Who is "Group"

[dpearcefl]

I am in the process of writing some documentation for TrueNAS and SMB shares. When I create a new SMB dataset and then edit it's permissions, one entry puzzles me. If I select an ACL preset of "Open", the latter entry disappears. Is the latter entry redundant? In this context, is "builtin_users" equivalent to "everyone@"?

 

[winnielinnie]

Isn't the "builtin_users" group automatically assigned for newly created accounts that you enable as an "SMB user"?

EDIT: Just confirmed. I created a new user account, checked the box "Samba Authentication", and it automatically added the user to the group "builtin_users". The inverse is also true. If I create a new user account and uncheck the box "Samba Authentication", then the new user will not be added to the "builtin_users" group.

This wasn't always the case with TrueNAS Core, so it must have been implemented recently in the 13.x series.

 

[Davvo]

In this context, is "builtin_users" equivalent to "everyone@"?

No, it's a specific group.

 

[dpearcefl]

Ah, so similar to Windows "Everyone" and "Authenticated Users".

 

[Davvo]

Ah, so similar to Windows "Everyone" and "Authenticated Users".

I don't know about Windows, but the everyone here should be "everyone but the ones specified".

 

[anodos]

Ah, so similar to Windows "Everyone" and "Authenticated Users".

GROUP@ is the NFSv4 equivalent of CREATOR-GROUP (S-1-3-1) in Windows (or simply "group" in conventional POSIX mode).

Special identity groups

Learn about Windows Server special identity groups that are used for Windows access control.

learn.microsoft.com

Other special identifiers are defined in RFC3530 (NFSv4.0) and RFC5661 (NFSv4.1) C.F.

https://www.rfc-editor.org/rfc/rfc5661#section-6.2.1.5

Though the only ones implemented internally in ZFS are owner, group, and everyone.