Hello,
I am a new user and as a new user I just want to give some feedback about the TrueNAS 12 documentation from a new user perspective. I do not want to highjack this discussion (for personal technical questions) and because of this I do not want technical solutions (in this discussion thread) for my problems.
Some background: I configured Samba-servers decades ago and used several QNAP-NAS boxes (but I do not like their closed system). I selected TrueNAS 12 for my next NAS because I heard a lot of good things about FreeNAS in the past and TrueNAS seems a better/modern version of FreeNAS with better ZFS and other things. So I decided to got with TrueNAS-software (from ixsystems) and TrueNAS-hardware (from ixsystems) so everything should work out of the box. Well, that was my intention.
But setting up a TrueNAS 12 NAS seems much more complicated that setting up a QNAP NAS. It even seems more complicated than setting up a samba server on a unix/linux server.
I started with a simple requirement/task as an example: Setting up a SMB-share named "office" where the local users "jim" and "john" have full read+write access, where user "jack" only has read access and all others have no access at all. And all permission-security-related settings (like ACLs etc.) are only allowed to be changed from user "admin".
I managed to add the users in TrueNAS.
But the page
https://www.truenas.com/docs/hub/tasks/administrative/users/ does not help at all. It does not have information how to set up users restrictions/permissons (i.e. how to allow/disallow a specific service, how to setup a password-policy etc...) but writes about user-IDs and primary-groups without explaining, why this is important to set up manually. It seems the GUI/doc reflects more the underlying OS-view (/etc/password and /etc/group files) and makes it more complicated than it has to be.
I still do not know how to set up the users, so that they are only allowed for SMB. Is this even possible?
Because I already understood some ZFS-basics I was able to create a pool and a dataset.
But then I wanted to add a SMB-share and set up access permissions and the informations for this
https://www.truenas.com/docs/hub/sharing/smb/smb-share/
https://www.truenas.com/docs/hub/tasks/advanced/editingacls/
are sparse and nearly non-existent.
The doc-page mentions ACLs (access control lists) and ACEs (access control entries) and writes, that ACLs can be assigned to datasets, directories and files.
However, in the GUI there are permissions in path "Storage / Pools / Edit Permissions" and there is "Storage Pools / Edit ACLs" that kind of is doing the same thing. And then there is "Sharing / SMB / Share ACL".
It seems, ACLs can be setup for a filesystem (bad wording, probably "dataset" should be used as wording) and for a share.
Why are this different ways existing? Whats the best way of setting up permissions if there are only SMB-shares used on the NAS? Does it matter in this case if an ACL is setup as "filesystem" or "share" and can both setups do the exact same thing? Where are all the fields and their possible data values and the consequences of values explained in detail? Is there an easy way to see all ACLs and ACE (ACL entries) in one place at a glance? And it seems there is no clear distinction between adding an ACL and adding an ACE for an ACL.
Sorry, if this is not only about documentation. But at this moment I can not differentiate between a missing description/explanation in the TrueNAS 12 docs and a missing functionality in TrueNAS 12.
To make sure that users only see the data they are allowed to see it is important to fully understand how user permissions are set-up. This is very important for a NAS that stores sensitive data and that serves several users with different permissions.
But at the moment I do not trust TrueNAS 12 (and my knowledge of TrueNAS 12) for a NAS to store sensitive, protected data.
To look at old docs for FreeNAS 11.x does not help (I do not use FreeNAS and I do not know whats the same/different between FreeNAS 11 and TrueNAS 12).
TrueNAS 12 does use standard building blocks (like ZFS, BSD, Samba, etc.) and glues and "value adds" a middleware and a nice web based GUI.
But as long as the TrueNAS 12 documention is so sparse and superficial like it is now, this middleware looks more like the part of a problem than part of a (good) solution for a NAS. Maybe its easier to install FreeBSD and ZFS and a Samba-server manually? At least I could better understand from the docs of the building-blocks, how to set up a secure system.
If I understand it correctly, the "TrueNAS Documentation Hub" is for the community-version and also the commercial-version of TrueNAS 12. Documentation is part of a product. With the actual quality of the TrueNAS 12 documentation, I would not recommend the commercial product to anyone.
Sorry, if my text maybe sounds harsh. I do appreciate the hard work everyone puts into it (during work time and free time).