access to shares went away in the latest 25.10
Windows will be happy to try and use the computer login as the default login to a server or lacking that a guest/anonymous login.

1 Like
5

So, only root can access the share. AFAIK, root is a very special user in the truenas case. You should not use him as a share user.

Also, did you enter the root credentials when you accessed the share?

Welp, I meant with which params/purpose, but nvm. Now I don’t think it is related.

It doesn’t really work this way. And you shouldn’t create the share for the root dataset which has the same name as your pool (FAST_STORAGE).

Anyway, just in case, please post the output of the following commands:

sudo zpool list -v FAST_STORAGE

sudo zfs list -r FAST_STORAGE
6

root@vlasnas[~]# sudo zpool list -v FAST_STORAGE
NAME SIZE ALLOC FREE CKPOINT EXPANDSZ FRAG CAP DEDUP HEALTH ALTROOT
FAST_STORAGE 3.72T 119G 3.60T - - 0% 3% 1.00x ONLINE /mnt
d05d50ca-7d22-43f5-a866-349851f95d3b 3.72T 119G 3.60T - - 0% 3.12% - ONLINE
root@vlasnas[~]# sudo zfs -r FAST_STORAGE
unrecognized command ‘-r’
usage: zfs command args …
where ‘command’ is one of the following:

    version [-j]

    create [-Pnpuv] [-o property=value] ... <filesystem>
    create [-Pnpsv] [-b blocksize] [-o property=value] ... -V <size> <volume>
    destroy [-fnpRrv] <filesystem|volume>
    destroy [-dnpRrv] <filesystem|volume>@<snap>[%<snap>][,...]
    destroy <filesystem|volume>#<bookmark>

    snapshot [-r] [-o property=value] ... <filesystem|volume>@<snap> ...
    rollback [-rRf] <snapshot>
    clone [-p] [-o property=value] ... <snapshot> <filesystem|volume>
    promote <clone-filesystem>
    rename [-f] <filesystem|volume|snapshot> <filesystem|volume|snapshot>
    rename -p [-f] <filesystem|volume> <filesystem|volume>
    rename -u [-f] <filesystem> <filesystem>
    rename -r <snapshot> <snapshot>
    bookmark <snapshot|bookmark> <newbookmark>
    program [-jn] [-t <instruction limit>] [-m <memory limit (b)>]
        <pool> <program file> [lua args...]

    list [-Hp] [-j [--json-int]] [-r|-d max] [-o property[,...]] [-s property]...
        [-S property]... [-t type[,...]] [filesystem|volume|snapshot] ...

    set [-u] <property=value> ... <filesystem|volume|snapshot> ...
    get [-rHp] [-j [--json-int]] [-d max] [-o "all" | field[,...]]
        [-t type[,...]] [-s source[,...]]
        <"all" | property[,...]> [filesystem|volume|snapshot|bookmark] ...
    inherit [-rS] <property> <filesystem|volume|snapshot> ...
    upgrade [-v]
    upgrade [-r] [-V version] <-a | filesystem ...>

    userspace [-Hinp] [-o field[,...]] [-s field] ...
        [-S field] ... [-t type[,...]] <filesystem|snapshot|path>
    groupspace [-Hinp] [-o field[,...]] [-s field] ...
        [-S field] ... [-t type[,...]] <filesystem|snapshot|path>
    projectspace [-Hp] [-o field[,...]] [-s field] ... 
        [-S field] ... <filesystem|snapshot|path>

    project [-d|-r] <directory|file ...>
    project -c [-0] [-d|-r] [-p id] <directory|file ...>
    project -C [-k] [-r] <directory ...>
    project [-p id] [-r] [-s] <directory ...>

    mount [-j]
    mount [-flvO] [-o opts] <-a|-R filesystem|filesystem>
    unmount [-fu] <-a | filesystem|mountpoint>
    share [-l] <-a [nfs|smb] | filesystem>
    unshare <-a [nfs|smb] | filesystem|mountpoint>

    send [-DLPbcehnpsVvw] [-i|-I snapshot]
         [-R [-X dataset[,dataset]...]]     <snapshot>
    send [-DnVvPLecw] [-i snapshot|bookmark] <filesystem|volume|snapshot>
    send [-DnPpVvLec] [-i bookmark|snapshot] --redact <bookmark> <snapshot>
    send [-nVvPe] -t <receive_resume_token>
    send [-PnVv] --saved filesystem
    receive [-vMnsFhu] [-o <property>=<value>] ... [-x <property>] ...
        <filesystem|volume|snapshot>
    receive [-vMnsFhu] [-o <property>=<value>] ... [-x <property>] ... 
        [-d | -e] <filesystem>
    receive -A <filesystem|volume>

    allow <filesystem|volume>
    allow [-ldug] <"everyone"|user|group>[,...] <perm|@setname>[,...]
        <filesystem|volume>
    allow [-ld] -e <perm|@setname>[,...] <filesystem|volume>
    allow -c <perm|@setname>[,...] <filesystem|volume>
    allow -s @setname <perm|@setname>[,...] <filesystem|volume>

    unallow [-rldug] <"everyone"|user|group>[,...]
        [<perm|@setname>[,...]] <filesystem|volume>
    unallow [-rld] -e [<perm|@setname>[,...]] <filesystem|volume>
    unallow [-r] -c [<perm|@setname>[,...]] <filesystem|volume>
    unallow [-r] -s @setname [<perm|@setname>[,...]] <filesystem|volume>

    hold [-r] <tag> <snapshot> ...
    holds [-rHp] <snapshot> ...
    release [-r] <tag> <snapshot> ...
    diff [-FHth] <snapshot> [snapshot|filesystem]
    load-key [-rn] [-L <keylocation>] <-a | filesystem|volume>
    unload-key [-r] <-a | filesystem|volume>
    change-key [-l] [-o keyformat=<value>]
        [-o keylocation=<value>] [-o pbkdf2iters=<value>]
        <filesystem|volume>
    change-key -i [-l] <filesystem|volume>
    redact <snapshot> <bookmark> <redaction_snapshot> ...
    wait [-t <activity>] <filesystem>
    zone <nsfile> <filesystem>
    unzone <nsfile> <filesystem>

Each dataset is of the form: pool/[dataset/]*dataset[@name]

For the property list, run: zfs set|get

For the delegated permission list, run: zfs allow|unallow

For further help on a command or topic, run: zfs help

7

You missed the list part. sudo zfs list -r FAST_STORAGE

Also, did you update your truenas recently?

8 
root@vlasnas[~]# getfacl /mnt/FAST_STORAGE/
getfacl: Removing leading ‘/’ from absolute path names

file: mnt/FAST_STORAGE/

owner: root

group: root

user::rwx
group::—
other::—

Why do you have a 0o700 mode on the root dataset of your pool? We don’t allow this through the UI for fairly obvious reasons (will break access to all shares / data).

We default to 755.

9

sorry - didn’t notice yesterday. The correct output:

Last login: Tue Dec 30 19:43:53 CET 2025 on pts/2
root@vlasnas[~]# sudo zfs list -r FAST_STORAGE
NAME USED AVAIL REFER MOUNTPOINT
FAST_STORAGE 119G 3.49T 144K /mnt/FAST_STORAGE
FAST_STORAGE/.system 1.86G 3.49T 1.56G legacy
FAST_STORAGE/.system/configs-ae32c386e13840b2bf9c0083275e7941 4.58M 3.49T 4.58M legacy
FAST_STORAGE/.system/cores 96K 1024M 96K legacy
FAST_STORAGE/.system/netdata-ae32c386e13840b2bf9c0083275e7941 301M 3.49T 301M legacy
FAST_STORAGE/.system/nfs 112K 3.49T 112K legacy
FAST_STORAGE/.system/samba4 248K 3.49T 248K legacy
FAST_STORAGE/FILES 111G 3.49T 111G /mnt/FAST_STORAGE/FILES
FAST_STORAGE/ix-apps 6.10G 3.49T 120K /mnt/.ix-apps
FAST_STORAGE/ix-apps/app_configs 2.15M 3.49T 2.15M /mnt/.ix-apps/app_configs
FAST_STORAGE/ix-apps/app_mounts 987M 3.49T 96K /mnt/.ix-apps/app_mounts
FAST_STORAGE/ix-apps/app_mounts/immich 987M 3.49T 104K /mnt/.ix-apps/app_mounts/immich
FAST_STORAGE/ix-apps/app_mounts/immich/data 653M 3.49T 223M /mnt/.ix-apps/app_mounts/immich/data
FAST_STORAGE/ix-apps/app_mounts/immich/postgres_data 334M 3.49T 170M /mnt/.ix-apps/app_mounts/immich/postgres_data
FAST_STORAGE/ix-apps/docker 4.87G 3.49T 4.87G /mnt/.ix-apps/docker
FAST_STORAGE/ix-apps/truenas_catalog 270M 3.49T 270M /mnt/.ix-apps/truenas_catalog

Come to think of it, yes, I had installed an update that was waiting on the system a few weeks ago…

10

Ok, it seems like you have only the “root” dataset in your pool. And the share for the “root” dataset became unavailable after the update.

I think you can resolve your issue with the following steps ( :warning: see the EDIT at the bottom):

  1. Create a new dataset under the FAST_STORAGE. Let’s name it my-files.
  2. Create another non-root user. For example, hornetjo.
  3. Create a new share for /mnt/FAST_STORAGE/my-files. Set hornetjo as the share owner.
  4. Move your files to the new dataset. It can be done via zfs replication or via something like mv /mnt/FAST_STORAGE/* /mnt/FAST_STORAGE/my-files.
  5. For windows clients, edit saved credentials for your nas (in the credential manager). The user should be hornetjo, not root.
  6. If you still don’t see your files, go to the share ACL; check Apply owner, Apply group, Apply permissions recursively and then save.

:warning: EDIT. On second look I’ve noticed FAST_STORAGE/FILES dataset. So you don’t need to create new dataset and moving the files. Just create a new share with non-root owner for this dataset and update credentials on the clients.

11

same error message occurs - validation error when creating a new dataset under FAST_STORAGE…

getting on the edge of my serves here. Was implementing this setup as a true replacement for my old QNAP - but instead have more headaches then positive encounters…

12

But you didn’t have a validation error before, so it’s probably not the same… You should provide the error’s message.