Get a Quote     (408) 943-4100   TrueNAS Discord VendOp_Icon_15x15px Commercial Support
TrueNAS.com Software Systems Company Community Security iX Portal Download
TrueNAS CORE TrueNAS Enterprise TrueNAS SCALE TrueCommand Compare Editions Software Status FreeNAS
Compare Systems M-Series X-Series R-Series Mini Series
Contact Us iXsystems Careers Clients Reviews
TrueNAS GitHub Community Forum Discord TrueNAS Merch Store
Application Backup and Archival Cloud Media Workflows Video Surveillance Virtualization
Industry Education Government Healthcare Research / AI / ML Media & Entertainment
Enterprise Support Community Support Documentation TrueNAS Security FAQ iX Blog TrueNAS Blog
Case Studies White Papers Solution Briefs iX Portal Plugins & Apps ZFS Videos
Download TrueNAS CORE Download TrueNAS SCALE Get TrueNAS Enterprise Where to Buy
  1. TrueNAS SCALE 23.10
  2. /
  3. CLI Reference Guide
  4. /
  5. Account
  6. /
  7. Group
Edit page
TrueNAS SCALETrueNAS SCALE Version Documentation
This content follows the TrueNAS SCALE 23.10 (Cobia) releases. Use the Product and Version selectors above to view content specific to different TrueNAS software or major version.

Group

  8 minute read.

Last Modified 2024-03-19 08:38 EDT

The TrueNAS CLI guide for SCALE is a work in progress! New namespace and command documentation is continually added and maintained, so check back here often to see what is new!

The group namespace contains eight commands and is based on functions found in the SCALE API and web UI. It provides access to group account creation, configuration, and management functions.

Group Commands

The following group namespace commands allow you to manage group settings.

You can enter commands from the main CLI prompt or from the account namespace prompt.

Interactive Argument Editor (TUI)

Create Command

The create command creates a new group.

Description

create has seven configuration properties. They are gid, name, smb, sudo_commands, sudo_commands_nopasswd, allow_duplicate_gid, and users. The only required property is name. If a group identification number is not provided, it is automatically filled with the next one available. For more details, see Create Configuration Properties below.

Enter the command string with the property argument(s) using the `=’ delimiter to separate the properties and values, then press Enter. The command returns a blank line.

To confirm the group is created, use get_group_obj or go to Credentials > Local Groups in the SCALE Web UI.

Usage

From the CLI prompt, enter:

account group create name=name

Where name is the desired group name.

To create a group that also sets Samba authentication and adds group members, enter:

account group create name=TestGroup gid=3022 smb=false users=[3000,3001]

Where:

  • 3022 is the group id number.
  • TestGroup is a group name.
  • false does not set Samba authentication. Enter true to include Samba authentication.
  • 3000,3001 are user id numbers to add as group members.
account group create name=TestGroup

Delete Command

The delete command erases an existing group.

Description

The delete command has one required property, id. Enter property arguments using the = delimiter to separate the property and value. Enter the command string, then press Enter. The command returns a blank line.

If using the options property with the delete_group property argument set to true, the command also deletes any user with the target as its primary group. delete_group defaults to false. Carefully consider affected users before adding this option.

To confirm the group is deleted, use get_group_obj or navigate to Credentials > Local Groups in the SCALE Web UI.

Usage

From the CLI prompt, enter:

account group delete id=3000

Where 3000 is the group identification number.

Or to enter the command using the option property and the delete_group property argument, enter:

account group delete id=3000 options={“delete_group”:true}

Where:

  • 3000 is a group ID.
  • delete_group is a property you can include in the options property array.
  • true sets the delete_group option to delete users with the specified group. If set to false the users are not deleted.
account group delete id=3000

Get_Group_Obj Command

The get_group_obj command returns dictionary containing information from struct grp including group name, identification number, and group members.

Description

The get_group_obj command has one required property, get_group_obj that expects you to enter property arguments formatted as an array. Enter the command string, using = followed by the curly brackets that enclose the property argument. You can enter either the gid or groupname property in this command string. Enter the property enclosed in double quotes, then the : delimiter followed by the value enclosed in double quotes, with no space after the colon. PressEnter. The command returns a table for the GID that includes the gr_name, gr_gid, and gr_mem values.

Usage

From the CLI prompt, enter:

account group get_group_obj get_group_obj={“groupname”:"TestGroup"}

Where TestGroup is the name of the target group.

Or, enter the command using the group ID:

account group get_group_obj get_group_obj={“gid”:3002}

Where 3002 is the GID number for the target group.

account group get_group_obj get_group_obj={"groupname":"TestGroup"}
+---------+------------+
| gr_name | TestGroup  |
|  gr_gid | 3002       |
|  gr_mem | testuser   |
|         | AttTest    |
+---------+------------+

Get_Instance Command

The get_instance command retrieves information about a group.

The TrueNAS CLI guide for SCALE is a work in progress! This command has not been fully tested and validated. Full documentation is still being developed. Check back for updated information.

Description

The get_instance command has one required property, id. Enter property arguments with the = delimiter separating property and value. Enter the command string, then then press Enter. The command returns a table of information about the UID entered.

Usage

From the CLI prompt, enter:

account group get_instance id=1

Where 1 is the database id for the group, in this case root.

account group get_instance id=1
+------------------------------------------+
|                        id | 1            |
|                       gid | 0            |
|                     group | wheel        |
|                   builtin | true         |
|             sudo_commands | <empty list> |
|  sudo_commands_nopassword | <empty list> |
|                       smb | false        |
|                      name | wheel        |
|                     users | 1            |
|                     local | true         |
|              id_type_both | false        |
|                   nt_name | <null>       |
|                       sid | <null>       |
+------------------------------------------+

Get_Next_Gid Command

The get_next_gid command displays the next available group identification (GID) number.

Description

The get_next_gid command does not require entering properties or values. Enter the command, then press Enter The command returns the next available GID in numerical order. Default behavior begins identification number for local groups at 3000.

Usage

From the CLI prompt, enter:

account group get_next_gid

account group get_next_gid
3000

Has_Password_Enabled_User Command

The has_password_enabled_user command checks whether at least one local user with a password enabled is a member of one or more provided groups.

Description

The has_password_enabled_user command has one required property, gids. The exclude_user_ids property sets specified password enabled users to ignore. Target groups are specified by group identification number (GID). Enter property arguments using the = delimiter to separate property and value. Enter the command string, then press Enter. Returns a single true if any targeted groups have at least one user with a password enabled, false if all groups have no users with passwords enabled. If more than one group is included in the query, the command does not return group specific information.

Usage

From the CLI prompt, enter:

account group has_password_enabled_user gids=3001

Where 3001 represents the GID(s) to query.

account group has_password_enabled_user gids=3001
false

Or if specifying multiple gids:

account group has_password_enabled_user gids=3001,3002
true

Query Command

The query command retrieves information about a group or groups or the query-options-get_instance value specified.

The TrueNAS CLI guide for SCALE is a work in progress! This command has not been fully tested and validated. Full documentation is still being developed. Check back for updated information.

Description

The query command has no required properties or arguments, but you can use various query-filters and query-options specified in an array. Enter the command, then press Enter. Returns a table of all groups in the system.

Usage

From the CLI prompt, enter:

account group query

account group query
+-------+------------------------+---------+---------------+------------------------+-------+------------------+-------+--------------+---------+--------+
| gid   | name                   | builtin | sudo_commands | sudo_commands_nopasswd | smb   | users            | local | id_type_both | nt_name | sid    |
+-------+------------------------+---------+---------------+------------------------+-------+------------------+-------+--------------+---------+--------+
| 0     | wheel                  | true    | <empty list>  | <empty list>           | false | root             | true  | false        | <null>  | <null> |
| 1     | daemon                 | true    | <empty list>  | <empty list>           | false | daemon           | true  | false        | <null>  | <null> |
| 15    | kmem                   | true    | <empty list>  | <empty list>           | false | <empty list>     | true  | false        | <null>  | <null> |
| 3     | sys                    | true    | <empty list>  | <empty list>           | false | sys              | true  | false        | <null>  | <null> |
| 5     | tty                    | true    | <empty list>  | <empty list>           | false | <empty list>     | true  | false        | <null>  | <null> |
| 37    | operator               | true    | <empty list>  | <empty list>           | false | uucp             | true  | false        | <null>  | <null> |
| 8     | mail                   | true    | <empty list>  | <empty list>           | false | mail             | true  | false        | <null>  | <null> |
| 2     | bin                    | true    | <empty list>  | <empty list>           | false | bin              | true  | false        | <null>  | <null> |
| 9     | news                   | true    | <empty list>  | <empty list>           | false | news             | true  | false        | <null>  | <null> |
...

Update Command

The update command updates the attributes of an existing group.

Descripton

The update command uses the same properties as the create command.

The required property is uid_or_username. Enter property arguments with the = delimiter separating property and values, then press Enter. The command returns a blank line.

To confirm the group is updated, use get_group_obj or navigate to Credentials > Local Groups in the SCALE Web UI.

Usage

From the CLI prompt, enter:

account group update gid_or_name=3006 users=3001

Where:

  • 3006 is the identification number or GID for the target group.
  • *3001 represents the property to update.

The command as written adds the user with UID 3001 to the group with GID 3006.

account group update gid_or_name=3006 users=3001

Related CLI Account Articles

Related SCALE Groups Articles

Have more questions or want to discuss your specific configuration? For further discussion or assistance, see these resources:

Found content that needs an update? You can suggest content changes directly! To request changes to this content, click the Feedback button located on the middle-right side of the page (might require disabling ad blocking plugins).