TSF – Giải pháp IT toàn diện cho doanh nghiệp SMB | HCM

Homepage
About Us
Solution
Tutorial
Comtact
Youtube
🌐 Language / Ngôn ngữ
  • English
  • Tiếng Việt
    • Contact

    How to Set Department Folder Permissions (SMB Access Control Guide)

    This video walks you through setting up department folder permissions on TrueNAS using SMB ACLs. You will learn how to structure departmental datasets correctly for HR, Sales, Admin, Accounting, and other teams. The tutorial explains how to assign the right permissions, hide unauthorized folders, and prevent cross-department access. We also cover common mistakes that cause permission conflicts, broken inheritance, and access-denied errors. Whether you are building an enterprise file server or a small office NAS, these best practices will keep your data secure. The guide works for both TrueNAS SCALE and CORE using modern ACL management. By following the steps in this video, you will configure a clean and professional folder structure for your organization. Watch until the end for extra tips to avoid permission leaks and improve SMB security.

    Lab:

     
    Building Dataset Department: users of any department can view that department and have full rights to that folder. Any department can only see that department.
    • HR: users belong to the HR group.
    • Admin: users belong to the Admin group.
    • Sale: users belong to the Sale group.
    • Public: users of the whole company have Read rights, IT group has edit rights
    Group:
    o Sale (user sale01)
    o Admin (user it01)
    o HR (user hr01)
     
    Note: With permissions according to Group AD .Dataset is different from traditional folders, so when used as a File Server, to access the child Dataset, the Group of that department must have rights in the parent Dataset.
     
     

    Step 1: Create dataset

     
    Create parent dataset named: Department, select share SMB
    The dataset children are Admin/HR/Sale/Public, select Genic, do not share SMB
     

    Step 2: Assign permissions

     
    Dataset parent (Department) add 3 groups Sale/Admin/HR Read permission.
    Dataset children (HR/Sale/Admin): Add corresponding group
    Dataset children (Public): Add 3 groups
     
    Check Permission: OK.
     

    Step 3: Edit SMB Share

     
    Open SMB Share  Advanced
    Purpose select No Presets
     

    Step 4: Enable SSH for user admin

     
    Check root user password again.
    Enable SSH for user admin
     

    Step 5: SSH configure TrueNas server

     
    This step is to hide Dataset of users without permission.
    Check ID of Dataset to assign permissions
     
    midclt call sharing.smb.query | jq
     
    For example: Determine the team id is 4
    midclt call sharing.smb.update 4 ‘{“auxsmbconf”: “access based share enum = yes\nhide unreadable = yes”}’
     
    Restart SMB services
    systemctl restart smbd
     
    Enter the root password to authenticate.