4 minute read.Last Modified 2021-06-29 12:13 EDT
In TrueNAS, user accounts allow flexibility for accessing shared data. A common practice is to create users and assign them to groups. This allows for efficient permissions tuning for large numbers of users.
Only the root user account can log in to the TrueNAS web interface.
When the network uses a directory service, import the existing account information using the instructions in Directory Services. Using Active Directory requires setting Windows user passwords inside Windows.
To see user accounts, go to Accounts > Users.
TrueNAS hides all built-in users by default. To see all built-in users, click settings and SHOW.
To create a new user, go to Accounts > Users and click ADD.
Account options are subdivided into groups of similar options.
Enter the Full Name of the user. A simplified Username is suggested from the Full Name, but can be overridden with your own choice.
An Email address can be associated with an user account.
Set and confirm a password for the user.
Next, a user ID must be set. TrueNAS automatically suggests the user ID, starting at 1000. This suggestion can be changed if desired. It is recommended to use an ID of 1000 or more for non built-in users.
By default, TrueNAS creates a new primary group with the same name as the user. To instead add the user to an existing primary group, unset New Primary Group and select an existing group from the Primary Group drop-down. The user can be added to additional groups using the Auxiliary Groups drop-down.
When creating a user, the home directory path is set to
Directly under the file browser, the home directory permissions can be set. TrueNAS default user accounts cannot have their permissions changed.
A public SSH key can be assigned to a user for key based authentication.
Just paste the public key into the SSH Public Key field.
If you are using an SSH public key, it is always a good idea to keep a backup of the key.
Click DOWNLOAD SSH PUBLIC KEY to download the pasted key as a
When Disable Password is Yes, the Password field becomes unavailable. Any existing password is removed from the account. The Lock User and Permit Sudo options are also removed. The account is then restricted from password-based logins for services. For example, disabling the password prevents using account credentials to log in to an SMB share or open an SSH session on the system. By default, Disable Password is No.
A specific shell can be set for the user from the Shell drop-down:
|csh||C shell for UNIX system interactions.|
|tcsh||Enhanced C shell that includes editing and name completion.|
|bash||Bourne Again shell for the GNU operating system.|
|ksh93||Korn shell that incorporates features from both csh and sh.|
|mksh||MirBSD Korn Shell|
|scponly||scponly restricts the user’s SSH usage to only the |
|git-shell||restricted git shell|
|nologin||Use when creating a system account or to create a user account that can authenticate with shares but which cannot log in to the TrueNAS system using |
Setting Lock User disables all password-based functionality for this account until the option is unset.
Permit Sudo allows this account to act as the system administrator using the
For better security, leave this option disabled.
When the user account is going to be using a Windows 8 or newer client to access data stored on TrueNAS, set Microsoft Account. This enables additional authentication methods available from those operating systems.
By default, Samba Authentication is enabled. This allows using the account credentials to access data shared with SMB.