Proper home share configuration

[malda]

Hello,

I am curious about SMB home shares configuration. I would like to have a per user share. What is the proper way to configure it in TrueNAS Scale?

My configuration:

OS Version: TrueNAS-SCALE-22.02.2.1

Dataset "homes" with manually created sub-dataset for every local user

Users:
user1, home in /mnt/ssd-pool/homes/user1, dataset owner & group user1, rwxrwx---
user2, home in /mnt/ssd-pool/homes/user2, dataset owner & group user2, rwxrwx---

SMB share:
Path: /mnt/ssd-pool/homes
Name: users
Purpose: Private SMB Datasets and Shares
Other options: Use as Home Share

I have discovered a weird behaviour, where user1 can access its share on \\truenas\homes and \\truenas\user1 and \\truenas\user2 - when logged as user1. Any mentioned share points to user1 directory. The same behaviour when logged as user2. Using non-existent user name causes an error in smbclient (NT_STATUS_BAD_NETWORK_NAME).

Is above mentioned configuration the proper way to configure home shares, especially manually creating dataset for every user? Is there anything to configure better? What about that weird behaviour when accessing the user's home share with any existing user name? I would expect it being accessible from user's name, maybe from "homes", but not really from another user's name.

Thanks for any tips & advices.
M

 

[p4xel]

Hi, I am experiencing something similar

user1 logged in, and I can see home dir as
\\truenas\user1

and at the same time I can see bunch of other shares
\\truenas\user2
\\truenas\user3
\\truenas\user4
and all of them point to the user1 home dir

Those are random, not all users are listed, sometimes none sometimes all.

Have you found any solution to this issue?

Thanks!

 

[archwikiftw]

Hi, here is my solution to this issue.
I personally dislike the path convention of the default samba configuration for home folders. \\TRUENAS\homes\user1 and a lot of people find confusion not disabling the homes folder by unchecking "Browsable to Network Clients" to disable homes from appearing. Even then, I don't want each username appearing in the root share folder, even if it the username of the logged in user. It's inconsistent and I would prefer everyone having a "Home" folder that resolves to their username or %U. Only downside is now you have to be extra careful with manually setting permissions and ACLs.

I am doing a quick write up, so I am probably missing a few things. Please reply if you think of something I missed!

Here's my solution. Replace the pool name and username with your own.

1. Create a new user in Truenas web UI and select their desired home location. For me, I am using /mnt/mpool/Home/<username>
2. Depending on your user and group setup, might want to set Home folder permissions for each user to 700 or deny access to groups and other.
3. Go to Shares > SMB and click the Add button
4. Set the path to /mnt/mpool/Home
5. Set name to "Home"
6. Purpose: No presets
7. Ensure Browsable to Network Clients is enabled
8. Make sure Use as Home Share is disabled. This is what creates the default behavior as 'homes' and adding usernames to root directory. Not what I want.
9. Now, we are going to specify options that are similar to the default behavior, but more tailored to our needs.
10. Auxiliary Parameters: This is what modifies the samba configuration file using the options we want.
11. Code:

    path = /mnt/mpool/Home/%U
    valid users = %U
    read list = %U
    write list = %U
    

    
    %U gets interpreted by samba to the logged in user's username.
12. Now click save and test. These parameters will resolve to the username you are logged in via SMB and go directly to your Home directory instead of going to homes or sharing you username to root.
13. Double check your ACL permissions to ensure you have access to your share and are the owner. The Home directory should be browseable by users via a common group such as homeuser but each individual user's home should be owned by them. Double check also guest access is disabled and inherit permissions is off.
    
    This method probably won't auto create any users on demand like the default homes feature. If you want to read more about the samba.conf file you can see the config parameters and specifications here .

 

[Patrick_3000]

Or you can grant user permissions in the datasets, with no special configuration in the shares necessary. That's what I do at home where there are two users, me and my spouse. It's pretty simple.

In the datasets, turn on ACL. If you have two users, say User1 and User2, make User1 (for example, you) the owner of any dataset User1 will have access to, choose the pre-set "secure" ACL, and if User2 will also have access to that dataset, click "Add item" to add User2 with "read" or "full control" permission as desired. If there are any parent datasets that User2 does not have access to but you want User2 to access a child, then you'll need to add "traverse" access for User2 to the parent.

Then just share the dataset, and everything should work.