Prevent an SMB share to show to all users

Status
Not open for further replies.

francisaugusto

Contributor
Joined
Nov 16, 2018
Messages
153
Hi,

I am new to FreeNAS but I tried to read everything about ACL's and whatnot. I did the following to prevent the contents of a share to be accessible by everyone (except group and owner):

setfacl -b theshare
chmod 0770 theshare

This did the trick, and now only the owner is able to mount the share. I hope this is the right away and didn't mess up anything.

However, is there a way to avoid the share to be shown to all users? It is still showing when another user tries to mount his/her shares.

Best,
Francis
 

kdragon75

Wizard
Joined
Aug 7, 2016
Messages
2,457

francisaugusto

Contributor
Joined
Nov 16, 2018
Messages
153

kdragon75

Wizard
Joined
Aug 7, 2016
Messages
2,457
I reread you post. You want to hid the share itself. Under the share settings, uncheck "Browsable to Network Clients". This will hid the share from everyone unless they know the name, at which point they would still need the username and password.

You can also the share mode to windows. From edit the dataset permissions setting a trusted user as the owner there just manage the permissions from windows as that trusted user. Right click, properties, security, add users, modify permissions. If a user does not have permissions there, they won't see the folder. NOTE you may need to disable inheritance on the folders to remove "Everyone"
 

francisaugusto

Contributor
Joined
Nov 16, 2018
Messages
153
You can also the share mode to windows. From edit the dataset permissions setting a trusted user as the owner there just manage the permissions from windows as that trusted user. Right click, properties, security, add users, modify permissions. If a user does not have permissions there, they won't see the folder. NOTE you may need to disable inheritance on the folders to remove "Everyone"

Thanks again. It’s just that i don’t use Windows. I wonder if there’s a way to this from a Mac or via shell on the FreeNAS box.
 

kdragon75

Wizard
Joined
Aug 7, 2016
Messages
2,457
I dont have a mac to test but setfacl should do it all, just a bit to get used to.
 

francisaugusto

Contributor
Joined
Nov 16, 2018
Messages
153
I don't have a mac to test but setfacl should do it all, just a bit to get used to.
I will try to look at it more deeply. I googled about it the other day to understand how to deal with the "everyone" entry, and found basically no example on how to remove it. The only thing that did the trick was what ì wrote on my post. But ì will look more into it.
 
Status
Not open for further replies.
Top