Managing Groups
3 minute read.
TrueNAS offers groups as an efficient way to manage permissions for many similar user accounts. See Users for managing users. The interface lets you manage UNIX-style groups. If the network uses a directory service, import the existing account information using the instructions in Active Directory.
To see saved groups, go to Credentials > Groups.
By default, TrueNAS hides the built-in groups in the system. To see built-in groups, click the Show Built-In Groups toggle. The toggle turns blue and shows all built-in groups. Click the Show Built-In Groups toggle again to show only non-built-in groups on the system.
To create a group, go to Credentials > Groups and click Add.
Enter a unique number for the group ID in GID. TrueNAS uses this to identify a Unix group. Enter a number above 3000 for a group with user accounts or enter the default port number as the GID for a system service.
Enter a name for the group. The group name cannot begin with a hyphen (-) or contain a space, tab, or any of these characters: colon (:), plus (+), ampersand (&), hash (#), percent (%), carat (^), open or close parentheses ( ), exclamation mark (!), at symbol (@), tilde (~), asterisk (*), question mark (?) greater or less than (<) (>), equal (=). The dollar sign ($) can be the last character in a group name.
Group names must also align with the Portable Filename Character Set defined by The Open Group.
If required, set the sudo permissions to assign. For improved security, temporarily enable limited sudo permissions only when required to complete an administrative task and disable sudo after completing the task. See Allowing Sudo Commands for more information.
To allow Samba permissions and authentication to use this group, select SMB Group.
Using the same group ID (GID) is not permitted as it can create confusion. The operating system treats it as the same group, even if a different name is assigned.
Select SMB Group to make this group available for permissions editors over SMB protocol, and add the share ACL editor. This is not used for SMB authentication or when determining the user session token or internal permissions checks.
Click Save.
Click anywhere on a row to expand that group and show the group management buttons.
Use Members to manage membership and Edit or Delete to manage the group.
To manage group membership, go to Credentials > Groups, click on the group entry to expand it, then click Members to open the Update Members screen.
To add a user account to the group, select the user and then click the right arrow .
To remove a user account from the group, select the user and then click the left arrow .
To select multiple users, press Ctrl and click on each entry.
Click Save.
To edit an existing group, go to Credentials > Groups, expand the group entry, and click edit Edit to open the Edit Group configuration screen. See Groups Screens for details on all settings.