SMB - strange behaviour

[arneboeses]

Good morning,

I just installed a test VM for TrueNas-12RC1. I found some strange things happen there.

The plan:

• 2 users
• 1 personal share each
• 1 public share (rw both users)

The setup:

• 1st user: 01 (Microsoft Account Checkbox activated)
• 2nd user: 02 (Microsoft Account Checkbox activated)
• group: all_share - Members: 01, 02
• pool: hdd
  • share_root (dataset - share type generic)
    • 01 (dataset - share type smb)
    • 02 (dataset - share type smb)
    • public (dataset - share type smb)
• 3x SMB shares (attachment: shares.png)
  • share_01 -> file ACL: User - 01 - Full Access
  • share_02 -> file ACL: User - 02 - Full Access
  • share_public -> file ACL: Group - all_share - Full Access (attachment: smb_file_acl_public.png)

The result:

• 01 can rw in share_01
• 02 can rw in share_02
• 01 and 02 can rw in share_public
  • 01 can't see files and folders of 02
  • 02 can't see files and folders of 01
• within all datasets additionally datasets (?) where created in the moment when a user connected the first time to the share (attachments: before_adding_file.png, after_connecting_via_smb.png)

Looking forward to some feedback, if that is by intention or not. Also that "01" and "02" can't see the files of the others in that share could be related to the fact, that a spare folder each was automatically created.

Best,
Arne

 

[arneboeses]

OK - now I tested it with the current FreeNAS version and everything works as expected.

01 -> own share full access without "additional" dataset
02 -> own share full access without "additional" dataset
public -> 01 and 02 can write there and see the other files / folders

So it seems to be a bug in TrueNAS, right? Would be cool if someone could point me where I could report that.

Best,
Arne

 

[KevinP]

Hey, I'm new to using TrueNAS/FreeNAS, and I came across this thread as I'm looking to create a setup nearly identical to yours - 2 users, each with their own private share - but I was also noticing those child datasets appearing after interacting with the shares.

When creating your shares, what purpose did you specify? I thought this was a bug as well, and started working on creating a list of steps to reproduce it, but then noticed the following from clicking on the help icon next to the 'Purpose' field:

Choosing a preset configuration for the share locks in several predetermined values for the share Advanced Options, including the Path Suffix. To see which options have been set and/or locked, click Advanced Options after selecting a Purpose. %U is added as the Path Suffix when a Multi-user, Multi-protocol, or Private Purpose is selected. To retain full control over all the Advanced Options, select No presets.

I was using the 'Private SMB Datasets and Shares' purpose, which would create those child datasets with the users' name. As a test, I created another dataset with a separate share associated with it, but left purpose as default this time, and simply modified the filesystem ACL to allow only one user to access the share. This works exactly as you'd expect; when interacting with the share, no child dataset is created, and only the user specified as the owner within the ACL is capable of accessing the share.

 

[arneboeses]

Thank you @KevinP - I can confirm that it is working as you described.