User cant access smb share even with all ACL entries

Hello Community,

I’m encountering an issue with a nested SMB share that I can’t seem to resolve, even though the ACL entries appear correct.

Here’s the setup:

/root_dataset [SMB Share 1] (ACL: root, user1)
|— /A
|----|— /B
|----|----|— /Movies [SMB Share 2] (ACL: root, user1, user2)

root_dataset (Share 1) has ACL entries for @owner, root, and user1. The ACL Mode is set to pass-through and should allow access recursively to all subfolders and subdatasets.

Movies (Share 2) has ACL entries for @owner, root, user1, and user2, set via the SMB share settings, and is also configured to allow recursive access.

Problem:
I can access the Movies share (Share 2) with user1 but not with user2, even though user2 is correctly listed in the ACL for the directory /Movies. I’ve verified the ACL entries via the shell, and user2 is allowed for SMB login.

Note:
I do not want to convert the Movies directory into a separate dataset, as there are already files in it and I’d like to keep the structure simple.

Does anyone have insights on what might be causing this, or any suggestions to fix the access issue for user2?

Thanks!

Please indicate which software version.
Has there been a history of updates before problem was seen?

There has been no updates, it is a completely fresh Instance of TrueNAS-13.0-U6.2 hosted on proxmox.

After further investigation, it seems that the issue might be due to user2 lacking access to the parent directory /root_dataset/A/B.

To resolve this, i added the following line to the auxiliary parameters of share2:
allow insecure wide links =Yes

But the error persists.

That’s not how you resolve access issues to do permissions on the parent directory. The only fix for that configuration error is to grant your users access to the parent directories.

Hmm okay, i concepted my storage so that the admins have access to the root_dataset and only user2 can access that one specific subfolder.

What do you think about
mount -t nullfs /mnt/.../root_dataset/A/B/share2 /mnt/share2
and sharing /mnt/share2

I know in SCALE there is a “traverse” permission in the GUI. This enable my users to pass through the datasets they shouldn’t access (e.g.: /users/) without showing them more than what they have access to. In this case /users/user2/
Does CORE not have that function/capability?

1 Like