DarThLuKey
Cadet
- Joined
- Feb 20, 2024
- Messages
- 1
Hi All,
Ive been searching everywhere for a solution, ive followed guides, youtube vids and still cant find a casue for the problem im seeing, i see lots of posts regarding cant get permission to SMB share, my problem is completely the opposite, no matter what permissions i set on the dataset ACL anyone on my networkj can still browse to and create files in this "restricted" share.
I have for a long time had several Datasets on my pool2 which i dont need restrictions on, thi si for syncthing, plex, zoneminder etc. so these datasets are largely allow all.
I created a new Dataset called tmp (originally accounting but ive deleted and recreated so many times im just on tmp now :) ) I configured the Dataset ACL with the Basic Profile Restricted, configured the allowed user as tmpshare and group as tmpgsharegrp (again ive subbed in tmp as ive tried this so many times) when i create the SMB share it appears in windows network browser and i can just open it and create test.txt files as much as i like, the problem is im not logged into my device as testshare user. I would have expected it to challenge for permissions or error.
I also try to map the share as a drive in windows using the user: tmpshare and its password and it fails with a pemissions issue. So i have completely the opposite of what im trying to acheive.
Ive tried stripping the Dataset permissions, ive tried removing the dataset and recreating everything but I always end up in the same place, i presume somewhere along the line its inherriting permissions from the pool, but this is not really my main area of expertise, if you ask me about OSPF routing or Checkpoint and Fortigate Firewall Policies im all over it, Truenas permissions is not my bag.
this is the pool
getfacl /mnt/vault
# file: /mnt/vault
# owner: root
# group: wheel
owner@:rwxp--aARWcCos:-------:allow
group@:r-x---a-R-c--s:-------:allow
everyone@:r-x---a-R-c--s:-------:allow
this is the dataset
getfacl /mnt/vault/tmp
# file: /mnt/vault/tmp
# owner: tmpshare
# group: tmpsharegrp
owner@:rwxpDdaARWcCos:fd-----:allow
group@:rwxpDdaARWc--s:fd-----:allow
everyone@:--------------:fd-----:allow
I'd really appreciate any pointers or advice
many thanks
Luke
TrueNas Core TrueNAS-13.0-U6.1
CPU: Intel(R) Xeon(R) CPU E5-2680 v2 @ 2.80GHz
Memory: 64Gb ECC
Pool1: SSD 450Gb for VMs and Jails
Pool2: 5 x 3Tb Hitachi SATA drives in Single VDEV RAIDZ1
Ive been searching everywhere for a solution, ive followed guides, youtube vids and still cant find a casue for the problem im seeing, i see lots of posts regarding cant get permission to SMB share, my problem is completely the opposite, no matter what permissions i set on the dataset ACL anyone on my networkj can still browse to and create files in this "restricted" share.
I have for a long time had several Datasets on my pool2 which i dont need restrictions on, thi si for syncthing, plex, zoneminder etc. so these datasets are largely allow all.
I created a new Dataset called tmp (originally accounting but ive deleted and recreated so many times im just on tmp now :) ) I configured the Dataset ACL with the Basic Profile Restricted, configured the allowed user as tmpshare and group as tmpgsharegrp (again ive subbed in tmp as ive tried this so many times) when i create the SMB share it appears in windows network browser and i can just open it and create test.txt files as much as i like, the problem is im not logged into my device as testshare user. I would have expected it to challenge for permissions or error.
I also try to map the share as a drive in windows using the user: tmpshare and its password and it fails with a pemissions issue. So i have completely the opposite of what im trying to acheive.
Ive tried stripping the Dataset permissions, ive tried removing the dataset and recreating everything but I always end up in the same place, i presume somewhere along the line its inherriting permissions from the pool, but this is not really my main area of expertise, if you ask me about OSPF routing or Checkpoint and Fortigate Firewall Policies im all over it, Truenas permissions is not my bag.
this is the pool
getfacl /mnt/vault
# file: /mnt/vault
# owner: root
# group: wheel
owner@:rwxp--aARWcCos:-------:allow
group@:r-x---a-R-c--s:-------:allow
everyone@:r-x---a-R-c--s:-------:allow
this is the dataset
getfacl /mnt/vault/tmp
# file: /mnt/vault/tmp
# owner: tmpshare
# group: tmpsharegrp
owner@:rwxpDdaARWcCos:fd-----:allow
group@:rwxpDdaARWc--s:fd-----:allow
everyone@:--------------:fd-----:allow
I'd really appreciate any pointers or advice
many thanks
Luke
TrueNas Core TrueNAS-13.0-U6.1
CPU: Intel(R) Xeon(R) CPU E5-2680 v2 @ 2.80GHz
Memory: 64Gb ECC
Pool1: SSD 450Gb for VMs and Jails
Pool2: 5 x 3Tb Hitachi SATA drives in Single VDEV RAIDZ1
