TrueNAS CORE
TrueNAS Enterprise
TrueNAS SCALE
Compare Editions
TrueCommand
Software Status
FreeNAS
Compare Systems
F-Series
M-Series
X-Series
R-Series
Mini Series
Download TrueNAS CORE
Download TrueNAS SCALE
Get TrueNAS Enterprise
Where to BuyTrueNAS SCALE Nightly Development Documentation
This content follows experimental early release software. Use the Product and Version selectors above to view content specific to a stable software release.
Group
10 minute read.
Last Modified 2024-03-15 13:07 EDTThe TrueNAS CLI guide for SCALE is a work in progress! New namespace and command documentation is continually added and maintained, so check back here often to see what is new!
The group namespace contains eight commands and is based on functions found in the SCALE API and web UI. It provides access to group account creation, configuration, and management functions.
The following group namespace commands allow you to manage group settings.
You can enter commands from the main CLI prompt or from the account namespace prompt.
The create command creates a new group.
Using the Create Command
create has seven configuration properties.
They are gid, name, smb, sudo_commands, sudo_commands_nopasswd, allow_duplicate_gid, and users.
The only required property is name.
If a group identification number is not provided, it is automatically filled with the next one available.
For more details, see Create Configuration Properties below.
Create Configuration Properties
| Property | Accepts | Required | Function |
|---|---|---|---|
gid | Integer | No | Assigns the group identification number. If not providing a gid during group creation, the system automatically fills with the next one available.Ex. gid=3005Where 3005 is a GID number. |
name | String | Yes | Sets the group name. Ex. name=TestGroupWhere TestGroup is a group name. |
smb | Boolean | No | Sets whether the group maps into an NT group for Windows SMB sharing. Defaults to true.Ex. smb=falseWhere false is a boolean value. |
sudo_commands | Array | No | Sets any sudo commands group members are allowed to use. Security best practice is to limit sudo permissions to administrative users. Ex. sudo_commands="path1,path2"Where path1 and path2 are absolute paths to the location of executable scripts or packages.You can also use sudo_commands="ALL" |
sudo_commands_nopasswd | Array | No | Sets any sudo commands group members are allowed to use without entering a password. Exercise caution when allowing sudo commands without password prompts. We recommend limiting this privilege to trusted users and specific commands to minimize security risks. Ex. sudo_commands_nopasswd="path1,path2"Where path1 and path2 are absolute paths to the location of executable scripts or packages.You can also use sudo_commands_nopasswd="ALL", but this is not recommended. |
allow_duplicate_gid | Boolean | No | If set to true, allows distinct group names to share the same group identification number. Defaults to false. Important: Use only if absolutely necessary. Duplicate GIDs can lead to unexpected behavior. Ex. allow_duplicate_gid=trueWhere true is a boolean value. |
users | Array or Integer | No | Assigns users to the group with a list of one or more user identification numbers (UIDs). Ex. users=[3001,3002]Where 3001 and 3002 are UID numbers for group members. |
Enter the command string with the property argument(s) using the `=’ delimiter to separate the properties and values, then press Enter. The command returns a blank line.
To confirm the group is created, use get_group_obj or go to Credentials > Local Groups in the SCALE Web UI.
From the CLI prompt, enter:
account group create name=name
Where name is the desired group name.
To create a group that also sets Samba authentication and adds group members, enter:
account group create name=TestGroup gid=3022 smb=false users=[3000,3001]
Where:
- 3022 is the group id number.
- TestGroup is a group name.
- false does not set Samba authentication. Enter true to include Samba authentication.
- 3000,3001 are user id numbers to add as group members.
The delete command erases an existing group.
Using the Delete Command
The delete command has one required property, id.
Enter property arguments using the = delimiter to separate the property and value.
Enter the command string, then press Enter.
The command returns a blank line.
If using the options property with the delete_group property argument set to true, the command also deletes any user with the target as its primary group. delete_group defaults to false.
Carefully consider affected users before adding this option.
To confirm the group is deleted, use get_group_obj or navigate to Credentials > Local Groups in the SCALE Web UI.
From the CLI prompt, enter:
account group delete id=3000
Where 3000 is the group identification number.
Or to enter the command using the option property and the delete_group property argument, enter:
account group delete id=3000 options={“delete_group”:true}
Where:
- 3000 is a group ID.
delete_groupis a property you can include in theoptionsproperty array.- true sets the
delete_groupoption to delete users with the specified group. If set to false the users are not deleted.
The get_group_obj command returns dictionary containing information from struct grp including group name, identification number, and group members.
Using the Get_Group_Obj Command
The get_group_obj command has one required property, get_group_obj that expects you to enter property arguments formatted as an array.
Enter the command string, using = followed by the curly brackets that enclose the property argument.
You can enter either the gid or groupname property in this command string.
Enter the property enclosed in double quotes, then the : delimiter followed by the value enclosed in double quotes, with no space after the colon. PressEnter.
The command returns a table for the GID that includes the gr_name, gr_gid, and gr_mem values.
From the CLI prompt, enter:
account group get_group_obj get_group_obj={“groupname”:"TestGroup"}
Where TestGroup is the name of the target group.
Or, enter the command using the group ID:
account group get_group_obj get_group_obj={“gid”:3002}
Where 3002 is the GID number for the target group.
The get_instance command retrieves information about a group.
The TrueNAS CLI guide for SCALE is a work in progress! This command has not been fully tested and validated. Full documentation is still being developed. Check back for updated information.
Using Get_Instance Command
The get_instance command has one required property, id.
Enter property arguments with the = delimiter separating property and value.
Enter the command string, then then press Enter.
The command returns a table of information about the UID entered.
From the CLI prompt, enter:
account group get_instance id=1
Where 1 is the database id for the group, in this case root.
Command Example
account group get_instance id=1
+------------------------------------------+
| id | 1 |
| gid | 0 |
| group | wheel |
| builtin | true |
| sudo_commands | <empty list> |
| sudo_commands_nopassword | <empty list> |
| smb | false |
| name | wheel |
| users | 1 |
| local | true |
| id_type_both | false |
| nt_name | <null> |
| sid | <null> |
+------------------------------------------+
The get_next_gid command displays the next available group identification (GID) number.
Using the get_next_gid Command
The get_next_gid command does not require entering properties or values.
Enter the command, then press Enter
The command returns the next available GID in numerical order.
Default behavior begins identification number for local groups at 3000.
From the CLI prompt, enter:
account group get_next_gid
The has_password_enabled_user command checks whether at least one local user with a password enabled is a member of one or more provided groups.
Using the Has_Password_Enabled_User Command
The has_password_enabled_user command has one required property, gids.
The exclude_user_ids property sets specified password enabled users to ignore.
Target groups are specified by group identification number (GID).
Enter property arguments using the = delimiter to separate property and value.
Enter the command string, then press Enter.
Returns a single true if any targeted groups have at least one user with a password enabled, false if all groups have no users with passwords enabled.
If more than one group is included in the query, the command does not return group specific information.
From the CLI prompt, enter:
account group has_password_enabled_user gids=3001
Where 3001 represents the GID(s) to query.
The query command retrieves information about a group or groups or the query-options-get_instance value specified.
The TrueNAS CLI guide for SCALE is a work in progress! This command has not been fully tested and validated. Full documentation is still being developed. Check back for updated information.
Using the Query Command
The query command has no required properties or arguments, but you can use various query-filters and query-options specified in an array.
Enter the command, then press Enter.
Returns a table of all groups in the system.
From the CLI prompt, enter:
account group query
Command Example
account group query
+-------+------------------------+---------+---------------+------------------------+-------+------------------+-------+--------------+---------+--------+
| gid | name | builtin | sudo_commands | sudo_commands_nopasswd | smb | users | local | id_type_both | nt_name | sid |
+-------+------------------------+---------+---------------+------------------------+-------+------------------+-------+--------------+---------+--------+
| 0 | wheel | true | <empty list> | <empty list> | false | root | true | false | <null> | <null> |
| 1 | daemon | true | <empty list> | <empty list> | false | daemon | true | false | <null> | <null> |
| 15 | kmem | true | <empty list> | <empty list> | false | <empty list> | true | false | <null> | <null> |
| 3 | sys | true | <empty list> | <empty list> | false | sys | true | false | <null> | <null> |
| 5 | tty | true | <empty list> | <empty list> | false | <empty list> | true | false | <null> | <null> |
| 37 | operator | true | <empty list> | <empty list> | false | uucp | true | false | <null> | <null> |
| 8 | mail | true | <empty list> | <empty list> | false | mail | true | false | <null> | <null> |
| 2 | bin | true | <empty list> | <empty list> | false | bin | true | false | <null> | <null> |
| 9 | news | true | <empty list> | <empty list> | false | news | true | false | <null> | <null> |
...
The update command updates the attributes of an existing group.
Using the Update Command
The update command uses the same properties as the create command.
Update Configuration Properties
| Property | Accepts | Required | Function |
|---|---|---|---|
gid | Integer | No | Assigns the group identification number. If not providing a gid during group creation, the system automatically fills with the next one available.Ex. gid=3005Where 3005 is a GID number. |
name | String | Yes | Sets the group name. Ex. name=TestGroupWhere TestGroup is a group name. |
smb | Boolean | No | Sets whether the group maps into an NT group for Windows SMB sharing. Defaults to true.Ex. smb=falseWhere false is a boolean value. |
sudo_commands | Array | No | Sets any sudo commands group members are allowed to use. Security best practice is to limit sudo permissions to administrative users. Ex. sudo_commands="path1,path2"Where path1 and path2 are absolute paths to the location of executable scripts or packages.You can also use sudo_commands="ALL" |
sudo_commands_nopasswd | Array | No | Sets any sudo commands group members are allowed to use without entering a password. Exercise caution when allowing sudo commands without password prompts. We recommend limiting this privilege to trusted users and specific commands to minimize security risks. Ex. sudo_commands_nopasswd="path1,path2"Where path1 and path2 are absolute paths to the location of executable scripts or packages.You can also use sudo_commands_nopasswd="ALL", but this is not recommended. |
allow_duplicate_gid | Boolean | No | If set to true, allows distinct group names to share the same group identification number. Defaults to false. Important: Use only if absolutely necessary. Duplicate GIDs can lead to unexpected behavior. Ex. allow_duplicate_gid=trueWhere true is a boolean value. |
users | Array or Integer | No | Assigns users to the group with a list of one or more user identification numbers (UIDs). Ex. users=[3001,3002]Where 3001 and 3002 are UID numbers for group members. |
The required property is uid_or_username.
Enter property arguments with the = delimiter separating property and values, then press Enter.
The command returns a blank line.
To confirm the group is updated, use get_group_obj or navigate to Credentials > Local Groups in the SCALE Web UI.
From the CLI prompt, enter:
account group update gid_or_name=3006 users=3001
Where:
- 3006 is the identification number or GID for the target group.
- *3001 represents the property to update.
The command as written adds the user with UID 3001 to the group with GID 3006.
Related Content
SCALE CLI Reference
SCALE Tutorials
SCALE UI Reference
Have more questions?
For further discussion or assistance, see these resources:
- TrueNAS Community Forum
- TrueNAS Community Discord
- iXsystems Enterprise Support (requires paid support contract)
Found content that needs an update? You can suggest content changes directly! To request changes to this content, click the Feedback button located on the middle-right side of the page (might require disabling ad blocking plugins).