SMB shares permissions

valentone

Cadet
Joined
Dec 30, 2018
Messages
2
Why it has to be so difficult to properly set up a share on FreeNAS? Both on OMV and XPEnology it's as easy as checking a box :|

I really want to use FreeNAS and this is the setup I'd like to achieve:
X shares of this kind: every share of this group can be accessed (read/write) only by the members of the group X (same name as the share)
SECRET-SHARE: this single share can be accessed (read/write) only by the user SECRET-USER

In both cases guests (or users that do not belong to the right group) should not be able to read the share.
Please help this poor noob :)

EDIT: the problem is that if I set the owner group X for share X (by the web GUI) even if a user belongs to that group it still cannot access the share, and for the SECRET-SHARE it defaults with "Everyone" read access, so everyone can see inside it.
 
Last edited:

KrisBee

Wizard
Joined
Mar 20, 2017
Messages
1,288
A couple of key points:

1. Which version of FreeNAS are you talking about?
2. Which share protocol are talking about, SMB, NFS, etc. ?

Let me guess it's windows share you want to set up. If so, I can recommend these two videos:

https://youtu.be/RxggaE935PM
https://youtu.be/QhwOyLtArw0

The way FreeNAS works when setting a dataset share type to "windows" and the default permission type to Windows, "everyone" always gets read&execute permission on the share. How to remove this, etc. is all covered in the vids.

OMV, for example, is probably not giving full "Windows ACLs" on windows shares. Whereas FreeNAS is matching ZFS NFSV4ACLs to full WinodwsACLs (the two are virtually identical). IIRC, OMV is only going to support POSIX ACls even if you use the zfs pulgin to share data from a zfs pool.
 

valentone

Cadet
Joined
Dec 30, 2018
Messages
2
A couple of key points:

1. Which version of FreeNAS are you talking about?
2. Which share protocol are talking about, SMB, NFS, etc. ?

Let me guess it's windows share you want to set up. If so, I can recommend these two videos:

https://youtu.be/RxggaE935PM
https://youtu.be/QhwOyLtArw0

The way FreeNAS works when setting a dataset share type to "windows" and the default permission type to Windows, "everyone" always gets read&execute permission on the share. How to remove this, etc. is all covered in the vids.

OMV, for example, is probably not giving full "Windows ACLs" on windows shares. Whereas FreeNAS is matching ZFS NFSV4ACLs to full WinodwsACLs (the two are virtually identical). IIRC, OMV is only going to support POSIX ACls even if you use the zfs pulgin to share data from a zfs pool.

It seems to work using the instructions of the videos, did not think that it was necessary to go through windows to fine tune permissions.
Is there a way to temporarly disable a smb share without deleting it?
 

KrisBee

Wizard
Joined
Mar 20, 2017
Messages
1,288
It seems to work using the instructions of the videos, did not think that it was necessary to go through windows to fine tune permissions.
Is there a way to temporarly disable a smb share without deleting it?

For a FreeNAS windows share, fine tuning from a windows client is the easier option. Otherwise you'd have to grapple with using getfacl and setfacl in a FreeNAS shell. ( see for example: https://forums.freenas.org/index.php?threads/methods-for-fine-tuning-samba-permissions.50739/)

To temporarily disable a share, edit the share clicking on "advanced mode" - uncheck "Browseable to .." and add an additional parameter of "available =no". Save the share config, then restart the SMB service.
 
Top