SOLVED Hide smb share to mac users without read or write permission on 12.0-U2

korrupto77

korrupto77

Explorer
Joined
Jan 2, 2013
Messages
50
Hi all,
I'd like to hide in order to keep as cleanest as possibile shares. I'm just moved from form AFP to SMB and one think i've noted is the behaviour of smb shows all shares to all user differently from AFP. In the attached sketch, i've represented a pool's structure in order to let you better understand the situation.On finder zeroconf announce Freenas and the mounted from user it shows share 1 & 2. What i'd like to achieve (that was working on AFP), is hide share1 to a group (B). I've tried with "Access Share Enumaeration" but works only with sub dataset and doesn't help.
The reason for do not move Dataset 1 to Dataset 2 is maintain a separate share in order to allows certain IP only.
Thanks in advance for help
Blank diagram.jpeg
 
Last edited:
S

seanm

Guru
Joined
Jun 11, 2018
Messages
570
"access based share enumeration" is the way to make some shares invisible to some users. These threads may help you:

SMB shares show even if user doesn't have permission

I've created datasets in a pool that have permissions set only giving certain groups to each dataset. Then, I've created Windows shares that each have their path set to each dataset created. When users connect to the NAS either in Windows or in MacOS, Windows Explorer / Mac Finder both show...
www.ixsystems.com www.ixsystems.com

Methods For Fine-Tuning Samba Permissions

Caveat: This is a work-in-progress Correctly setting permissions on any server requires care and planning. In the case of Samba servers this becomes even more important for the server administrator because he or she has to understand the differences between Windows and Unix permissions models...
www.ixsystems.com www.ixsystems.com
 
korrupto77

korrupto77

Explorer
Joined
Jan 2, 2013
Messages
50
Thanks for the support, i’m gonna read carrefully those post.
regards
 
anodos

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,553
korrupto77 said:
Thanks for the support, i’m gonna read carrefully those post.
regards
Click to expand...
Big picture, if these are local users, create a group, put everyone _except_ macos users in it, then modify the "share" (not filesystem) ACL through the GUI to grant that group "FULL_CONTROL" and remove the everyone entry from it. Then check the "access-based share enumeration" checkbox in the share config.
 
korrupto77

korrupto77

Explorer
Joined
Jan 2, 2013
Messages
50
anodos said:
Big picture, if these are local users, create a group, put everyone _except_ macos users in it, then modify the "share" (not filesystem) ACL through the GUI to grant that group "FULL_CONTROL" and remove the everyone entry from it. Then check the "access-based share enumeration" checkbox in the share config.
Click to expand...

Thanks for suggestions,

i've tested the share ACL and works on Windows only; if i'm giving access to specific group it works on windows side but not in mac where the same share is still visible.
For my purpose is much more important the MAC users than can have on finder the share where they only have access

Regards
 
anodos

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,553
korrupto77 said:
Thanks for suggestions,

i've tested the share ACL and works on Windows only; if i'm giving access to specific group it works on windows side but not in mac where the same share is still visible.
For my purpose is much more important the MAC users than can have on finder the share where they only have access

Regards
Click to expand...
Sorry. Misread. Do the opposite then. Create MacOS group then repeat steps like above.
 
korrupto77

korrupto77

Explorer
Joined
Jan 2, 2013
Messages
50
anodos said:
Sorry. Misread. Do the opposite then. Create MacOS group then repeat steps like above.
Click to expand...
Thanks for specify, this solution works perfectly for some user but for other is still visible. Now i think i have to check acl’s ...
 
korrupto77

korrupto77

Explorer
Joined
Jan 2, 2013
Messages
50
seanm said:
"access based share enumeration" is the way to make some shares invisible to some users. These threads may help you:

SMB shares show even if user doesn't have permission

I've created datasets in a pool that have permissions set only giving certain groups to each dataset. Then, I've created Windows shares that each have their path set to each dataset created. When users connect to the NAS either in Windows or in MacOS, Windows Explorer / Mac Finder both show...
www.ixsystems.com www.ixsystems.com

Methods For Fine-Tuning Samba Permissions

Caveat: This is a work-in-progress Correctly setting permissions on any server requires care and planning. In the case of Samba servers this becomes even more important for the server administrator because he or she has to understand the differences between Windows and Unix permissions models...
www.ixsystems.com www.ixsystems.com
Click to expand...
Thanks , it has been very helpful
 
korrupto77

korrupto77

Explorer
Joined
Jan 2, 2013
Messages
50
korrupto77 said:
Thanks for specify, this solution works perfectly for some user but for other is still visible. Now i think i have to check acl’s ...
Click to expand...
I've discovered a quite strange behaviour; if i'm deleting and re-creating the same user with same specs is working perfectly. With old users or group it'doesn't. Have you heard something about ?
Regards
 
You must log in or register to reply here.

Important Announcement for the TrueNAS Community.

The TrueNAS Community has now been moved. This forum will now become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums.

Related topics on forums.truenas.com for thread: "Hide smb share to mac users without read or write permission on 12.0-U2"

Similar threads

korrupto77
Move files between Datasets
Replies
0
Views
2K
korrupto77
korrupto77
T
cannot hide hidden files in SMB shares
Replies
3
Views
4K
anodos
anodos
Todd Nine
AFP no longer works after creating an SMB share
Replies
5
Views
1K
elvisimprsntr
E
P
  • Locked
Read-write permission not working via AFP share on 11.0-U2
Replies
1
Views
1K
dlavigne
D
Glorious1
Mac can't copy dot file to SMB share on TrueNAS
Replies
5
Views
2K
Glorious1
Glorious1
Top