TrueNAS Scale: A Step-by-Step Guide to Dataset, Shares, and App Permissions

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
foreign [Music] systems it is July of 2023 and trunass scale 22.12.3.2 because there's a point release of that dot two is the latest version available right now and it's the version we're going to use to do this permissions demo well I'm going to walk you through the whole setup of the permissions and it's not that much different fundamentally than the way it worked in sureness core but the menus are a lot different and the apps adding other dimensions so the things we're going to be covering in today's tutorial is how to set up users how to set up a share how to apply users and or groups to a share to even another data set nested another data set and then how to apply the apps if you want to also have an app that has data that goes back and forth from that data set and getting all the permissions to flow properly they've done a nice job now where even the apps when you assign them to a data set will have a specific way it sets the permissions automatically for you provided you have the check boxes checked properly and that's one of the things we're going to cover here now I'm not going to cover how to do it in every single app but I will cover in general how to do it in apps each app may have some slight nuances of the way you map the data but in general this should work for most true nascal apps now if you're interested in hiring us for insurance Consulting there's a link down below to my website or just head over to launchsystems.com and click that hires button right at the top and you can get in touch with us and we do offer Consulting on true Nest sure now scale and all things storage now let's jump over to the tutorial all right the first place we're going to start is in the credentials we're going to go here to credentials and we're going to go to local users if you are using true Nast with active directory that is out of scope of this talk this is for local user management only we already have user Tom created we're going to go ahead and create one more user if you have a menu like this that shows all the users you just simply click this at the top to narrow it down to just the users you may want to see in here go ahead and hit add we're going to put Marcus we'll set a password scroll on down to the bottom and click save all the other defaults are fine now we're also going to create a group because we're going to show you how to apply group permissions so we're going to add a group called YouTube and once again all the defaults are fine so we'll just click save then we're going to go back over and look at our data sets now the first data set we're going to create is going to be just a standard share demo so we'll set it up so we can have data share between these two people Tom and Marcus scroll down the bottom here and the share type is very important if you choose generic it will use Unix permissions if you choose SMB or apps it will use the more advanced ACLS these can be switched later but if you don't have this correct you will not be able to get this working properly and I've seen a lot of people make that mistakes because it does default to generic now we can choose SMB and if we choose to add an app later that we want to point at that data set it'll actually fix the permissions for us we'll do that later in the demo but sharetype SMB is fine we're going to hit save now here's our share demo when we click on it we can see the permissions down here we can see that owner and group is root and we have the built-in users group on there we can click edit and we see the advanced ACL come up and this is going to be fine because by default the users you create all are part of the built-in users so they'll have permission and we're going back over here to data sets because I want to point out this storage data set here just has your standard Unix permissions and that means we get this manager right here if you would like to switch a existing data set to a different format you would actually click on the data set click on edit go down to the bottom click on Advanced and this is where you'll change the ACL type for the types of ACLS that you want this is if you've created it and you want to do it after the fact but we did it upon creation so no problem we've got these set up and now we can do the ACLS which we're going to use the default ones and simply create a share so if we create the share we're going to go over here to shares we want to add a window share click on our share demo default share parameters are fine hit save it'll warn you that you're going to restart the SMB service that's perfectly fine well is for me at least make sure you don't have anything writing actively to it for that momentary restart while it adds a new share to the list we're going to go to that server we're going to log in as Tom there's our share demo and yes we can read and write to it exactly as we had hoped so there's a test directory let's go ahead and create another one test two now the next thing I want to do is show you how you can create a nested data set that has different permissions than the parent one and for that we're going to go back over to the data sets we're going to click on our shared demo and we want to add another nested one under there by clicking add data set and we'll call this one YouTube because we're going to give it the same name as the group you don't have to I just think that's going to be something that makes sense to me but you can actually have a series of these all different permissions now make sure when you're setting this once again we choose SMB even though it's nested and we want to click save and it's actually going to prompt us then to go right to the ecl manager because it's a nested one so head over to the CL manager now it's important to note that all of your ACLS are applied to data sets those folders we created or directories in the Linux World test and test one those are not going to be able to have permissions set to them individually you can set them though on a data set and we'll show you once we have these set and we're going to head and strip all the ecls because I don't want any of the ones that are currently on there let me go back to the ACL here we're going to hit edit I'm not sure why it does this but it'll click on that and you can go right back to the normal ACL manager we're going to create a custom ACL there's none apply to just leave some default ones in there we want to make sure we have the word YouTube here and this could match any one of these users such as built-in users but YouTube is fine we're going to apply that group because that's the group we created if you start typing it will auto complete that so there's our YouTube group we want to add an item and then from here we are choosing group at it may be a little bit confusing but it's the group you have here will apply to this here so now you can see group at YouTube allow modify we're actually going to switch to full control we just want this group and therefore any members in it to have this permission and we want to apply these permissions recursively so anything that may be in there or existing there shouldn't be anything in there but I do this that I have it We'll Inherit all this permission so even though you're setting them on the data set the different objects nested within that data set the different files and directories will have these permissions applied to them and this is where you're going to set those so we've created this particular data set now we're applying this permission to it and we want to go ahead and save the access control list now you could apply permissions to child data sets if there were more nested data sets you can keep nesting each one of these data sets all the way down but we're just going to hit save here and then I always double check it so we click on this and what do we see here group YouTube allow special perfect we can double check and edit exactly what I wanted to see this is the group and let's go over and double check our group here under credentials local groups YouTube members we've got to add a member to this we want to make sure we add that member Tom so we'll scroll down here and we'll hit save now what this allows me to do is when Tom logs in he's able to get to the YouTube folder which also has the YouTube permissions added to it so if we go back over to our shares one last thing I want to make sure is noted because we made changes we want to turn off the service and turn it back on now if you build all your data sets in all your groups before you build your share because it does restart when you do this it will automatically reread the permissions but when you change users and members of groups Samba re-reads that on restart so stopping and starting the samba service will cause it to reload and grab all the group information and apply the permissions that's a good troubleshooting tip that sometimes people just reboot the entire server because they get aggravated you can simply just restart the samba service and that should solve that problem now let's go back over to our system and make sure we have rewrite access to it so there's our test test two and yes we do but let's go ahead and log in as Marcus now and see if Marcus has permission because well the permissions weren't applied so if we did this properly when we log in as another user he should not be able to read write to this now my reason for restarting the system is because windows will hold on to the last user that was logged in it will sometimes get stuck there's probably an easier way of doing it but restarting it is fast that's my solution Marcus has credentials Marcus can see the test and test two but if we go here does not have permissions now if we wanted to give Marcus permission to theirs to this particular directory we go to the credentials local groups and we go to YouTube members and we would go through and just add Marcus or alternatively this is another way of doing it we can click on Marcus we can edit we can look at the groups built in and we'll scroll all the way down here and check the YouTube so now we can see that auxiliary groups is built-in users in YouTube scroll down hit save and see if he has permission still get the error as I noted the way to fix that is of course we made a modification we would need to restart the service you can go to system you can go to services and we can restart Samba here simply by stopping it and starting it or you can do it from the share it does the same thing no matter which way you do this the goal is to get Samba to restart to reload all those change permissions and now Marcus has permission to go in here we can actually delete this that we created and it works now let's talk about doing application permissions the apps user and apps group is what needs to be assigned to a data set in order to get applications to read write to a data set now we're going to go here and one other thing that's important is under advanced settings that you have enable host path safety checks disabled if this in by default it is enabled is enabled you're going to get this warning that you don't want to do that we can cancel cancel because I'm not saving any of this because it was already disabled but without that you will not get it working properly you'll have some errors you run into so once you disable the host pass safety checks this is going to allow the SMB and the apps to be able to read and write to that at the same time in that data set and we're going to use the file manager as a demo here so we'll install the file browser scroll down or leave most of these things at default except for this my data and we'll call it share demo because that's what we're going to share demo just have the name consistency here and we'll choose our share demo now when we do this and we hit save we're going to notice a change so we hit save here creating chart release data sets it's going to go ahead and build this out so we're going to skip ahead to its builds all right our file browser is active let's go ahead of the web portal we're going to hit and continue do not use this admin admins to default I'm not going to change it not for this demo share demo test test 2 and YouTube so if we go test two test YouTube see we can put some data in here all right I've uploaded some data so now we have these and we can upload one more piece of data here all right so we have a few pictures we loaded and if we go over here we can see Marcus can see the fail cat that we uploaded from there and let's go ahead and just duplicate it so all right now we got two fail cats in here the coat of armor demo white thumbnail I have let's go ahead and switch back over to the file manager we refresh it we see the duplicated failcat so now both of these have permission let's talk about how that works if we look over here at the data set we go to the share demo and we look at the permissions they've been changed the owner and group is now apps we still have group built-in users this is what gives Marcus and Tom permissions for this built-in administrators but the owner being switched to apps is what allow the app to talk to it and when it set that up go back over here to data sets we look at the YouTube One it also changed the nested permissions and has apps on there as well with the full control but it did remove our YouTube apparently so I'm going to go ahead and add that one back and we can do that by clicking add item and to fix these permissions what I did was we set the group at YouTube and then you just set the group and then you set it here so you can have two separate groups both having full control we're going to apply these permissions recursively to fix the objects that are in there save Access Control list yeah edit it one more time to make sure that they are correct so now we have group at YouTube which is the primary and then a secondary group of Just Apps on there that should allow both permissions to work and we want to make sure we restart our Samba service to make sure all of these permissions are copied over properly go back into our share demo YouTube let's just duplicate all these again refresh our file manager make sure it has access to these and it does we can go ahead and upload another file and see that we have permissions there's that backup file that we created now one thing I want to point out is that yes that menu where you set the permissions can be a little bit fiddly and sometimes just stripping the ACLS and starting over is one of your best troubleshooting tips because that and restarting Samba and sometimes restarting Windows when it holds on to a credential like if you've changed your password are all tips that really save you a lot of time when you probably have it right but one of these other factors such as not reloading the credentials you Soundbar causing a problem also anytime I set their missions it's just muscle memory habit after I set them I click edit and make sure they're set properly because of that fiddly menu problem of yeah sometimes it seems to have not saved one of the extras that you've done so when you do the group app for a primary and then do a sub group just double check those after you hit save to make sure they're applied the way you think they are the system does have the ability and I haven't tested this a whole lot because I just don't use it very often is the ability to save a preset so if you were going to apply this a lot of times to many different data sets then May maybe you'd want to do it as a preset now all this goes out the door if you hand over the permissions management to active directory because you're just setting the data set and letting active directory take it from there that video is either done or will be done in the future and linked down below depending on when you're watching this video but I do want to make an updated version of it so as of the making of this video it doesn't exist but in the future it would probably be in my true Nas video links leave your thoughts and comments down below like And subscribe if you'd like to see more videos like this one I'll always love hearing from you so head over to my forums over at forums.loronssystems.com to engage with a more in-depth discussion and this is something I really recommend reading through and spending some time in the IX systems true Nash forums as well because there's a lot of great information in there the documentation as of the making this video is still kind of light for sure and ask scale they're still working on that actively so I don't have any documentation links but if that does become available that's also something I'll leave linked down below or maybe make an updated video that has the official documentation because as of today it's a little light if you're wondering how to read more a lot of this is just Knowledge from the forums and my years of use of using cheer Nas all right and thanks [Music] foreign [Music]
Info
Channel: Lawrence Systems
Views: 95,218
Rating: undefined out of 5
Keywords: LawrenceSystems, TrueNAS Scale, truenas scale setup, truenas scale permissions, truenas scale, truenas setup, truenas scale docker, truenas scale apps, true nas, file system, open soure, network attached storage, freenas setup, home lab, open-source application, file server, nas build
Id: 59NGNZ0kO04
Channel Id: undefined
Length: 17min 3sec (1023 seconds)
Published: Sun Jul 16 2023
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.