Get a Quote     (408) 943-4100               TrueNAS Discord      VendOp_Icon_15x15px   Commercial Support Toggle between Light and Dark mode

Managing SMB Shares

  4 minute read.

Last Modified 2022-08-11 12:28 EDT

Share Management

After creating the SMB share, additional management options are available by going to Sharing > Windows Shares (SMB) and clicking for a share entry:

NameDescription
EditOpens the share creation screen to reconfigure the share or disable it.
Edit Share ACLOpens a screen to configure an Access Control List (ACL) for the share. The default is open.

Edit Share ACL

  • This is separate from file system permissions, and applies at the level of the entire SMB share.
  • Permissions defined here are not interpreted by clients of other file sharing protocols.
  • Permissions defined here are not interpreted by other SMB shares. Even if the other SMB shares export the same share Path value.
  • Enabling Access Based Share Enumeration uses this ACL to determine the browse list.
NameDescription
Edit Filesystem ACLOpens a screen to configure an Access Control List (ACL) for the path defined in the share Path.
DeleteRemove the share configuration from TrueNAS. Shared data is unaffected.

Configure Share ACL

To see the share ACL options, click > Edit Share ACL.

EditShareACL>

The Share Name is shown, but cannot be changed. ACL Entries are listed as a block of settings. Click ADD to register a new entry.

NameDescription
SIDWho this ACL entry (ACE) applies to, shown as a Windows Security Identifier. Either a SID or a Domain with Name is required for the ACL.
DomainEnter a domain for the user Name. Required when a SID is not entered. Local users have the SMB server NetBIOS name: truenas\smbusers.
PermissionDropdown list of predefined permission combinations:
Select Read for read access and execute permission on the object (RX).
Select Change for read access, execute permission, write access, and delete object (RXWD).
Select Full for read access, execute permission, write access, delete object, change Permissions, and take ownership (RXWDPO).

For more details, see smbacls(1).
NameEnter the name of who this ACL entry applies to, shown as a user name. Requires adding the user Domain.
TypeSelect from the dropdown list how permissions are applied to the share. Select Allowed to deny all permissions by default except those that are manually defined. Select Denied to allow all permissions by default except those that are manually defined.

Click SAVE to store the share ACL and apply it to the share immediately.

Configure File System ACL

Click > Edit Filesystem ACL to quickly return to Storage > Pools and edit the dataset ACL.

DatasetACLEdit

This ACL defines the user accounts or groups that own or have specific permissions to the shared dataset. The User and Group values show which accounts own, or have full permissions to the dataset. Change the default settings to your preferred primary account and group. Select the Apply checkboxes before saving any changes.

ACL Presets

To rewrite the current ACL with a standardized preset, click SELECT AN ACL PRESET and choose an option:

Has three entries:

  • owner@ has full dataset control.
  • group@ has full dataset control.
  • All other accounts can modify the dataset contents.

Has two entries:

  • owner@ has full dataset control.
  • group@ can modify the dataset contents.

Has three entries:

  • owner@ has full dataset control.
  • group@ can modify the dataset contents.
  • All other accounts can traverse through the dataset.

Adding ACL Entries (ACEs)

To define permissions for a specific user account or group, click ADD ACL ITEM. Open the Who dropdown list, select User or Group, and select a specific user or group account. Define the settings for the account. Define the permissions to apply to that account. For example, to allow the tmoore user permission to view dataset contents but not make changes, define the ACL Type as Allow. Define Permissions for this user as Read.

ExampleACE

Related Content