TheHellSite
Dabbler
- Joined
- Mar 12, 2021
- Messages
- 12
I just switched my test system from TrueNAS Core to TrueNAS Scale and found that the SMB / dataset permissions are not working properly.
The below setup was working fine on TrueNAS Core.
The problem I am having is that both of my SMB users have r/w access to the share even though UID=1000 should only have read access.
One thing I noticed during the creation was that the r/w user with UID:1001 wasn't selectable in the user list while configuring ACLs. I just typed the name instead. The access to the share is working for him.
This is how I set things up:
1. Created a TEST_pool, created a NAS_dataset.
2. Created two new users just for SMB access.
3. Added them to the ACL of the NAS_dataset.
4. Created the SMB share.
The below setup was working fine on TrueNAS Core.
The problem I am having is that both of my SMB users have r/w access to the share even though UID=1000 should only have read access.
One thing I noticed during the creation was that the r/w user with UID:1001 wasn't selectable in the user list while configuring ACLs. I just typed the name instead. The access to the share is working for him.
This is how I set things up:
1. Created a TEST_pool, created a NAS_dataset.
2. Created two new users just for SMB access.
Code:
UID: 1000 and 1001 GID: 1000 and 1001 Home directory: /nonexistent Shell: /usr/sbin/nologin Email: N/A Password Disabled: false Lock User: false Permit Sudo: false Microsoft Account: false Samba Authentication: true
3. Added them to the ACL of the NAS_dataset.
Code:
1000 1001 ==== ==== ACL Type: Allow ACL Type: Allow Permissions Type: Basic Permissions Type: Basic Permissions: Read Permissions: Modify Flags Type: Basic Flags Type: Basic Flags: Inherit Flags: Inherit
4. Created the SMB share.
Code:
Path: /mnt/TEST_pool/NAS_dataset Name: nas Purpose: No presets Enabled: yes Enble ACL: yes Browseable to Network Clients: yes Enable Shadow Copies: yes Enable Alternate Data Streams: yes Enable SMB2/3 Durable Handles: yes Auxiliary Parameters: server min protocol = SMB3_11