TrueNASTrueNAS Nightly Development Documentation
This content follows experimental nightly development software. Pre-release software is intended for testing purposes only.
Use the Product and Version selectors above to view content specific to a stable software release.

Groups Screens

Groups Screen

The Credentials > Groups screen displays a list of groups configured on the screen. By default, built-in groups are hidden until you make them visible.

Groups Screen
Figure 1: Groups Screen

To see built-in groups, click the Show Built-In Groups toggle. The toggle turns blue and all built-in groups display. Click the Show Built-In Groups toggle again to show only non-built-in groups on the system.

The Credentials > Groups screen displays the No groups screen if no groups other than built-in groups are configured on the system.

Add opens the Add Group configuration screen.

Privileges opens the Privileges screen

Click the expand_more arrow or anywhere on a row to expand that group and show the group management buttons.

Expanded Group Screen
Figure 2: Expanded Group Screen

Use Members to manage membership and Edit or Delete to manage the group.

Add Group Screen

Click Add to open the Add Group configuration screen.

Add Group Screen
Figure 3: Add Group Screen
SettingDescription
GIDRequired. Enter a unique number for the group ID (GID) TrueNAS uses to identify a Unix group. Enter a number above 1000 for a group with user accounts (you cannot change the GID later). If a system service uses a group, the group ID must match the default port number for the service.
NameRequired. Enter a name for the group. The group name cannot begin with a hyphen (-) or contain a space, tab, or any of these characters: colon (:), plus (+), ampersand (&), hash (#), percent (%), carat (^), open or close parentheses ( ), exclamation mark (!), at symbol (@), tilde (~), asterisk (*), question mark (?) greater or less than (<) (>), equal (=). You can only use the dollar sign ($) as the last character in a user name.
PrivilegesAttaches administrator role privileges to the group. Using custom administrator roles aside from the defaults is an experimental feature and is not supported. Do not modify the local administrator or default admin user privileges! Only use if you need users in this group to access limited areas of the web UI or authentication for TrueNAS API calls.
Allowed sudo commandsUse to list specific sudo commands allowed for group members. Enter each command as an absolute path to the ELF (Executable and Linkable Format) executable file, for example /usr/bin/nano. /usr/bin/ is the default location for commands.
Grants limited root-like permissions for group members when using these commands. Using sudo prompts the user for their account password.
Allow all sudo commandsSelect to give group members permission to use all sudo commands. Using sudo prompts the user for their account password.
Allowed sudo commands with no passwordUse to list specific sudo commands allowed for group members with no password required. Enter each command as an absolute path to the ELF (Executable and Linkable Format) executable file, for example /usr/bin/nano. /usr/bin/ is the default location for commands.
Grants limited root-like permissions for group members when using these commands. Exercise caution when allowing sudo commands without password prompts. It is recommended to limit this privilege to trusted users and specific commands to minimize security risks.
Allow all sudo commands with no passwordNot recommended. Select to give group members the ability to use all sudo commands with no password required.
Samba AuthenticationSelect to allow this group to authenticate to and access data shares with SMB samba shares.
Allow Duplicate GIDsNot recommended. Select to allow more than one group to have the same group ID. Use only if absolutely necessary, as duplicate GIDs can lead to unexpected behavior.

Edit Group Screen

Click Edit on an expanded group in the Groups screen to open the Edit Group screen.

Edit Group Screen
Figure 4: Edit Group Screen

Edit Group has the same fields and checkboxes as Add Group, except that it does not include Allow Duplicate GIDs.

Update Members Screen

Use the Update Members screen to manage group permissions and access for large numbers of user accounts.

Update Members Screen
Figure 5: Update Members Screen

To add user accounts to the group, select users and then click the right arrow . To remove user accounts from the group, select users and then click the left arrow . Select multiple users by holding Ctrl while clicking each entry.

Click Save.

Privileges Screen

The Privileges feature is an early release experimental feature. Use the Privileges screens to view default administrator groups and roles, or define customized groupings of roles for different local or Directory Service-imported account groups.

Only the Readonly Admin, Sharing Admin, and Full Admin roles are supported in the Web UI. Users can experiment with defining a new privilege but should NOT edit the existing predefined administrator roles! Editing the unrestricted administrator account privilege can result in lost access to the system!

Privileges Screen
Figure 6: Privileges Screen

Add opens the New Privilege screen.

New Privilege Screen
Figure 7: New Privilege Screen

Click on a listed privilege to expand the row and show details on the privilege. Edit opens the Edit Privilege screen.

The new and edit privilege screens show the same settings but not all settings are editable.

SettingDescription
NameEnter a name for the new privilege. Names can include the dash (-) or underscore(_) special characters, and upper and lowercase alphanumeric characters. Enter a descriptive name for the privilege.
GroupsClick in the field to see a dropdown list of available groups to apply the privilege to. Do not add the predefined administrator or builtin groups! Only select new user groups created if you experiment with this function.
Directory Services GroupsClick in the field to see a dropdown list of available groups to apply the privilege to.
RolesClick in the field to see a dropdown list of all available roles available to assign to the new privilege.
Web Shell AccessSelect to allow a user assign the new privilege access to the System > Shell screen.

Assigned administrator roles display on the Users Screen.