TrueNAS CORE Nightly Development Documentation
This content follows experimental early release software. Use the Product and Version selectors above to view content specific to a stable software release.

Managing SMB Shares

3 minute read.

Last Modified 2023-12-12 10:35 EST

After creating the SMB share, additional management options are available by going to Sharing > Windows Shares (SMB) and clicking for a share entry:

Name	Description
Edit	Opens the share creation screen to reconfigure the share or disable it.
Edit Share ACL	Opens a screen to configure an Access Control List (ACL) for the share. The default is open.

Edit Share ACL

This is separate from file system permissions, and applies at the level of the entire SMB share.
Permissions defined here are not interpreted by clients of other file sharing protocols.
Permissions defined here are not interpreted by other SMB shares. Even if the other SMB shares export the same share Path value.
Enabling Access Based Share Enumeration uses this ACL to determine the browse list.

Name	Description
Edit Filesystem ACL	Opens a screen to configure an Access Control List (ACL) for the path defined in the share Path.
Delete	Remove the share configuration from TrueNAS. Shared data is unaffected.

To see the share ACL options, click > Edit Share ACL.

EditShareACL >

The Share Name is shown, but cannot be changed. ACL Entries are listed as a block of settings. Click ADD to register a new entry.

Name	Description
SID	Who this ACL entry (ACE) applies to, shown as a Windows Security Identifier. Either a SID or a Domain with Name is required for the ACL.
Domain	Enter a domain for the user Name. Required when a SID is not entered. Local users have the SMB server NetBIOS name: truenas\smbusers.
Permission	Dropdown list of predefined permission combinations: Select Read for read access and execute permission on the object (RX). Select Change for read access, execute permission, write access, and delete object (RXWD). Select Full for read access, execute permission, write access, delete object, change Permissions, and take ownership (RXWDPO). For more details, see smbacls(1).
Name	Enter the name of who this ACL entry applies to, shown as a user name. Requires adding the user Domain.
Type	Select from the dropdown list how permissions are applied to the share. Select Allowed to deny all permissions by default except those that are manually defined. Select Denied to allow all permissions by default except those that are manually defined.

Click SAVE to store the share ACL and apply it to the share immediately.

Configure File System ACL

Click > Edit Filesystem ACL to quickly return to Storage > Pools and edit the dataset ACL.

DatasetACLEdit

This ACL defines the user accounts or groups that own or have specific permissions to the shared dataset. The User and Group values show which accounts own, or have full permissions to the dataset. Change the default settings to your preferred primary account and group. Select the Apply checkboxes before saving any changes.

ACL Presets

To rewrite the current ACL with a standardized preset, click SELECT AN ACL PRESET and choose an option:

Open

Has three entries:

owner@ has full dataset control.
group@ has full dataset control.
All other accounts can modify the dataset contents.

Restricted

Has two entries:

owner@ has full dataset control.
group@ can modify the dataset contents.

Home

Has three entries:

owner@ has full dataset control.
group@ can modify the dataset contents.
All other accounts can traverse through the dataset.

Adding ACL Entries (ACEs)

To define permissions for a specific user account or group, click ADD ACL ITEM. Open the Who dropdown list, select User or Group, and select a specific user or group account. Define the settings for the account. Define the permissions to apply to that account. For example, to allow the tmoore user permission to view dataset contents but not make changes, define the ACL Type as Allow. Define Permissions for this user as Read.

ExampleACE