Acces based share enumeration

[zierbeek]

Hi all,

I made some folders for my family members at home. Each user is the owner of his/her folder. I have also full control in the folder. In what way should I setup smb? I made the users folder as smb , not browsable.
When i share in smb folder lotte, with access based share enumeration, it still shows up for every other user. Even with permission in the folder set correctly with owner@, group@, and myself.


Thanks!

 

[Patrick M. Hausen]

Is mnt/tank1/Lotte a separate dataset? If yes, you cannot move it with mv but you can rename it: zfs rename tank1/Lotte tank1/Users/Lotte. Make sure to remove any shares using it or stop SMB before you do that.

 

[zierbeek]

Is mnt/tank1/Lotte a separate dataset? If yes, you cannot move it with mv but you can rename it: zfs rename tank1/Lotte tank1/Users/Lotte. Make sure to remove any shares using it or stop SMB before you do that.

Thanks! I did cp -R the folders. Would zfs rename make them showup in gui? Then also about permission...

 

[Patrick M. Hausen]

Would zfs rename make them showup in gui? Then also about permission...

Yes, it would. It just changes the path. And all the low level file system permissions stay the same, too. Of course you have to adapt the share definition afterwards.

 

[zierbeek]

Yeah but i want to setup that every users only has access to it's own share. Do I create smb permissions per user dataset?Or do I need to make a smb share definition for 'Users' and afterwards, for every user dataset?

 

[Patrick M. Hausen]

Sorry, I know ZFS fairly well but not SMB. Someone else will have to answer that one.

 

[zierbeek]

Sorry, I know ZFS fairly well but not SMB. Someone else will have to answer that one.

allrighty, thanks! Getting the error: Leading slash in name when executing : zfs rename /mnt/tank1/Nancy /mnt/tank1/Users/Nancy

Solved: Should be zfs rename tank1/Nancy tank1/Users/Nancy

 

[Patrick M. Hausen]

Solved: Should be zfs rename tank1/Nancy tank1/Users/Nancy

That's what I wrote

 

[zierbeek]

Addes some info with acces based share enumeration.

 

[zierbeek]

up

 

[ume2]

hi, i have the same Problem with the "acces based share enumeration". but i did not get the point why i should move the folders or datasets arround to make it working? i read arround alot! it seams it has to do with ACLs and the "acces based share enumeration" using the share ACL not the filesystem ACL. In one text i understand that you can config smb to use the filesystem ACL for this feature but i dont know its correct. In almost every tutorial or "help article" only the filesystem ACLs are shown. these ones i understand for what i need. but if i open the share ACL i do not have any clue how this works. SID etc.

i created a pool with 2 datasets in it. one is user1folder and the other is user2folder. in the filesystem acl i have set user1folder to only be accessed by user1 and the same for 2. this works fine. but checking the "acces based share enumeration" hase no impact. user 1 can see user2folder in the listing. he cannot edit or open but i realy wanna get the "acces based share enumeration" working :-D i want to understand how its working.