Hello, I’m a new truenas user and I’m trying to create an ACL for a new dataset however it seems there are permissions getting created out of thin air when creating a file/folder within the dataset from the SMB share that is setup, it is currently using NFS4 ACLs.
I am currently using TrueNAS Scale version ElectricEel-24.10.0.2.
This is what I have so far, I know there are some that I still need to tweak to get it to work exactly how I want but for the most part this looks exactly correct and is what I would expect the ACL from truenas to translate to in windows advanced security dialog. Where it all falls apart is if I create a file or folder within this share/dataset.
A folder gets Everyone and root added to it along with my user account darkarrow added as full control. (Windows also complains about the entries being incorrectly ordered and may cause some to be ineffective but I’ll save that for later)
A file gets nearly the same incorrect ACL applied. (Also has the error about order)
I tried going through and seeing where these ACEs could possibly be coming from but I’m just not familiar enough with TrueNAS Scale nor TrueNAS in general. Thanks for any help.
You should probably document the client and how does it login to the TrueNAS?
Can you post the “ACL Editor” screen rather than the “Advanced Permissions Type” screen?
I’m pretty sure what you are seeing is just the effects of inheritance.
You can more granularly control these if youd prefer:
In this example the Owner set for the dataset is root. By default this is inherited on new files created in the dataset because the Flags are set to inherit.
It is a Windows 11 Enterprise multi-session client and it logs in using username/password that is defined in TrueNAS users. Specifically the user “darkarrow” as defined in the ACEs.
Sorry I don’t quite understand what you are looking for as I’m not too familiar with the interface yet but I do believe my screenshots have the inheritance settings in them if that’s what you are looking for.
I’m looking for the ACE entries for owner@ and group@, not the ACE entry you created for your user.
Sorry I wasn’t more clear.
Oh, I see what you were asking now, I actually do not have those set and the only ACEs in this ACL are the ones that I have posted screenshots of. I removed all others.
Ahh okay. You don’t want to do that. You can reset the ACLs to the “NFSv4 Restricted”
Then you’d want to set the desired permissions for owner@ and group@. Other users or security groups can be added as seperate ACE entries.
Okay I think I found where the permissions were coming from though I still don’t understand exactly what the option does. In the dataset’s advanced options there is one called “ACL Mode” it was set to passthrough but once I switched it to “Restricted” that made it so the random ACEs were no longer getting applied to the new files/folders and only the ones that I have set myself.
