OK, here's a longer post to describe what I mean in more detail. I'm just starting out with TrueNAS related things, so chances are I'm doing things wrong... I did the following, all in a test environment:
- create a vanilla instal of TrueNAS-SCALE-22.12.3.3
- create a pool for my media called "mediapool" (two mirrored disks)
- create a pool for app data called "appdatapool" (two mirrored disks)
- create a SMB share type dataset on "mediapool" called "movies"
- create a Apps share type dataset on "appdatapool" called "appdata_jellyfin"
- create a user in Credential -> Local Users with the standard settings
- create a SMB share with the path "/mnt/mediapool/movies" and subsequent name "movies", having it turn on automatically
(at this point I could log in with this user from another machine and copy files to the "movies" dataset)
- go to Apps, choose the "appdatapool" for Apps
- go to Apps -> Settings -> Advanced Settings and disable "Host Path Safety Checks"
- go to Apps and install Jellyfin from the existing catalog with the following settings: use the "/mnt/appdatapool/appdata_jellyfin" path for config and cache storage, use "emptyDir" in memory for transcode storage, and add additional storage with my existing "/mnt/mediapool/movies" as host path, and "/movies" as mount path. After a while, Jellyfin is active.
- set up Jellyfin with an admin user (within Jellyfin I mean), and a movie library pointing to "/movies" in such a way that Jellyfin does not get movie data from the internet or writes any data (like nfo files) to the movies dataset
- in the TrueNAS interface, go to the movies dataset and edit permissions
- then in the Edit ACL screen, add an item, choose the "apps" user, set permissions to read, save ACL
- now connect using the local user to the SMB share, and copy a directory with therein another directory with therein a movie (in this case just a random mkv file for testing purposes)
- have Jellyfin do a library scan, and the movie indeed shows up
- in the Jellyfin interface, go to that movie (as the Jellyfin admin user) and try to delete the movie using the submenu...
And there you have it, to my surprise it deletes the movie with its enclosing directory, whereas I saved the ACL for the "apps" user within TrueNAS as "read".
I totally assume I'm doing something wrong, but I don't know what...