I have a new TrueNAS Mini XL+ with 32GB of memory running TrueNAS-13.0-U1.1.
Problem
When accessing my TrueNAS via "\\truenas01" from a Windows 10 computer, shares to which the current user has neither share nor file permissions are visible despite Access Based Share Enumeration being enabled.
Setup
I have created two users:
I created a share named Test03 targeting the Test03 dataset:
The Share ACL is configured so that only the test02 account has access:
Troubleshooting
My understanding is that with the configuration above, user test01 should be able to access \\truenas01 and the Test03 share should not be presented. However:
And just as a sanity check, I evaluated the share permissions on the Test03 folder through Windows Explorer to confirm that no share permissions are present:
File permissions deny access to the share as expected.
Most of the posts that I have found are mis-configuring the share ACLs. I don't believe I'm doing that in this case. I also found reference to adding the 'hide unreadable = yes' parameter. I attempted this, even though I'd prefer not to have it configured, but still the share was visible to the test01 user.
I have noticed that despite not being configured in either share or file permissions, the Everyone user is present on all files and folders with no permissions:
When I attempt to remove this access, it is immediately re-applied.
I suspect this might be the root of my issue. If Everyone is being applied to all files and folders, despite having no permissions, SMB might consider that enough access to present the shares to members of Everyone. If true, this would effectively make Access Based Share Enumeration useless until the Everyone role is removed.
Problem
When accessing my TrueNAS via "\\truenas01" from a Windows 10 computer, shares to which the current user has neither share nor file permissions are visible despite Access Based Share Enumeration being enabled.
Setup
I have created two users:
- test01
- Primary Group: builtin_administrators
- test02
- Primary Group: builtin_users
I created a share named Test03 targeting the Test03 dataset:
The Share ACL is configured so that only the test02 account has access:
Troubleshooting
My understanding is that with the configuration above, user test01 should be able to access \\truenas01 and the Test03 share should not be presented. However:
And just as a sanity check, I evaluated the share permissions on the Test03 folder through Windows Explorer to confirm that no share permissions are present:
File permissions deny access to the share as expected.
Most of the posts that I have found are mis-configuring the share ACLs. I don't believe I'm doing that in this case. I also found reference to adding the 'hide unreadable = yes' parameter. I attempted this, even though I'd prefer not to have it configured, but still the share was visible to the test01 user.
I have noticed that despite not being configured in either share or file permissions, the Everyone user is present on all files and folders with no permissions:
When I attempt to remove this access, it is immediately re-applied.
I suspect this might be the root of my issue. If Everyone is being applied to all files and folders, despite having no permissions, SMB might consider that enough access to present the shares to members of Everyone. If true, this would effectively make Access Based Share Enumeration useless until the Everyone role is removed.