Great video Tom! One quick way I've found on Windows to stop it holding onto the last user is to simply restart the "Workstation" (LanmanWorkstation) service. This will then prompt again for credentials when connecting to a share (Providing the remember me option wasn't ticked). Has saved a lot of time in the past when troubleshooting permissions with different users.
As many others have said, this video enabled me to get my Truenas Scale functioning as I wanted it to. Absolutely perfect directions. Thank you so much.
An alternative to re-starting the windows to disconnect server connections is open a cmd box and use 'net use \\(The name of the server) /delete'. The command 'net use' will show which servers are connected. I had a problem with disconnecting to an individual server once so used 'net use \\ * /delete' this disconnect all the severs.
THANK YOU. I would love more on all of this. Always struggling with shares and permissions. Current question is NFS. This video focused on SMB. Shares from Truenas to Proxmox for like Plex or something. Thanks for all you have done!
Can you please update this video for 23.10.2? Options have changed and for the life of my I cannot get SMB shares to work from Windows 11, keep getting "You don't have permissions for this", if I try to create folders from Windows, when the user has Full rights to the share. I can only get this to work if I set the Purpose to "Private SMB and Dataset share.
I hope this will finally help me understand user permissions on shares in Core. Even though I watched your videos I'm still struggling with the concepts.
I love when the people who write documentation for services have no clue how to write documentation and we have to rely on TH-cam videos to understand how to use a piece of software. And then that software gets updated and doesn't update their documentation and the TH-cam videos are immediately outdated. Its such a great system. We really need to keep this going.
Wow THANK YOU so much for this guide!! I've spent the past month or so trying to learn TrueNAS/Linux on my own and getting pretty frustrated in the process. It was really gratifying to hear you explain the common mistakes/misconceptions (most of which I have made). I was starting to think I was just being lazy not doing the research in forums, so it's nice to hear from someone else that it's not as intuitive in some parts. Thanks again for saving me all that time! Looking forward to the next one!
I am a new user of truenas scale. Thank you for this really clear and usefull tips. I needed Jellyfin to be able to access my smb shares that contains my media.
Great video on TrueNAS scale permission :) Definitely a great help. Been using scale for some time as its great. Wish there is an option for scale clustering of multiple node to create HA but that is only in their advance pay feature.
2:53 The Share Types cant be switched later, as i had to experience painfully. But your explanation of the different Share Types helped me to get into a problem i had with some datasets and prevented me from making some bad decisions while still working on my first TrueNAS setup.
Great video, explained a lot to me. But I still don't understand why it's all so confusing. In a month or two, if I need to set something up, I'll have to watch the video again because I'm sure I won't remember everything.
they removed that option from 23.10 because of all the problems that default was causing for users. now you don't need to do anything, it is off by default
@2:50 No you can NOT change it later. Warning: if you set the share type to SMB (case insensitive for files), you won't be able to use WebDAV for that dataset. It needs Unix permissions, so Generic type will work for both. You can NOT change it once dataset is created, it is immutable. I had to move 2TB of data to new dataset and create the shares.
You're right you can't change the share type, but you can change the ACL type back to POSIX. I think that 'Share Type' is just some kind of abstraction to setup some default options, I'm not sure there's anything that can't be undone so to speak. In Cobra at least you seem to be able to edit the dataset > Advanced Options > ACL Type and you can change it to POSIX which should be what you need for Unix permissions.
Thanks as always Tom, great work! So in summary to run an app such as file browser it is an all or nothing permission based on the app user / app group in terms of what file browser's users can see and do.... I wish TrueNAS would just incorporate a web based file browser into their platform that accomplishes user/group permissions per dataset instead of the one size fits all approach via an app.
Thanks for the link to this video, still struggling to get my head around TrueNas. At 5:40 you are showing "Edit ACL", but why can you strip ACL? Using the stock settings and permissions (inherit) on the dataset. Dare to explain?
Thank you very much, really very useful video, everything is explained step by step and understandable. I can't wait for the promised video with an active directory that would be suitable for our school deployment :)
Perfect day for your tutorial. I just finished installed the new version of the app today morning and had the same error as yours for .htaccess file not working. Please post if you figure how to fix this. subscribed. And now collabora is not reachable from nextcloud.
I believe you can switch user here: Control Panel\User Accounts\Credential Manager Find the IP-number and then edit the user credentials Then remap the share
At 4:43, you logged in as tom to the smb share Share_Demo. That share though is owned by the user & group root. How was then tom able to access the share without him existing at the ACLs? Probably the answer comes later at 13:12 where you mention that tom and marcus are part of the buildin-users and due to that, they can have access to Share-Demo. Right?
Curious to know if in the cli of the apps, the group owner of that TH-cam folder will show as 3002 (the gid of the TH-cam group if I'm not mistaken) instead of "apps" (or root or abc depending on the app settings). When files/folders are created in the app inside the TH-cam folder, would they have the "apps" group as group owner or also the 3002 group? And then would an ls show a mix of 3002 and "apps" as group owners of the files/folders depending on where or by whom they were created? If so, it may be my OCD but somehow that really annoys me. 😅 Also not sure if related, but I experienced some permission issues in the past (older version of scale) and figured they were because of the foreign group id/owner (3002 in this case) which is unknown to the app.
It's a bit more complex than that and that is the reason you set it at the dataset level is because ZFS has settings for that extra data to be stored for the ACL
This is an excellent video Tom, but what a mess Scale is. I think it highlights the disconnect between the intent - share permissions - and the process - dataset editing. The ACL editor is a UI mess.
I don't want to have to create a separate dataset just for apps to access. What if my app is for downloading huge files? Then I have to physically copy them to another dataset - I can't just instantly move them to another folder.
Seems like some changes have been made, since you recorded this, to the TrueNAS Scale platform; the app menu is setup differently - in particular the advanced (Kubernetes) settings show no host path safety check option - is it deleted now instead of defaulted?
Hello Tom, my way to leave the running acces on a share is to use "net use" command to see the share and folow by "net use \\ip address\ipc$ /del" or the share corresponding. By do this, no logoff or restart is required, you can type \\host\share et the system ask you for new credential
re 9:20 "rebooting windows for relogin" ... well, there is easier way. 1) close all programs / explorers using these shares 2) in cmd run: net use * /d 3) in cmd run: klist purge 4) if you've managed to save credentials - run control panel / user accounts / credential manager / manage windows credentials -> find one you were logged in to network share and remove it
Okay, from the comments i need to see this video all the way. If i still fail after trying, can i find some priceing for your services? i am close to wanna pay to get my truenas working as it should with apps or get 1:1 lessons so it will work, but i will try first with this video when i have propper time :D
Hey question my PC is being weird when I try to access the Shared Folder thru File Explorer. Whenever I type the IPv4 address in the File Explorer bar instead of being asked the credentials to sign in it just opens my browser to the web configurator. How do I fix this?
Core run better on my older hardware. But I want a greater number of apps that come with Scale. I am torn between staying with Core or learning Scale. I am trying to stick it out and learn Scale.
Thanks for all your work on this, this is great. Could you do a video related to truenas scale working with multiples networks and static routes? Thanks in advance, greetings from Detroit.
Do we have a way to get permission to read NTFS drives from a USB device on the latest version of Scale? apt, and apt-get are unauthorized, even with root access. Can't seem to install ntfs-3g as others have posted on forums.
seem i hope this is only a bug, when I disabled Host Path Security validate, all my apps disappeared from the Apps deployment section. opened a thread on TrueNas Scale community chat/section... I am trying to get a influxdb docker image deployed/working...
I can't seem to figure out how to allow other apps access to the dataset. I'm trying to allow readarr to access a samba dataset, which contains my e-books. Any recommendations?
Coming from a normal NAS i have the ability to make home directory to every user for backup purposes and to have access to all users homes from an admin account. I tried to do this on true nas scale (about 6 months ago) without success. Of course i created homes but i cant figure out how to give access to all users homes to admins only. Am i missing something or something is missing from truenas?
When I add a pool to apps Kubernetes tries to update but sticks at 0%. When I try to install an app I am greeted with "Kubernetes service is not running". I followed the video so I am not sure where the problem lies.
Thank you so much for this video. It is really helpful. I am still having a problem, though. I am using PhotoSync (SMB) configuration. While I don't expect any difference than working with SMB on Windows, every time it creates a directory, the directory gets the following permission: `d---------` instead of `d---rwx---`. Where should I look?
All good, I took the tip from an old video and Strip ACL, then applied it again. It looks like working now. Thanks for all the videos you are making!!!
is possible to hide folders or shares to users who do not have permissions?. At the moment, unauthorized users cant access inside, but are able to see folders name. Thanks for your help
@4:30, what's the effect of that "use as home share"? I'm so confused by it and am not sure if I need to accept it. I thought this meant that every user gets a private sub-folder in that share?
Around 2:50 Tom mentions the ability to change the share type after the fact. Any one know how to do that? I forgot to select the share type and now my acl manager looks completely different than the other data set on my system where i remembered to set the share type. I looked everywhere and wasn't able to figure out how to do it in the GUI. Thanks for any help.
Unable to rename folder name, error message " the action can't be completed because the folder or a file in it is open in another program" please solve this problem
Any update on when the updated Active Directory video will be released? Currently trying to deploy TN in a AD environment and running into issues when trying to migrate data from the current windows share to the TN share. Some of the files on the windows share are owned by ‘system’ or the local admin, or ad users that have been deleted. When using robocopy to copy over the data with /copyall I get an error 1307 (this security id may not be assigned as the owner of this object). Current file server has roughly 3million files on it not sure how I could fix the ownership on a unknown percentage of these file
Can you access the youtube SMB share directly? Instead of going through the share SMB parent folder first? I want to mount the child dataset directly, instead of going through the parent dataset, but it's not working for me in windows...I can see the share but not access it directly, I must browse through the parent dataset first.
Hello, thanks for all the content. I do have a simple question, I am trying to create more data sets inside a sub folder, but I don't want the subfolder users to go into other folder that are not their own dedicated folder is there a way to do that? example: NAS -> Family_shared_folder -> Mom_folder -> Dad_folder -> Sister_folder -> My_folder -> Misc_folder (no sub permissions, only inherit permissions from Family_shared_folder) how would i go and give permission to the sub folder in the family shared folder so the other accounts don't go into the other folders? Because from my understanding i have to provide everyone access to the Family shared folder is that right, but can't they just access all the sub folders?
Tom or ANYONE, How can I setup a permissions in a dataset to where I (dad builtin_admin) has full control and want my other users (wife and kid builtin_users) to be able to read and write files if they want, but not be able to delete anyone's files ONLY the ones they created/own? I am able to have each user write files to the dataset but the user that creates the file cannot delete their own file. If I give them modify permissions they can delete anything in the dataset. How do I fix this???
Do you know if I can run a tape library (MSL 2024) with Truenas? I'm having a supermicro server with both a bunch of SAS disks in an external housing on raid controllers, as well as a tape library. I'm thinking of upgrading, and instead of using my own home made set of vms, use truenas. I'm unsure on whether I can use my tapes / library with truenas. I assume I'll first run the server that I install truenas on and then use some of my bigger disks (I've a bunch of 18TB ones) to transfer the data for once, and then configure the tape library, move connect the disk housing, and ultimately get my disks back and copy the data back. At that point the only question that I wonder is how I'm going to run my tape library.
@@LAWRENCESYSTEMS But is the underlying system not just Linux? In that case I could leverage that, if it can also serve as client to the shares from truenas. Would be interesting to know if I can hand through some SAS devices directly to some vm running on truenas.
Ugh.. I transitioned from Core to Scale and i really need to sett up Permissions again :( but i'm to scared loosing my data to go balls to the wall :S I really should get someone pro to remote into my system and set shit up
i think they have (re)moved them in the newer 23.xx version, i was searching in the comments for someone to explain where the option went, and whether we need to disable it. Edit: i found a post on reddit covering the topic, they removed the option and it's currently 'disabled' by default
I wish that TrueNAS implements Samba to reload automatically (smbcontrol all reload-config) whenever a config change is made in a future release. Two questions: 1. If I click on any share (private/public) and then the Edit Share ACL (not the Edit Filesystem ACL), it defaults to SID: S-1-1-0, Name: EVERYONE, Permission: FULL, Type: ALLOWED. What it its function, should it be this way for private shares? 2. I've setup a Windows PC with a personal MS account. When I try to access a private share, it asks for credentials. The username on the TrueNAS differs from the PC, but I insert the correct username/password when asked for it. Still, I get access denied. (Public anonymous shares still works fine). It used to work before with a local account on the PC with the same username as in TrueNAS though. Why is that? Keep up the good work, love your videos!
@@LAWRENCESYSTEMS Thanks for your prompt reply. Tried to create a share from scratch (latest version): 1. Created test SMB dataset. 2. Created a share for it and chose Private Dataset/Share. It still shows the same as above (Edit Share ACL). Bug in TrueNAS or should it just be this way? Seems like the Filesystem ACL takes presence anyway...
is it wrong that I want to have each app as its own user on the ACL list? one app shouldn't have access to everything that has an app permission. like qbittorent app shouldn't have full control on a dataset intended for filebrowser? am I thinking of this wrong? what happens if in app goes rouge or has a security hole in it edit: ok. maybe I'm wrong. I think its only mounted paths of specific apps that get permission for that app (and path).
What about using SMB with NFS together for shares ? i want my linux vms to be able to connect to them using nfs, but for windows clients to use samba. Is it ok and what permissions are best here? Can i use ACLs for nfs? i have some weird behavior now with them, for example some files appear to be owned by root, but it is set to user in truenas scale
can you do a video on core with Jails for truenas core, creating users for sonarr & radar and getting the permissions setup? i have been having issues and i am at the point that i just want to give up on this truenas thing
I love watching your videos but for me admin and root in TrueNas Scale has been completely busted for fresh installs. You can't access IP settings, ACLs, or ZFS datasets. This pretty much means unless you upgraded you couldn't interact with ZFS and couldn't setup most things in TrueNas Scale.
I'm trying to run a docker app in truenas using the blue botton. I can't for the life of me get the app to be able to use its data set. this video is helpful, jut not in my case...
FINALY!!! The Gods have answered. Been waiting for your update video regarding this. Thank you.
Yes, I love watching videos about using the features of truenas.
They really help to expand knowledge about the many features of truenas
Great video Tom! One quick way I've found on Windows to stop it holding onto the last user is to simply restart the "Workstation" (LanmanWorkstation) service. This will then prompt again for credentials when connecting to a share (Providing the remember me option wasn't ticked). Has saved a lot of time in the past when troubleshooting permissions with different users.
As many others have said, this video enabled me to get my Truenas Scale functioning as I wanted it to. Absolutely perfect directions. Thank you so much.
Without your help I would still stumble around getting a "simple" SMB share up and running. Thank you so much - you really made my day!
This guide fixed a nagging issue I had where new folders created by an app were non-writable over SMB for my user. Thanks, Lawrence! 😀
An alternative to re-starting the windows to disconnect server connections is open a cmd box and use 'net use \\(The name of the server) /delete'. The command 'net use' will show which servers are connected. I had a problem with disconnecting to an individual server once so used 'net use \\ * /delete' this disconnect all the severs.
THANK YOU. I would love more on all of this. Always struggling with shares and permissions.
Current question is NFS. This video focused on SMB. Shares from Truenas to Proxmox for like Plex or something.
Thanks for all you have done!
Can you please update this video for 23.10.2? Options have changed and for the life of my I cannot get SMB shares to work from Windows 11, keep getting "You don't have permissions for this", if I try to create folders from Windows, when the user has Full rights to the share. I can only get this to work if I set the Purpose to "Private SMB and Dataset share.
This could not have come out at a better time. I just moved my NAS to truenas scale and im struggling. Thank you for the help!
I hope this will finally help me understand user permissions on shares in Core. Even though I watched your videos I'm still struggling with the concepts.
damn dude you just fixed my home truenas server in a matter of minutes, forever grateful
I love when the people who write documentation for services have no clue how to write documentation and we have to rely on TH-cam videos to understand how to use a piece of software. And then that software gets updated and doesn't update their documentation and the TH-cam videos are immediately outdated. Its such a great system. We really need to keep this going.
Products change and then I make new videos :)
Thank you so much. I was struggling for two months. 3:51 was the issue.
Thank you so much for this! This is the best tutorial I've seen so far that explains how ACLs work on TrueNAS!
Wow THANK YOU so much for this guide!! I've spent the past month or so trying to learn TrueNAS/Linux on my own and getting pretty frustrated in the process.
It was really gratifying to hear you explain the common mistakes/misconceptions (most of which I have made). I was starting to think I was just being lazy not doing the research in forums, so it's nice to hear from someone else that it's not as intuitive in some parts. Thanks again for saving me all that time! Looking forward to the next one!
Glad it helped!
I've been struggling all day with the permissions, thank you for this video!
I am a new user of truenas scale. Thank you for this really clear and usefull tips. I needed Jellyfin to be able to access my smb shares that contains my media.
This definitely helped explain how to share certain folders(movies). Thanks for this. Another Favorite.
Most helpful video I've watched in regards to Truenas Scale SMB creations and management.
thanks for the video. The home directory permissions are in newer versions different. Read, write and execute is unmarked for group and other.
I rarely comment, but this video was fantastic and had just about everything I wanted to know. Thank you.
Glad it was helpful!
Awesome, this fixed up plex on trunas scale for me. And I learned about ACLs.
Glad you got it working!
Great video on TrueNAS scale permission :) Definitely a great help. Been using scale for some time as its great. Wish there is an option for scale clustering of multiple node to create HA but that is only in their advance pay feature.
That is still a beta feature and done via their TrueCommand software.
This is really helpful, so much of the user permission stuff is complicated for us new users. I didn't even think about the apps user and group 👍
2:53 The Share Types cant be switched later, as i had to experience painfully. But your explanation of the different Share Types helped me to get into a problem i had with some datasets and prevented me from making some bad decisions while still working on my first TrueNAS setup.
Great video, explained a lot to me. But I still don't understand why it's all so confusing. In a month or two, if I need to set something up, I'll have to watch the video again because I'm sure I won't remember everything.
Great content, as always. Definitely more TrueNas content would be great 😊
Thanks! This video is a big help in configuring my Truenas Scale Server!
The "enable host path safety checks" option is missing from my truenas app settings. What do I do? The option simply isn't there.
Yes, also missing "enable host path safety checks'
I think it has to do with a recent update 23.10. But I don’t know how to fix it currently.
they removed that option from 23.10 because of all the problems that default was causing for users.
now you don't need to do anything, it is off by default
Great explainer video for local accounts on Windows. What would need to change for Microsoft accounts or LDAP/Active Directory accounts?
@2:50 No you can NOT change it later. Warning: if you set the share type to SMB (case insensitive for files), you won't be able to use WebDAV for that dataset. It needs Unix permissions, so Generic type will work for both. You can NOT change it once dataset is created, it is immutable. I had to move 2TB of data to new dataset and create the shares.
You're right you can't change the share type, but you can change the ACL type back to POSIX. I think that 'Share Type' is just some kind of abstraction to setup some default options, I'm not sure there's anything that can't be undone so to speak. In Cobra at least you seem to be able to edit the dataset > Advanced Options > ACL Type and you can change it to POSIX which should be what you need for Unix permissions.
@@JoshArchers IIRC WebDAV was not able to see the dataset once created as SMB, even after changing the type to POSIX. So no, it is not the same.
Just another awesome video! Thank you Tom for explaining so well
It's been 1hr already and I don't see the TrueNAS + AD video in the description yet 😅
Thanks as always Tom, great work!
So in summary to run an app such as file browser it is an all or nothing permission based on the app user / app group in terms of what file browser's users can see and do.... I wish TrueNAS would just incorporate a web based file browser into their platform that accomplishes user/group permissions per dataset instead of the one size fits all approach via an app.
Thank you!
The small check box was causing me a pain!
Greetings from the EU
Thanks for the link to this video, still struggling to get my head around TrueNas. At 5:40 you are showing "Edit ACL", but why can you strip ACL? Using the stock settings and permissions (inherit) on the dataset. Dare to explain?
Thank you very much, really very useful video, everything is explained step by step and understandable. I can't wait for the promised video with an active directory that would be suitable for our school deployment :)
Perfect day for your tutorial. I just finished installed the new version of the app today morning and had the same error as yours for .htaccess file not working. Please post if you figure how to fix this. subscribed. And now collabora is not reachable from nextcloud.
I believe you can switch user here:
Control Panel\User Accounts\Credential Manager
Find the IP-number and then edit the user credentials
Then remap the share
brilliant done with explanation
is it possible to create a hidden share and allow users to see only folders that they have permissions?
Premissions are my Kryptonite... This helped but I would see a more detailed explanation about masks, flags, group objects etc.
is it only me or is it so convoluted there! ;-)
The File Browser app, always comes with an exposed folder, that you can't delete? Thanks
At 4:43, you logged in as tom to the smb share Share_Demo. That share though is owned by the user & group root. How was then tom able to access the share without him existing at the ACLs?
Probably the answer comes later at 13:12 where you mention that tom and marcus are part of the buildin-users and due to that, they can have access to Share-Demo. Right?
Correct
Very good information, thank you!
Dude, kudos on the studio
Thanks
Curious to know if in the cli of the apps, the group owner of that TH-cam folder will show as 3002 (the gid of the TH-cam group if I'm not mistaken) instead of "apps" (or root or abc depending on the app settings). When files/folders are created in the app inside the TH-cam folder, would they have the "apps" group as group owner or also the 3002 group? And then would an ls show a mix of 3002 and "apps" as group owners of the files/folders depending on where or by whom they were created? If so, it may be my OCD but somehow that really annoys me. 😅
Also not sure if related, but I experienced some permission issues in the past (older version of scale) and figured they were because of the foreign group id/owner (3002 in this case) which is unknown to the app.
It's a bit more complex than that and that is the reason you set it at the dataset level is because ZFS has settings for that extra data to be stored for the ACL
This is an excellent video Tom, but what a mess Scale is. I think it highlights the disconnect between the intent - share permissions - and the process - dataset editing. The ACL editor is a UI mess.
I don't want to have to create a separate dataset just for apps to access. What if my app is for downloading huge files? Then I have to physically copy them to another dataset - I can't just instantly move them to another folder.
Wonderful video! Thanks so much.
The ACL screen has to be the least intuitive in all of TrueNas
Seems like some changes have been made, since you recorded this, to the TrueNAS Scale platform; the app menu is setup differently - in particular the advanced (Kubernetes) settings show no host path safety check option - is it deleted now instead of defaulted?
Hello Tom, my way to leave the running acces on a share is to use "net use" command to see the share and folow by "net use \\ip address\ipc$ /del" or the share corresponding. By do this, no logoff or restart is required, you can type \\host\share et the system ask you for new credential
I have found that not to work because Windows won't forget some permission changes unless it's connected to an AD server.
oops i just posted more or less the same. sorry.
Can you go over access based enumeration? The setting is grayed out after following your tutorial and I do not want all users to see all folders.
re 9:20 "rebooting windows for relogin" ... well, there is easier way.
1) close all programs / explorers using these shares
2) in cmd run: net use * /d
3) in cmd run: klist purge
4) if you've managed to save credentials - run control panel / user accounts / credential manager / manage windows credentials -> find one you were logged in to network share and remove it
Okay, from the comments i need to see this video all the way. If i still fail after trying, can i find some priceing for your services? i am close to wanna pay to get my truenas working as it should with apps or get 1:1 lessons so it will work, but i will try first with this video when i have propper time :D
Hey question my PC is being weird when I try to access the Shared Folder thru File Explorer. Whenever I type the IPv4 address in the File Explorer bar instead of being asked the credentials to sign in it just opens my browser to the web configurator. How do I fix this?
Core run better on my older hardware. But I want a greater number of apps that come with Scale. I am torn between staying with Core or learning Scale. I am trying to stick it out and learn Scale.
Is TN Scale production worthy yet ?? Been sticking to Core just because she soo stable... Great vid a usual tl
Thank you
For NAS functions like shares and iSCSI, yes. Apps and cluster features are still a work in progress.
Thanks for all your work on this, this is great. Could you do a video related to truenas scale working with multiples networks and static routes? Thanks in advance, greetings from Detroit.
Why static routes?
Do you cover in another video how to add the smb share to ubuntu mount?
Do we have a way to get permission to read NTFS drives from a USB device on the latest version of Scale? apt, and apt-get are unauthorized, even with root access. Can't seem to install ntfs-3g as others have posted on forums.
seem i hope this is only a bug, when I disabled Host Path Security validate, all my apps disappeared from the Apps deployment section. opened a thread on TrueNas Scale community chat/section...
I am trying to get a influxdb docker image deployed/working...
Great work!!! Can i use Unicode char in dataset name? (Greek)
I can't seem to figure out how to allow other apps access to the dataset. I'm trying to allow readarr to access a samba dataset, which contains my e-books. Any recommendations?
Coming from a normal NAS i have the ability to make home directory to every user for backup purposes and to have access to all users homes from an admin account.
I tried to do this on true nas scale (about 6 months ago) without success.
Of course i created homes but i cant figure out how to give access to all users homes to admins only.
Am i missing something or something is missing from truenas?
When I add a pool to apps Kubernetes tries to update but sticks at 0%. When I try to install an app I am greeted with "Kubernetes service is not running". I followed the video so I am not sure where the problem lies.
Thank you so much for this video. It is really helpful. I am still having a problem, though. I am using PhotoSync (SMB) configuration. While I don't expect any difference than working with SMB on Windows, every time it creates a directory, the directory gets the following permission: `d---------` instead of `d---rwx---`. Where should I look?
All good, I took the tip from an old video and Strip ACL, then applied it again. It looks like working now. Thanks for all the videos you are making!!!
is possible to hide folders or shares to users who do not have permissions?. At the moment, unauthorized users cant access inside, but are able to see folders name. Thanks for your help
@4:30, what's the effect of that "use as home share"? I'm so confused by it and am not sure if I need to accept it. I thought this meant that every user gets a private sub-folder in that share?
It can be used for users to have a Linux style home folder, not something I ever really use.
Around 2:50 Tom mentions the ability to change the share type after the fact. Any one know how to do that? I forgot to select the share type and now my acl manager looks completely different than the other data set on my system where i remembered to set the share type. I looked everywhere and wasn't able to figure out how to do it in the GUI. Thanks for any help.
Unable to rename folder name, error message " the action can't be completed because the folder or a file in it is open in another program" please solve this problem
what about nfs settings? I'm facing this error: "mount.nfs: Unknown error 521"
Any update on when the updated Active Directory video will be released? Currently trying to deploy TN in a AD environment and running into issues when trying to migrate data from the current windows share to the TN share. Some of the files on the windows share are owned by ‘system’ or the local admin, or ad users that have been deleted. When using robocopy to copy over the data with /copyall I get an error 1307 (this security id may not be assigned as the owner of this object). Current file server has roughly 3million files on it not sure how I could fix the ownership on a unknown percentage of these file
I don't really have a timeframe on that.
How do one import an existing ZFS pool exported from another system?
I have existing pools which I would like to use in TrueNAS
Can you access the youtube SMB share directly? Instead of going through the share SMB parent folder first?
I want to mount the child dataset directly, instead of going through the parent dataset, but it's not working for me in windows...I can see the share but not access it directly, I must browse through the parent dataset first.
It can be configured to share the TH-cam dataset directly
Hello, thanks for all the content. I do have a simple question, I am trying to create more data sets inside a sub folder, but I don't want the subfolder users to go into other folder that are not their own dedicated folder is there a way to do that?
example:
NAS
-> Family_shared_folder
-> Mom_folder
-> Dad_folder
-> Sister_folder
-> My_folder
-> Misc_folder (no sub permissions, only inherit permissions from Family_shared_folder)
how would i go and give permission to the sub folder in the family shared folder so the other accounts don't go into the other folders? Because from my understanding i have to provide everyone access to the Family shared folder is that right, but can't they just access all the sub folders?
Create each dataset for each user and give them permission
Easier way is just logoff the user instead of restarting.. This usually clears network sessions.
This Video helps me A LOT LOT LOT :) Thxxx
Really wish this covered NFS
Tom or ANYONE, How can I setup a permissions in a dataset to where I (dad builtin_admin) has full control and want my other users (wife and kid builtin_users) to be able to read and write files if they want, but not be able to delete anyone's files ONLY the ones they created/own? I am able to have each user write files to the dataset but the user that creates the file cannot delete their own file. If I give them modify permissions they can delete anything in the dataset. How do I fix this???
in proxmox using a vm or lxc vs inside trueNAS??? (trueNas is also inside proxmox)
Great video! Thank you!
Glad you liked it!
Do you know if I can run a tape library (MSL 2024) with Truenas? I'm having a supermicro server with both a bunch of SAS disks in an external housing on raid controllers, as well as a tape library. I'm thinking of upgrading, and instead of using my own home made set of vms, use truenas. I'm unsure on whether I can use my tapes / library with truenas. I assume I'll first run the server that I install truenas on and then use some of my bigger disks (I've a bunch of 18TB ones) to transfer the data for once, and then configure the tape library, move connect the disk housing, and ultimately get my disks back and copy the data back. At that point the only question that I wonder is how I'm going to run my tape library.
There is no official support for tape systems in TrueNAS
@@LAWRENCESYSTEMS Thanks for your answer.
@@LAWRENCESYSTEMS But is the underlying system not just Linux? In that case I could leverage that, if it can also serve as client to the shares from truenas. Would be interesting to know if I can hand through some SAS devices directly to some vm running on truenas.
On my Truenas it will shows error The file name is too long. How to solve can you help me
Thank you Tom!
Do we need minimum three servers to make a scale out storage like with other Software defined storage solutions ?
th-cam.com/video/vXzLoTK2SJE/w-d-xo.html
Ugh.. I transitioned from Core to Scale and i really need to sett up Permissions again :( but i'm to scared loosing my data to go balls to the wall :S I really should get someone pro to remote into my system and set shit up
Perhaps i could hire someone from fiver
i dont see the host safety check in my advanced settings... any idea why its not showing?....thanks
i think they have (re)moved them in the newer 23.xx version, i was searching in the comments for someone to explain where the option went, and whether we need to disable it.
Edit: i found a post on reddit covering the topic, they removed the option and it's currently 'disabled' by default
Thank you for this guide, but the ACL permissions editor is probably the worst UX I've ever seen.
What is the definition of the term "dataset" from a truenas and windows perspective?
Somewhat like a folder, but way more features. Full explainer here th-cam.com/video/0d4_nvdZdOc/w-d-xo.html
I wish that TrueNAS implements Samba to reload automatically (smbcontrol all reload-config) whenever a config change is made in a future release.
Two questions:
1. If I click on any share (private/public) and then the Edit Share ACL (not the Edit Filesystem ACL), it defaults to SID: S-1-1-0, Name: EVERYONE, Permission: FULL, Type: ALLOWED. What it its function, should it be this way for private shares?
2. I've setup a Windows PC with a personal MS account. When I try to access a private share, it asks for credentials. The username on the TrueNAS differs from the PC, but I insert the correct username/password when asked for it. Still, I get access denied. (Public anonymous shares still works fine). It used to work before with a local account on the PC with the same username as in TrueNAS though. Why is that?
Keep up the good work, love your videos!
1) If it shows "Everyone" that is because you have that permission on it, 2) Sounds like the permission is not set.
@@LAWRENCESYSTEMS Thanks for your prompt reply. Tried to create a share from scratch (latest version): 1. Created test SMB dataset. 2. Created a share for it and chose Private Dataset/Share. It still shows the same as above (Edit Share ACL). Bug in TrueNAS or should it just be this way? Seems like the Filesystem ACL takes presence anyway...
can we use chmod and chown on those folders for eg on the youtube folder if the smb share is to another linux machine??
For basic permissions it might work.
is it wrong that I want to have each app as its own user on the ACL list? one app shouldn't have access to everything that has an app permission.
like qbittorent app shouldn't have full control on a dataset intended for filebrowser? am I thinking of this wrong?
what happens if in app goes rouge or has a security hole in it
edit: ok. maybe I'm wrong. I think its only mounted paths of specific apps that get permission for that app (and path).
Apps all run as the same user, you restrict them based on paths.
I wish the ? 's were not bigger/bolder than the actual label of the text boxes. ☹️
What about using SMB with NFS together for shares ?
i want my linux vms to be able to connect to them using nfs, but for windows clients to use samba. Is it ok and what permissions are best here? Can i use ACLs for nfs?
i have some weird behavior now with them, for example some files appear to be owned by root, but it is set to user in truenas scale
That's a terrible idea have your Linux systems connect via samba.
@@LAWRENCESYSTEMS yes, that why i want to connect them with nfs, but there are some problems with permissions on shares, that are both nfs and samba
can you do a video on core with Jails for truenas core, creating users for sonarr & radar and getting the permissions setup? i have been having issues and i am at the point that i just want to give up on this truenas thing
Not planning on any seeing as they are not very well supported and there future is limited.
@@LAWRENCESYSTEMS I see, thanks for replying. Does this also mean I should switch to truenas scale or remain with core?
@@herberthiggins1388 If you need more things on the NAS, move to scale.
I love watching your videos but for me admin and root in TrueNas Scale has been completely busted for fresh installs. You can't access IP settings, ACLs, or ZFS datasets. This pretty much means unless you upgraded you couldn't interact with ZFS and couldn't setup most things in TrueNas Scale.
I'm trying to run a docker app in truenas using the blue botton. I can't for the life of me get the app to be able to use its data set. this video is helpful, jut not in my case...