SOLVED How to only allow access to one group with NFS4 ACL and deny for everyone else

G

Gabigeek

Cadet
Joined
Mar 9, 2023
Messages
3
Hi everyone,

I recently switched from TrueNAS Core to Scale, and I'm having a lot of issues when it comes to ACL configuration on my datasets. I have a few shares that I'd like to make accessible by its owner and specific groups only. For exemple, I tried to deny full control to everyone, then allow full control to the group and the user that owns the folder and its content, but my SMB share is not allowing any access to the owner or other people belonging to that group if I deny full control to everyone...

Using local shell, the users are not able to open the directory, so I don't think the issue is related to SMB.
I am fairly a newbie with ACLs, am I missing something ? I'm pretty desperate at this point lol

Feel free to ask any more information if needed :), Thanks !

Here are some screen caps to illustrate my setup :
1678386060893.png

1678385927752.png


1678385982425.png


(user "gabigeek" is a member of the "Utilisateurs" group.)
 
anodos

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,554
everyone@ literally encompasses all users. Explicitly denying access to "everyone" denies access to everyone (as implied by the name of that principal).
 
G

Gabigeek

Cadet
Joined
Mar 9, 2023
Messages
3
Hi, thanks for your answer !
Yup after digging a bit more, I just found that out.

However, It led me to another problem : when creating a file from shell, ACL is being inherited correctly to the file, however if the file is created from samba, it automatically chmod the file to the 664 permission (the ACL is being ignored).
This is not good because it allows the "other" users to read files.

Later, I would like to add more allowed groups, so I can't use a "create mask" samba option to chmod file using trivial permissions ...

Do you have any Ideas why files created with SMB are not getting the correct ACL applied ?
 
anodos

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,554
Gabigeek said:
Hi, thanks for your answer !
Yup after digging a bit more, I just found that out.

However, It led me to another problem : when creating a file from shell, ACL is being inherited correctly to the file, however if the file is created from samba, it automatically chmod the file to the 664 permission (the ACL is being ignored).
This is not good because it allows the "other" users to read files.

Later, I would like to add more allowed groups, so I can't use a "create mask" samba option to chmod file using trivial permissions ...

Do you have any Ideas why files created with SMB are not getting the correct ACL applied ?
Click to expand...
Set the aclmode to `restricted`.
 
G

Gabigeek

Cadet
Joined
Mar 9, 2023
Messages
3
Hi, sorry for late response, I've been quite busy those last days.

Thanks a lot, it seems to me that changing aclmode to restricted worked just fine, great !
 
You must log in or register to reply here.

Important Announcement for the TrueNAS Community.

The TrueNAS Community has now been moved. This forum will now become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums.

Related topics on forums.truenas.com for thread: "How to only allow access to one group with NFS4 ACL and deny for everyone else"

Similar threads

S
question on ACL for SMB share
Replies
11
Views
3K
TurtleFX
T
F
FreeNAS Windows SMB Share - Everyone group - deny access by default?
Replies
13
Views
8K
appliance
A
C
How to restrict Access to SMB Shares and Datasets - Share ACL?
Replies
3
Views
3K
oblivioncth
oblivioncth
T
SOLVED ACL weirdness when tagging files on SMB shares from MacOS
Replies
14
Views
6K
anodos
anodos
T
Samba share ACL for letting everybody from a group read and write
Replies
12
Views
5K
troudee
T
Top