Nested Data
Cadet
- Joined
- Jun 12, 2023
- Messages
- 1
I'm building a new pool and my dataset organization structure goes 3 levels deep with nested datasets. All bottom level datasets are private with ACL permissions setup so just users specific for those datasets can access them. Each bottom level dataset has its own SMB share setup. The upper level datasets are just for organization and are not shared.
When I created the upper level datasets I made them all SMB type just incase I ever needed to share them in the future. Those upper level dataset permissions by default include "Group - builtin_users Allow" which would grant all users access to that dataset if it was shared via SMB. I tried deleting "Group - builtin_users Allow" from the ACL but Truenas wont let me. Is this a security risk. The upperlevel dataset is not shared but nested dataset within it are. Could a user with access to a nested dataset somehow work their way up into the non shared upper level dataset and take advantage of these permissions?
When I created the upper level datasets I made them all SMB type just incase I ever needed to share them in the future. Those upper level dataset permissions by default include "Group - builtin_users Allow" which would grant all users access to that dataset if it was shared via SMB. I tried deleting "Group - builtin_users Allow" from the ACL but Truenas wont let me. Is this a security risk. The upperlevel dataset is not shared but nested dataset within it are. Could a user with access to a nested dataset somehow work their way up into the non shared upper level dataset and take advantage of these permissions?