- All systems are running TrueNAS Core 13.0-U6.1
- I can determine that this started after upgrading to 13.0-U2, based on the age of files. Luckily, I have processes that create new files almost daily going back several years.
- Active Directory domain joined
- All info here is gathered from Windows clients.
- I can replicate this on multiple TrueNAS systems, including one that has been around for years and one that I built earlier this week for something unrelated to this problem. This started back in 2022, and I'm noticing just now.
- This post from 2022 describes the same problem (no replies on their post): SMB systematically giving Everyone read access to new files
I noticed this problem today when I was browsing file shares with a user that should not have permissions to files, yet was able to list contents and read/open files.
On every file share across all of my TrueNAS systems, all new files have an acl of Everyone with Read. These acls are not inherited from the parent folder. Some new files also have wheel, which is unexpected and I don't know why some do and some don't have it. Newly created folders do not show this behavior, only new files. When going to the security tab, most new files also give an error of:
As mentioned above, I have files generated almost daily going back several years. I am able to pinpoint an exact day of 9/27/2022 where this started happening. All files created prior to this day are fine. All files created after this day have Everyone RO in addition to their inherited permissions. Going back to my notes, I performed an upgrade to Core 13.0-U2 on 9/27/2022. I'm pretty sure I upgraded directly to 13.0-U2 from Core 12.something, but unfortunately, I did not record what exact version of 12 that I was running before upgrading to 13.0-U2. I think it was 12.0-U8.
As you can imagine, this is a serious permissions issue for me. Screenshots below:
1: Parent folder does not have Everyone or wheel permission
2: Old file does not have Everyone or wheel
3: Brand new file that has Everyone, but not wheel.
4: Another new file on a different file share (the screenshot files I just made, interestingly) showing wheel
Thank you very much for taking the time to read through this. Please let me know what questions you have.
- I can determine that this started after upgrading to 13.0-U2, based on the age of files. Luckily, I have processes that create new files almost daily going back several years.
- Active Directory domain joined
- All info here is gathered from Windows clients.
- I can replicate this on multiple TrueNAS systems, including one that has been around for years and one that I built earlier this week for something unrelated to this problem. This started back in 2022, and I'm noticing just now.
- This post from 2022 describes the same problem (no replies on their post): SMB systematically giving Everyone read access to new files
I noticed this problem today when I was browsing file shares with a user that should not have permissions to files, yet was able to list contents and read/open files.
On every file share across all of my TrueNAS systems, all new files have an acl of Everyone with Read. These acls are not inherited from the parent folder. Some new files also have wheel, which is unexpected and I don't know why some do and some don't have it. Newly created folders do not show this behavior, only new files. When going to the security tab, most new files also give an error of:
As mentioned above, I have files generated almost daily going back several years. I am able to pinpoint an exact day of 9/27/2022 where this started happening. All files created prior to this day are fine. All files created after this day have Everyone RO in addition to their inherited permissions. Going back to my notes, I performed an upgrade to Core 13.0-U2 on 9/27/2022. I'm pretty sure I upgraded directly to 13.0-U2 from Core 12.something, but unfortunately, I did not record what exact version of 12 that I was running before upgrading to 13.0-U2. I think it was 12.0-U8.
As you can imagine, this is a serious permissions issue for me. Screenshots below:
1: Parent folder does not have Everyone or wheel permission
2: Old file does not have Everyone or wheel
3: Brand new file that has Everyone, but not wheel.
4: Another new file on a different file share (the screenshot files I just made, interestingly) showing wheel
Thank you very much for taking the time to read through this. Please let me know what questions you have.
