Managing SMB Shares
3 minute read.
Last Modified 2022-05-11 14:15 EDTAfter creating the SMB share, additional management options are available by going to Sharing > Windows Shares (SMB) and clicking for a share entry:
- Edit: Opens the share creation screen to reconfigure the share or disable it.
- Edit Share ACL: Opens a screen to configure an Access Control List (ACL) for the share. This is separate from file system permissions, and applies at the level of the entire SMB share. Permissions defined here are not interpreted by clients of other file sharing protocols or other SMB shares that export the same share Path value. The default is open. This ACL is used to determine the browse list if Access Based Share Enumeration is enabled.
- Edit Filesystem ACL: Opens a screen to configure an Access Control List (ACL) for the path defined in the share Path.
- Delete: Remove the share configuration from TrueNAS. Shared data is unaffected.
To see the share ACL options, click more_vert > Edit Share ACL.
>
The Share Name is shown, but cannot be changed. ACL Entries are listed as a block of settings. Click ADD to register a new entry.
Setting | Value | Description |
---|---|---|
SID | string Who this ACL entry (ACE) applies to, shown as a Windows Security Identifier. Either a SID or a Domain with Name is required for the ACL. | |
Domain | string | Domain for the user Name. Required when a SID is not entered. Local users have the SMB server NetBIOS name: truenas\smbusers. |
Permission | drop down | Predefined permission combinations: Select Read for read access and execute permission on the object (RX). Select Change for read access, execute permission, write access, and delete object (RXWD). Select Full for read access, execute permission, write access, delete object, change Permissions, and take ownership (RXWDPO). For more details, see smbacls(1). |
Name | string | Who this ACL entry applies to, shown as a user name. Requires adding the user Domain. |
Type | drop down | Select how permissions are applied to the share. Select Allowed to deny all permissions by default except those that are manually defined. Select Denied to allow all permissions by default except those that are manually defined. |
Clicking SAVE stores the share ACL and applies it to the share immediately.
Click more_vert > Edit Filesystem ACL to quickly return to Storage > Pools and edit the dataset ACL.
This ACL defines the user accounts or groups that own or have specific permissions to the shared dataset. The User and Group values show which accounts own, or have full permissions to the dataset. Change the default settings to your preferred primary account and group and select the Apply checkboxes before saving any changes.
To rewrite the current ACL with a standardized preset, click SELECT AN ACL PRESET and choose an option:
To define permissions for a specific user account or group, click ADD ACL ITEM. Open the Who dropdown, select User or Group, and choose a specific user or group account. Define how the settings are applied to the account then choose the permissions to apply to that account. For example, to only allow the tmoore user permission to view dataset contents but not make changes, set the ACL Type to Allow and Permissions to Read.