X10a Freedom
Cadet
- Joined
- Apr 27, 2022
- Messages
- 3
Hello all,
I am having a head scratcher here. I am attempting to restrict access of a group down to a bottom level dataset but cannot seem to access it. When I go to access the top level dataset it tells me that I do not have permissions to view it.
Specific setup:
TrueNAS version: TrueNAS-12.0-U8.1
Group: media
User: medias
Structure:
Data (pool) -> ds1 -> middle -> media
I am attempting to restrict the media group to only be able to see / read / write on the media dataset.
Current permissions:
ds1 (who: group -> group: media -> acl type: allow -> permissions type: basic -> permissions: traverse -> flags type: basic -> flags inherit) -> middle (same as ds1) -> media (same except for permissions is set to permissions: modify)
I attempt to browse to my IP through Windows file explorer and I can see ds1 share. When I click on the share is when I get the permissions issue. If I enter the full file path in file explorer, I can reach it just fine (IP address\ds1\middle\media).
It has to be something in my permissions as when I follow this entire structure down with permissions set to permissions: full control, I can make it down to the media dataset. Also, when I set the permissions to permissions: read, I can also make it all the way down to the media dataset. The instant I take away the "read" permission in advanced permissions (which basically gives it the "traverse" set of permissions) I get the error. I have also attempted to set the permissions for this group on ds1 and middle to "basic: traverse" but this also does not allow me to push right through the datasets and be able to directly see the media dataset when clicking on my share.
End goal: I would like to be able to have to only network map the appliance IP and then access the ds1 share and when I click on it, be only able to see the "media" dataset when I am logged in with my medias user. I am thinking that this is happening because the datasets are nested. If I dont have the "read data" permissions checked off, there would be nothing further to click to continue down the dataset structure as I then technically dont have access to see the top level dataset, if that makes sense. Am I stuck with just having to be fine with this user being able to "read" and see each dataset all the way down the structure, or will as an alternative, would I just have to be fine with creating another smb share that directly file paths to the dataset that I want / map a network drive with the direct file path to the dataset. It would be great to just have a single point of entrance and be able to have it traverse down to my media dataset instead of having to bounce in and out of shares / mapped network drives / file explorer paths.
Any thoughts? Am I looking at this or approaching this completely wrong? Thanks all!
I am having a head scratcher here. I am attempting to restrict access of a group down to a bottom level dataset but cannot seem to access it. When I go to access the top level dataset it tells me that I do not have permissions to view it.
Specific setup:
TrueNAS version: TrueNAS-12.0-U8.1
Group: media
User: medias
Structure:
Data (pool) -> ds1 -> middle -> media
I am attempting to restrict the media group to only be able to see / read / write on the media dataset.
Current permissions:
ds1 (who: group -> group: media -> acl type: allow -> permissions type: basic -> permissions: traverse -> flags type: basic -> flags inherit) -> middle (same as ds1) -> media (same except for permissions is set to permissions: modify)
I attempt to browse to my IP through Windows file explorer and I can see ds1 share. When I click on the share is when I get the permissions issue. If I enter the full file path in file explorer, I can reach it just fine (IP address\ds1\middle\media).
It has to be something in my permissions as when I follow this entire structure down with permissions set to permissions: full control, I can make it down to the media dataset. Also, when I set the permissions to permissions: read, I can also make it all the way down to the media dataset. The instant I take away the "read" permission in advanced permissions (which basically gives it the "traverse" set of permissions) I get the error. I have also attempted to set the permissions for this group on ds1 and middle to "basic: traverse" but this also does not allow me to push right through the datasets and be able to directly see the media dataset when clicking on my share.
End goal: I would like to be able to have to only network map the appliance IP and then access the ds1 share and when I click on it, be only able to see the "media" dataset when I am logged in with my medias user. I am thinking that this is happening because the datasets are nested. If I dont have the "read data" permissions checked off, there would be nothing further to click to continue down the dataset structure as I then technically dont have access to see the top level dataset, if that makes sense. Am I stuck with just having to be fine with this user being able to "read" and see each dataset all the way down the structure, or will as an alternative, would I just have to be fine with creating another smb share that directly file paths to the dataset that I want / map a network drive with the direct file path to the dataset. It would be great to just have a single point of entrance and be able to have it traverse down to my media dataset instead of having to bounce in and out of shares / mapped network drives / file explorer paths.
Any thoughts? Am I looking at this or approaching this completely wrong? Thanks all!
