 Do pesky permissions in Freenas have you perplexed? Well, that's what this video is hoping to clear up. When you have Freenas, not with Active Directory, but Freenas acting as the user management system and you want to attach Windows via SMB sharing, sometimes this can be a little tricky to sort out how the permissions work. So this goal of this video in Freenas 11.3 is to clear that up because they've revamped how the permissions are configured and in some ways, I think they made it a little bit easier. So if you want to learn more about me and my company and over to laurancesystems.com if you'd like to hire us for one of these perplexing puzzling problems, click the hires button over at the top. If you want to support the channel in other ways, there are affiliate links down below to help you out with deals and discounts on products we talk about on this channel and services as well. All right, Freenas 11.3. So we're going to start with how did we set up the permissions by looking at a little basic chart. And what you have here is whenever you're setting up permissions and this goes for Active Directory or anything and you have a couple of different groups, I do recommend laying it out in some type of format so you understand what user gets what permission where. So let's just say we have accounting, operations and sales and maybe you have a crossover of who belongs to which group and you would just check the boxes. So it's always good to start out with some type of template so you make sure you're setting it up the way you want. For simplicity, we are only creating one group. And we are just calling that group my family and Anika and Marcus are my children. So they were the names I chose. And we're going to make each one of these people a member of the group. So we're going to create a group called my family which you've already created. I'll show you how that works. And then we show you how we add the members and how those members by putting them all together and then creating a share and then putting that group permission on the share allows for all of us to get in and use that share. So we'll go back over here to our Freenas and we'll start with the accounts. First the group and we have the my family group right here. So pretty straightforward to create a group. You just hit add. I typed in my family. It's already created so I'm not going to create it again. No big deal there to create that. Just leave things at default when you're creating it. Users, same thing. Add the users, pretty easy to do. And we're going to find the users like Anika. Go ahead and edit this user and you'll see she's a member of my family. Now, if I wanted to make her a user of other things like Zen servers, Abix, you can just check boxes and they can be members of multiple groups. Hence, if you were doing different permissions for different folders, that's how that would work. We're just going to leave her at the permission of just my family. So cancel that one. And we'll go over here to Marcus and edit. He's also a member of my family. And we'll take user Tom here, edit. And at the moment, not member. And we'll do that. We'll save that for last to show you how the permissions work and show you that they work. And I'll add myself later to show that I currently don't have access. Now, storage, you create a data set. Pretty straightforward here. We have a data set called pesky permissions that we created. And then we're going to edit the ACL on it. Group, default is root and wheel. We change the group ownership to my family and I left the users root. That's fine for this particular demo. Now, this is where you can get a little bit more in depth if you needed to have multiple sets of ACL access control lists in here. But for the purposes of being simple, we're just going to start right here. But you can see that these will then allow you to say who's the owner, everyone, user or group. And you can start changing it around and put my family. And then you can start blending some of the permissions inside of here in more depth. So if that's what we wanted to do, we can do that and we hit save. So we're not going to worry about that right now. And if you ever need to remove the ACL lists that are created, go ahead and just edit one more time, edit ACL. You can restrip them and reset them with this. And if you need to recursively, because you have a bunch of data already in there, apply the permissions recursively, you can do that again as well and reset all the permissions that are in any of the directories. This is very helpful when you drag a bunch of new data in there and you maybe didn't have permission set up and you set them up after. You maybe want to reapply all the permissions so you know they're all the same. So take that for, you know, based on your use case. Last piece is sharing. Go over here. We have a window share, pretty much a default window share called pesky permissions. Again, we just share out that same data set. Now edit ACL just brings you back to the same ACL for the data set. It's actually just brings you to the same menu. It's not anything separate, but this is all the shares. Really straightforward. No special options. It's just a default share. The only thing I turned off was enable shadow copies because I wasn't setting it up for this particular demo. And in version 11.3, when you create a new share, it has the option to present snapshots as shadow copies to windows. So nothing real difficult when you're setting this up pretty much all the defaults. All right, let's get this out of the way. Let's close this. All right, so we're on the FreeNAS server at 192.168.3.8 with the pesky permissions. Gonna go new, folder, Anika, whoop, made this. Go here, go to properties, security. And you can see it's owned by Anika. And then my family is the share permission. Now we have this other machine over here. And this one's logged in as Marcus. So we go new folder, made this. Now Marcus has permission. And if he looks here, he can actually go to the Anika one, properties, security. And we see, and it takes a second, it's pulling from the database inside of FreeNAS. We have Anika and my family. So same thing, we understand the permissions. We both had rewrite permission, so we know Anika made this folder under the Marcus user. Marcus folder. Now he can make folders underneath there and set the permissions. Now what about going a step further and restricting this? So we wanna have a folder that only Anika can see. So what if we made this folder here? Actually, we'll make it Anika only folder. Now, just by creating it, Marcus has ability to see it and he has read write access to it. So let's do some restrictions. So go here, properties, and we have the security and we can see it's a security like it was before. But now we're gonna go advanced. And we're going to disable inheritance and remove all the permissions on there. And then we're gonna add the Anika user back and give full control back to Anika on this. Apply, yes, okay, okay. So now when we go to permissions on this, properties, security, and look at it, Anika has a allow, Marcus does not. And when I refresh the page over here, so he can see it until I refresh, it's gone. No more permission. And the way it works is when there's no permission for a folder, that folder then disappears. So now Anika has a folder that she can get to that Marcus cannot. And I've also mentioned that I was logging in as me as well. And that applies to me. So I can see Anika made this. I can see Marcus made this, but I can't see the Anika only folder. But what if Anika wanted to share a folder with me but still not with her brother Marcus? Well, we're gonna go here and we can edit the permissions again. Add, we'll give time control. So note, still refresh your page. Marcus can't see it in this login, but I'm logged in in Linux here. And now I can see inside of here. So I can see in the Anika only folder because she shared it with me. She gave me permission in there as well. So I created a test underneath it. And then the Anika only folder here. Now this works as you create more groups as you create more users and figuring out permissions. That's why that spreadsheet I had at the beginning is very important because this gets well complicated quick when you try to figure out everywhere you want to create. And it's best to kind of think about it before you just start creating a bunch of groups and then figuring out who belongs to what group. But it's pretty straightforward on here. And you can use these basic permission types plus these ACLs to do this. Now we'll look one more time at FreeNAS because when you say the Anika made this folder, there's a couple other permissions in there and you'll see like creator owner, creator group. How did those get created? Well, pretty simple. So we go over here to FreeNAS again. And we go to storage pool, edit ACL. And that's these here. Who, at what group, who, at what owner. Now this is where you can add another ACL item and maybe you wanted it to have an everyone so you have a more inclusive allow. This is where you can really start digging into it and get really specific for the owner of the group or you can say specifically this group automatically gets permissions for this, et cetera, which is kind of what we're doing here. But maybe there's more than one group you want applied to it and it gets tiered out. But it does have this ability without Active Directory without signing in you do have to create the users to match the same. Now I just logged in with matching usernames and passwords and windows that I had here that I created in FreeNAS. There's no actual like an Active Directory server where there's it, you're not controlling the users and the actual logins. It does not act as an Active Directory server. But in terms of as long as the usernames and passwords match, you can do some basic file permissions and control that. Now this does include I brought up before like sync thing and another example would be if you had another server, let's say Plex. I know it's another popular one that people ask about. You would also add the group ownership of let's say Plex once you have that established. And then that would also cross over to the SMB shares and have more groups. So that's why you may want more groups over here for more inclusive sharing. So hopefully it clears it up a little bit. They've got documentation on how this works but this is kind of a quick overview. I do really like the ACL system. It's nice because it gives you a little bit better and more fine-grained control and Windows 10 doesn't seem to have any problems talking to the free NAS directory to get this set up. And like I said, for basic user management, it gets the job done. It's still not as robust as you're going to get with something like the Active Directory and full control. But there is still that option under directory services where you can tie this to the Active Directory domain and have all that go back and forth as well. So that does still work in here if you have your own domain controller you want to tie it to, those options are still there and doing it that way. So hopefully this clears up some of the basics file sharing permissions for SMB inside of here. I will do further videos up and coming on some of the other permissions like how to do the jails but as you can probably gather very similar to this where you'll build out the group, assign the group on there. The jails are a little bit different because you have to assign them by the GID. That's gonna be a separate video. I think I've done a video before on it but I'm gonna do an 11.3 video pretty soon on that topic. All right, and thanks. And thank you for making it to the end of the video. If you liked this video, please give it a thumbs up. If you'd like to see more content from the channel hit the subscribe button and hit the bell icon if you'd like YouTube to notify you when new videos come out. If you'd like to hire us, head over to laurancesystems.com fill out our contact page and let us know what we can help you with and what projects you'd like us to work together on. If you wanna carry on the discussion head over to forums.laurancesystems.com where we can carry on the discussion about this video, other videos or other tech topics in general even suggestions for new videos they're accepted right there on our forums which are free. Also, if you'd like to help the channel in other ways head over to our affiliate page we have a lot of great tech offers for you and once again, thanks for watching and see you next time.