Get a Quote   (408) 943-4100               TrueNAS Discord      VendOp_Icon_15x15px   Commercial Support Toggle between Light and Dark mode

Managing SMB Shares

  3 minute read.

Last Modified 2022-05-11 14:15 EDT

Share Management

After creating the SMB share, additional management options are available by going to Sharing > Windows Shares (SMB) and clicking for a share entry:

  • Edit: Opens the share creation screen to reconfigure the share or disable it.
  • Edit Share ACL: Opens a screen to configure an Access Control List (ACL) for the share. This is separate from file system permissions, and applies at the level of the entire SMB share. Permissions defined here are not interpreted by clients of other file sharing protocols or other SMB shares that export the same share Path value. The default is open. This ACL is used to determine the browse list if Access Based Share Enumeration is enabled.
  • Edit Filesystem ACL: Opens a screen to configure an Access Control List (ACL) for the path defined in the share Path.
  • Delete: Remove the share configuration from TrueNAS. Shared data is unaffected.

Configure Share ACL

To see the share ACL options, click > Edit Share ACL.

EditShareACL>

The Share Name is shown, but cannot be changed. ACL Entries are listed as a block of settings. Click ADD to register a new entry.

SettingValueDescription
SIDstring Who this ACL entry (ACE) applies to, shown as a Windows Security Identifier. Either a SID or a Domain with Name is required for the ACL.
DomainstringDomain for the user Name. Required when a SID is not entered. Local users have the SMB server NetBIOS name: truenas\smbusers.
Permissiondrop downPredefined permission combinations:
Select Read for read access and execute permission on the object (RX).
Select Change for read access, execute permission, write access, and delete object (RXWD).
Select Full for read access, execute permission, write access, delete object, change Permissions, and take ownership (RXWDPO).

For more details, see smbacls(1).
NamestringWho this ACL entry applies to, shown as a user name. Requires adding the user Domain.
Typedrop downSelect how permissions are applied to the share. Select Allowed to deny all permissions by default except those that are manually defined. Select Denied to allow all permissions by default except those that are manually defined.

Clicking SAVE stores the share ACL and applies it to the share immediately.

Configure File System ACL

Click > Edit Filesystem ACL to quickly return to Storage > Pools and edit the dataset ACL.

DatasetACLEdit

This ACL defines the user accounts or groups that own or have specific permissions to the shared dataset. The User and Group values show which accounts own, or have full permissions to the dataset. Change the default settings to your preferred primary account and group and select the Apply checkboxes before saving any changes.

ACL Presents

To rewrite the current ACL with a standardized preset, click SELECT AN ACL PRESET and choose an option:

Has three entries:

  • owner@ has full dataset control.
  • group@ has full dataset control.
  • All other accounts can modify the dataset contents.

Has two entries:

  • owner@ has full dataset control.
  • group@ can modify the dataset contents.

Has three entries:

  • owner@ has full dataset control.
  • group@ can modify the dataset contents.
  • All other accounts can traverse through the dataset.

Adding ACL Entries (ACEs)

To define permissions for a specific user account or group, click ADD ACL ITEM. Open the Who dropdown, select User or Group, and choose a specific user or group account. Define how the settings are applied to the account then choose the permissions to apply to that account. For example, to only allow the tmoore user permission to view dataset contents but not make changes, set the ACL Type to Allow and Permissions to Read.

ExampleACE

Additional Information

SMB Share Screen

SMB Service Screen

SMB Share Creation