Jump to content

TrueNAS - Can't access shares/folders/files in winows "Do not have permission"

I am trying to setup TrueNAS for the first time and use Windows SMB shares but I'm having issues trying to access folders.
I have a basic share I called data 2 and in windows I can get access \\TRUENAS\data 2 but then any sub folders within the data 2 folder throw up the error for example "You don't have permission to access  \\TRUENAS\data 2\documents"

If I manually add specific folders within the Windows shares settings of the webui I am able to access them but then further sub folders and files won't work.
I should have permissions, the share was previously working as I copied files and folders over to it after first setup, the only thing I've since done was added another drive in and then setup a separate pool for it  but haven't AKAIK changed any settings for the first pool/dataset other than now when trying to fix my issue.

I'm really not a pro at this sort of thing but of you need more info to help then I can but any help to sort this out is much appreciated.

Link to comment
Share on other sites

Link to post
Share on other sites

Make sure you have configured the permissions to recursive

Go to: Storage > Pools > (the 3 dots) > Edit Permissions

Confirm that "Apply Permissions Recursively" is selected. 

 

If this is fine, it's probably a configuration mismatch between the dataset/smb permissions, and/or a permission mask. 

Can you gather the below

Storage > Pools > (the 3 dots) > Edit Permissions and show the dataset permissions

Sharing > Windows Shares (SMB) and show the share permissions

Services > SMB > Configure - if you have any masks configured here, show these as well 

 

Additionally: are you using guest/anonymous from your Windows machine to access the share, or have you configured a share user

Spoiler

Desktop: Ryzen9 5950X | ASUS ROG Crosshair VIII Hero (Wifi) | EVGA RTX 3080Ti FTW3 | 32GB (2x16GB) Corsair Dominator Platinum RGB Pro 3600Mhz | EKWB EK-AIO 360D-RGB | EKWB EK-Vardar RGB Fans | 1TB Samsung 980 Pro, 4TB Samsung 980 Pro | Corsair 5000D Airflow | Corsair HX850 Platinum PSU | Asus ROG 42" OLED PG42UQ + LG 32" 32GK850G Monitor | Roccat Vulcan TKL Pro Keyboard | Logitech G Pro X Superlight  | MicroLab Solo 7C Speakers | Audio-Technica ATH-M50xBT2 LE Headphones | TC-Helicon GoXLR | Audio-Technica AT2035 | LTT Desk Mat | XBOX-X Controller | Windows 11 Pro

 

Spoiler

Server: Fractal Design Define R6 | Ryzen 3950x | ASRock X570 Taichi | EVGA GTX1070 FTW | 64GB (4x16GB) Corsair Vengeance LPX 3000Mhz | Corsair RM850v2 PSU | Fractal S36 Triple AIO + 4 Additional Venturi 120mm Fans | 14 x 20TB Seagate Exos X22 20TB | 500GB Aorus Gen4 NVMe | 2 x 2TB Samsung 970 Evo Plus NVMe | LSI 9211-8i HBA

 

Link to comment
Share on other sites

Link to post
Share on other sites

6 hours ago, Jarsky said:

Make sure you have configured the permissions to recursive

Go to: Storage > Pools > (the 3 dots) > Edit Permissions

Confirm that "Apply Permissions Recursively" is selected. 

 

If this is fine, it's probably a configuration mismatch between the dataset/smb permissions, and/or a permission mask. 

Can you gather the below

Storage > Pools > (the 3 dots) > Edit Permissions and show the dataset permissions

Sharing > Windows Shares (SMB) and show the share permissions

Services > SMB > Configure - if you have any masks configured here, show these as well 

 

Additionally: are you using guest/anonymous from your Windows machine to access the share, or have you configured a share user

What I'm trying to achieve is the most basic file share, I'm the only user who will access any files and folders on my NAS so all I need is a single user setup and who has permission to access everything outside of admin/root stuff.

I set the recursive permissions option and reset my windows credentials whereby I was able to access everything as normal.
When I had to log out and in again to windows the share then reverted back to not being accessible.

I have since deleted then added back in the SMB share and something I did there seems to have got it to work again for now.
Oh and I am not using any guest account in Windows.

Not using any masks so nothing to show
Here's the permissions I have set.
Screenshot2024-09-04092153.jpg.0b743e6e49b65aad8bcd4841c21d521a.jpg

IDK if this is the right SMB sharing?Screenshot2024-09-04092304.jpg.a7f40be8eb8d00e15d562696acf65490.jpg

 

Screenshot2024-09-04092425.jpg.b62cc8ff9c355e61aca41921d4708212.jpg

Link to comment
Share on other sites

Link to post
Share on other sites

If its working now its working, great!
 

Those options look correct. You're basically giving everyone access to the SMB share; and then you're using ACL (Access Control List) to provide the file system level permissions. 
 

I suspect what most likely happened is that when you re-added it before you didn't specify credentials; so it would have defaulted to a guest/anonymous. which means you could see the share, but would have had no permissions not being the user or part of the group. When you re-added again; you would have defined the Credentials resolving the access issue. 

 

P.S I would generally advise against allowing everyone to have modify in your ACL, its bad security practice for the sake of your files. It would be better to set everyone to just read access.  

Spoiler

Desktop: Ryzen9 5950X | ASUS ROG Crosshair VIII Hero (Wifi) | EVGA RTX 3080Ti FTW3 | 32GB (2x16GB) Corsair Dominator Platinum RGB Pro 3600Mhz | EKWB EK-AIO 360D-RGB | EKWB EK-Vardar RGB Fans | 1TB Samsung 980 Pro, 4TB Samsung 980 Pro | Corsair 5000D Airflow | Corsair HX850 Platinum PSU | Asus ROG 42" OLED PG42UQ + LG 32" 32GK850G Monitor | Roccat Vulcan TKL Pro Keyboard | Logitech G Pro X Superlight  | MicroLab Solo 7C Speakers | Audio-Technica ATH-M50xBT2 LE Headphones | TC-Helicon GoXLR | Audio-Technica AT2035 | LTT Desk Mat | XBOX-X Controller | Windows 11 Pro

 

Spoiler

Server: Fractal Design Define R6 | Ryzen 3950x | ASRock X570 Taichi | EVGA GTX1070 FTW | 64GB (4x16GB) Corsair Vengeance LPX 3000Mhz | Corsair RM850v2 PSU | Fractal S36 Triple AIO + 4 Additional Venturi 120mm Fans | 14 x 20TB Seagate Exos X22 20TB | 500GB Aorus Gen4 NVMe | 2 x 2TB Samsung 970 Evo Plus NVMe | LSI 9211-8i HBA

 

Link to comment
Share on other sites

Link to post
Share on other sites

54 minutes ago, Jarsky said:

If its working now its working, great!
 

Those options look correct. You're basically giving everyone access to the SMB share; and then you're using ACL (Access Control List) to provide the file system level permissions. 
 

I suspect what most likely happened is that when you re-added it before you didn't specify credentials; so it would have defaulted to a guest/anonymous. which means you could see the share, but would have had no permissions not being the user or part of the group. When you re-added again; you would have defined the Credentials resolving the access issue. 

 

P.S I would generally advise against allowing everyone to have modify in your ACL, its bad security practice for the sake of your files. It would be better to set everyone to just read access.  

Thanks this is helpful to know what might have happened, but hey at least it works now.
As for the last part, I was waiting till I had the basics working before I did anything else so have since change the permissions to read only.

I have since migrated from core to scale so now will go through and get to grips with things.

Link to comment
Share on other sites

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×