Setting Up Users, Permissions, and ACLs on FreeNAS

In this tutorial, we’re going to talk about setting up Users, Permissions, and ACLs in FreeNAS. ACL stands for Access Control List, which designates access control entries for users and administrators on FreeNAS systems, specifically for Windows SMB shares. This tutorial assumes you already have your pool configured. If you need help getting started with configuring a pool, we recommend you watch our ZFS Pools Overview video first.

Setting up a FreeNAS group and user account

First, you’ll want to set up a FreeNAS user account and configure specific permissions.

To do this, click “Groups” under the left side menu under “Accounts”.

  • Click “ADD
  • You can leave the Group ID as is, it will be unique to this group.
  • Give it a name, In this how-to, we’ll call it “officegroup
  • Sudo is a root command, leave this unchecked to avoid giving root access to the group on this system.
  • Click “SAVE” when you’ve finished typing in your settings.

Next, go to “Accounts”, “Users”, then “ADD” a User

  • Fill in the required fields of Full Name, I’ll name it “Office User
    • Give the user a name. For this tutorial, we’ll name this “officeuser”.
    • Give it a unique password
  • For Primary Group, choose the group you created earlier (officegroup) from the drop-down list. You can also check New Primary Group and it will create a group along with the user with the same name
  • Then click “SAVE” when you’re finished choosing your settings.

Setting up Permissions (for non-SMB datasets)

Permissions are generally used for non-SMB or Generic datasets, so that means any dataset using AFP or NFS shares. SMB datasets for Windows clients will utilize ACLs which we’ll talk about in the next section.

If you haven’t already, go ahead and create a Generic share-type dataset by clicking the three dots on your pool and then choosing “Add Dataset”. Name your dataset and click “SAVE”.

From the Pools window, open the Permissions options by clicking the three dots on the right of your target dataset, and “Edit Permissions”.

You can set the Owner to the user you created earlier, which was “officeuser” and the group to “officegroup”. On the right side under Access, this is where you can set the Read and Write permissions. Go ahead and check “Write” to give editing permissions when you assign this Group to the dataset.

Check “Apply Permissions Recursively” if you want to set these permissions to all directories and files that are currently in the dataset. Check “Traverse” to apply permissions to any child datasets, or datasets within the dataset. Click “SAVE” when done.

Setting up ACLs (for SMB datasets)

Next, we’ll talk about ACLs, or “Access Control List”. ACL is a security feature used in Microsoft Windows, which designates access control entries for users and administrators on a system. FreeNAS interacts with it through the SMB protocol. Note that the “Edit ACL” feature was recently introduced in FreeNAS 11.3.

If you haven’t already, go ahead and create an SMB dataset by clicking the three dots on your pool and “Add Dataset”. Name your dataset, and choose “SMB” under the Share Type. Lastly, click “SAVE” to proceed.

You can create a share for this SMB dataset as well, by going to “Sharing“, choosing “Windows Shares”, and then selecting “ADD”. Browse to the path of your SMB dataset. You’ll notice it says ACL next to the folder because you set the Share type as SMB earlier. In this tutorial, let’s call this “smbshare” and click “SAVE” to continue.

From the SMB window, open the share options by clicking the three dots on the right, and “Edit ACL”. On the left side, leave “root” and “wheel” as the original owners of the dataset.

To give another user ownership permissions, click “Add ACL Item”, then choose “User” for the Who field, and “officeuser” for the User field. You may copy the same settings as the ACL items above on the right side. Do the same for the group, and choose “officegroup” for the Group field. Note: to set open permissions or guest access, you can choose “OPEN” from the “Default ACL Options” dropdown list.

The settings on the right side under “Group” allow you to configure the dataset’s ACL settings according to your network and security needs. Note that when you set the Share Type to “SMB”, the ACL options will default to that specific configuration, which is shown here. Lastly, click “SAVE” when you’re finished choosing your settings.

If you want to read more about configuration and recommendations for ACLs, make sure to check out the FreeNAS Documentation.

Now you have properly set up Permissions and ACLs for your datasets. Repeat the process above each time you need to give a User specific permissions to access a shared dataset on your network or simply use the same group with a new user. To learn how to access a share on Windows with the specific user, make sure to check out our Windows SMB Shares tutorial.

Thank you for reading this tutorial! Be sure to watch our other tutorial videos on our YouTube channel.


  1. Bastian

    Is it necessary to add both group and user to the ACL?

    If just the group is added as an item, will all users with that group as an ‘auxiliary group’ have the permissions set here?

    • Joon Lee

      No, you don’t need to add both. You are correct, all users with the group specified in the auxiliary group list will receive those permissions.

  2. Daniel Buccat

    I just upgraded from 11.2 to 11.3, I upgraded my pool then I can’t change the permissions of the pool and my files are not in a dataset but my files are in the pool itself please help me thanks

    • Joon Lee

      Have you tried upgrading to TrueNAS CORE?

    • Michael Dexter

      We suggest that you create a dataset below the top level of the pool and copy your files to it. This will give you full permissions control and not conflict with the system dataset or Plugin datasets. You may need to copy and delete the files in steps if you pool does not have the available space to copy everything at once. Doing so will also allow you to snapshot and replicate that dataset independently of the others.

  3. James Corbally

    Is there a way to access the pool without having to go through TWO directories? I want to double click on the share and then start dragging files across, not click down through two folders before I can do so.

    • Michael Dexter

      First be sure that you are accessing a dataset below the top level of the pool, rather than the pool directly. You should be able to drag and drop files between any two folders on that dataset but if you are dragging between datasets, they are treated like two separate file systems and the files will be copied, rather than moved. Does that answer your question?

  4. Edgardo Dellarossa

    Hi, I need share a subfolder of one user1, whith user2. but the user2 can’t access.
    I have created a new shared with sub folder, with ACL for the user2.

    • Michael Dexter

      Try adding both users to a Group and assigning permission to read and/or write to that dataset to the Group.


Submit a Comment

Your email address will not be published. Required fields are marked *

ESG Labs: TrueNAS Technical Report
Download Enterprise Storage Guide Button
iXsystems values privacy for all visitors. Learn more about how we use cookies and how you can control them by reading our Privacy Policy.