Setting Permissions on Datasets
Permission settings in TrueNAS are applied onto Datasets in a Pool. Think of datasets as a folder and the pool is the C: or D: drive.
You can learn more about the permission settings at the office documentation site: https://www.truenas.com/docs/core/coretutorials/storage/pools/permissions/
Login to your TrueNAS system. Navigate to the dataset, and click on the three dots to the right of the dataset to see the possible Dataset Actions.
Choose Edit Permissions.
Permission Editor
TrueNAS defaults to the simple Permission Editor when you first go to Edit Permission. This is useful for setting permissions quickly if there is only one user accessing the dataset.
Edit the options as you see fit. Select the user and user group that will be accessing the dataset.
Once you have selected the user and group, make sure to check the box for Apply User and Apply Group in order to have the change take effect when you click Save.
Check the option for Apply Permission Recursively in order for the changes to apply to all files in the dataset. Otherwise, the new permission settings will only apply to new files created afterward.
Choose Save to save the changes. The dataset is now ready to be use.
ACL Manager
If you need multiple users to access the dataset, you can use the ACL Manager to manage the permission settings.
After choosing Edit Permission on the Dataset Actions, select the ACL Manager.
You will be prompted to choose a preset ACL or create a custom one.
For this guide, we will create a custom ACL.
We will start off by setting the owner user and owner group for the share. Choose the User and Group that you want to own the share and have full permission to, and check Apply User and Apply Group in order to save and apply the changes.
Without checking Apply User and Apply Group, the changes will not take effect for the share.
Next, we will remove the default presets that's on the ACL list. Starting from the bottom, with the everyone@ item, click Delete to remove it. Then remove the group@ item. When you reach the owner@ item, the Delete option should be greyed out as you must have a minimum of one ACL item on the list.
Click on ADD ACL ITEM to start a new ACL entry. You can remove the owner@ item after the new ACL entry is created.
Choose the Group option under the Who* dropdown. This will allow us to set the permission for the share base on group.
By utilizing groups for the permissions, you can have users automatically inherit the permission for the group if they are member of the group, without needing to individual set the permission in the ACL editor for the users. This is handy if you have a lot of users, or if you are frequently adding or removing users in TrueNAS.
For the Permission Type, you can choose Advanced or Basic.
Basic, as its name implies, will give you simple options of Read, Modify, Traverse, or Full Control.
Basic Permission Options Descriptions
| Read |
Can view file or directory contents, attributes, named attributes, and ACL. Includes the Traverse permission. |
| Modify |
Can adjust file or directory contents, attributes, and named attributes. Create new files or sub-directories. Includes the Traverse permission. Changing the ACL contents or owner is not allowed. |
| Traverse |
Execute a file or move through a directory. Directory contents are restricted from view unless the Read permission is also applied. To traverse and view files in a directory, but not be able to open individual files, set the Traverse and Read permissions, then add the advanced Directory Inherit flag. |
| Full Control |
All and every permission possible to the share, as if the user/group is the owner of the share. |
For most use cases, the Basic permission type is sufficient.
Advanced Permission type is for when you have special uses cases for the dataset, such as giving a group read and write permission, but not delete permissions.
Advanced Permission Options Description
| Read Data | View file contents or list directory contents. |
| Write Data | Create new files or modify any part of a file. |
| Append Data | Add new data to the end of a file. |
| Read Named Attributes | view the named attributes directory. |
| Write Named Attributes | create a named attribute directory. Must be paired with the Read Named Attributes permission. |
| Execute | Execute a file, move through, or search a directory. |
| Delete Children | delete files or sub-directories from inside a directory. |
| Read Attributes | view file or directory non-ACL attributes. |
| Write Attributes | change file or directory non-ACL attributes. |
| Delete | remove the file or directory. |
| Read ACL | view the ACL. |
| Write ACL | change the ACL and the ACL mode. |
| Write Owner | change the user and group owners of the file or directory. |
| Synchronize | synchronous file read/write with the server. This permission does not apply to FreeBSD clients. |
When you are done setting the permissions, check the option Apply permissions recursively so that all data in the dataset will inherit the new permissions.
Also check the option Apply permissions to child datasets so that any dataset under the current one will also get the new permission setup. Save when finished.
That's it!