Are there best practices on protecting files in an SMB share?

[uttgigate]

I have a number of sensitive documents that I have on a SMB share on FreeNAS (markdown files I edit with Typora). Currently, I log into the share as root (probably should create a separate user), but beyond that, I feel like they're a little vulnerable once I've logged into the share.
I'm wondering what I can do to protect these files a little better. Any idea?
Is there a way to expire the SMB sessions nightly? I am planning on turning on disk encryption as soon as I migrate to 12.0.
Initially I was going to zip/password protect the files, but my editor won't work, and it's way too much trouble to unzip/zip the files each night. plus one of the advantages of using basic markdown files is that I can find-in-files from Notepad++.

 

[JohnDigital]

You could easily set the share to only allow your local ip to connect to it using hosts_allow/deny. This can help to add a layer of difficulty for outsiders.

A dedicated user/group to own these files (chmod 600) is the best way with a secure strong unique password. Depending on level of security needed you might want to encrypt the entire pool as well, thats on you. Its important to not let your connecting client (Linux, Windows, Mac, etc) to store the unique creds so you are prompted on each mount for this user/password. Then when you log off a session its disconnected. With this set correctly it can be locked down quite good.

 

[Hx Jai]

For some reason, the "hosts allow/deny" fields are greyed out under the new TrueNAS UI.

Is there some other setting that enables me to add IPs in there?

Nevermind - I figured out it's because of the presets in the GUI.