I’ve been using Freenas/Truenas for about 10 years now, starting off on HP microserver N54L.
By and large setting up a new machines has been OK with the main challenge been getting the access permissions right. In the early years I ended up just setting the permissions to “everyone” = full control. By the time I’d been round the loop dozens of times over several late nights, reading documentation, forum posts, etc trying to achieve the desired configuration, I’d just have to settle for what worked (everyone, full control). And it would be the same story over the intervening years when I’d setup new instances, change configs, etc.
Most recently I’ve been bumping heads with this facet of TrueNAS when I’ve been importing a pool of disks from one of my storage boxes that had stopped working. That old instance had permissions derived from an AD DC that is no longer accessible (long story, not central to this post). Once I’d successfully imported the pool I tried to replace the existing ACL’s with something that would make the contents accessible from my Windows machine.
So, broadly speaking, steps taken:-
1. Setup user account on new TrueNAS instance.
(not a built-in acc, MS=y, Samba=y)
2. Enable SMB service.
Netbios name = BLUENAS02
Aux Parms - enable web service discovery=yes
3. Setup SMB shares
Path = /mnt/TNAStank02/FNAS_dataset01
Purpose = Default
4. Share ACL
Permission = full
Type = Allowed
5. Filesystem ACL
……..
This is where I tried a variety of settings:-
Select a preset ACL – “Open” should make it accessible. Nope, didn’t work.
Strip ACLs and reapply a fresh set. Nope, didn’t work.
And various other combinations of settings.
And then I remembered a bit of fun I had 2 or 3 years ago when I was trying to setup a network bridge and some kind person on the TrueNAS forums mentioned that I should check for a hidden bridge from the shell. So basicly the TrueNAS GUI does not always fully or truthfully report the system configuration.
So a trip to the shell yielded:-
root@BLUENAS02[~]# getfacl /mnt/TNAStank02/FNAS_dataset01
# file: /mnt/TNAStank02/FNAS_dataset01
# owner: admin
# group: guest
owner@:rwxpDdaARWcCos:fd-----:allow
group@:rwxpDdaARWcCos:fd-----:allow
everyone@:rwxpDdaARWc--s:fd-----:allow
everyone@:--------------:fd-----:allow
The GUI only had one entry for “everyone”. So I played around with the “everyone” entry in the GUI and eventually got:-
root@BLUENAS02[~]# getfacl /mnt/TNAStank02/FNAS_dataset01
# file: /mnt/TNAStank02/FNAS_dataset01
# owner: admin
# group: guest
owner@:rwxp--aARWcCos:-------:allow
group@:rwxp--a-R-c--s:-------:allow
everyone@:------a-R-c--s:-------:allow
And could see my files and folders again!!!! Yay!!!
So it looks like I need to get acquainted with the relevant shell commands.
But the important thing from this story is the TrueNAS GUI does not always fully or truthfully report the system configuration.
I would have saved so many late nights, despairing and doubting myself if someone had told me that. Don’t get me wrong, I’ve got a lot of time for TrueNAS and the GUI looks good but that's a serious shortcoming.
Hope this is useful to someone
P.
By and large setting up a new machines has been OK with the main challenge been getting the access permissions right. In the early years I ended up just setting the permissions to “everyone” = full control. By the time I’d been round the loop dozens of times over several late nights, reading documentation, forum posts, etc trying to achieve the desired configuration, I’d just have to settle for what worked (everyone, full control). And it would be the same story over the intervening years when I’d setup new instances, change configs, etc.
Most recently I’ve been bumping heads with this facet of TrueNAS when I’ve been importing a pool of disks from one of my storage boxes that had stopped working. That old instance had permissions derived from an AD DC that is no longer accessible (long story, not central to this post). Once I’d successfully imported the pool I tried to replace the existing ACL’s with something that would make the contents accessible from my Windows machine.
So, broadly speaking, steps taken:-
1. Setup user account on new TrueNAS instance.
(not a built-in acc, MS=y, Samba=y)
2. Enable SMB service.
Netbios name = BLUENAS02
Aux Parms - enable web service discovery=yes
3. Setup SMB shares
Path = /mnt/TNAStank02/FNAS_dataset01
Purpose = Default
4. Share ACL
Permission = full
Type = Allowed
5. Filesystem ACL
……..
This is where I tried a variety of settings:-
Select a preset ACL – “Open” should make it accessible. Nope, didn’t work.
Strip ACLs and reapply a fresh set. Nope, didn’t work.
And various other combinations of settings.
And then I remembered a bit of fun I had 2 or 3 years ago when I was trying to setup a network bridge and some kind person on the TrueNAS forums mentioned that I should check for a hidden bridge from the shell. So basicly the TrueNAS GUI does not always fully or truthfully report the system configuration.
So a trip to the shell yielded:-
root@BLUENAS02[~]# getfacl /mnt/TNAStank02/FNAS_dataset01
# file: /mnt/TNAStank02/FNAS_dataset01
# owner: admin
# group: guest
owner@:rwxpDdaARWcCos:fd-----:allow
group@:rwxpDdaARWcCos:fd-----:allow
everyone@:rwxpDdaARWc--s:fd-----:allow
everyone@:--------------:fd-----:allow
The GUI only had one entry for “everyone”. So I played around with the “everyone” entry in the GUI and eventually got:-
root@BLUENAS02[~]# getfacl /mnt/TNAStank02/FNAS_dataset01
# file: /mnt/TNAStank02/FNAS_dataset01
# owner: admin
# group: guest
owner@:rwxp--aARWcCos:-------:allow
group@:rwxp--a-R-c--s:-------:allow
everyone@:------a-R-c--s:-------:allow
And could see my files and folders again!!!! Yay!!!
So it looks like I need to get acquainted with the relevant shell commands.
But the important thing from this story is the TrueNAS GUI does not always fully or truthfully report the system configuration.
I would have saved so many late nights, despairing and doubting myself if someone had told me that. Don’t get me wrong, I’ve got a lot of time for TrueNAS and the GUI looks good but that's a serious shortcoming.
Hope this is useful to someone
P.