Local Users
4 minute read.
Last Modified 2022-06-07 10:24 EDTIn TrueNAS, user accounts allow flexibility for accessing shared data. Typically, administrators create users and assign them to groups. Doing so makes tuning permissions for large numbers of users more efficient.
Only the root user account can log in to the TrueNAS web interface.
When the network uses a directory service, import the existing account information using the instructions in Directory Services.
Using Active Directory requires setting Windows user passwords in Windows.
To see user accounts, go to Credentials > Local Users.
TrueNAS hides all built-in users (except root) by default. Click the settings, then click SHOW to see all built-in users.
To create a new user, click Add.
TrueNAS lets users configure four different user account traits.
Enter the user full name in Full Name. TrueNAS suggests a simplified name in Username derived from the Full Name, but you can override it with your own choice.
You can also assign a user account email address in the Email field.
Set and confirm a password.
Next, you must set a user ID. TrueNAS suggests a user ID starting at 1000, but you can change it if you wish. We recommend using an ID of 1000 or greater for non-built-in users.
By default, TrueNAS creates a new primary group with the same name as the user. To add the user to an existing primary group instead, clear the New Primary Group checkbox and select a group from the Primary Group drop-down list. You can add the user to more groups using the Auxiliary Groups drop-down list.
When creating a user, the home directory path is set to
You can set the home directory permissions directly under the file browser. You cannot change TrueNAS default user account permissions.
You can assign a public SSH key to a user for key-based authentication by pasting the public key into the SSH Public Key field.
If you are using an SSH public key, always keep a backup of the key.
Click Download SSH Public Key to download the pasted key as a
By default, Disable Password is No.
Setting Disable Password to Yes disables several options:
- The Password field becomes unavailable, and TrueNAS removes any existing password from the account.
- The Lock User and Permit Sudo options disappear.
- The account is restricted from password-based logins for services like SMB shares and SSH sessions.
You can set a specific shell for the user from the Shell drop-down:
Shell | Description |
---|---|
csh | C shell for UNIX system interactions. |
sh | Bourne shell |
tcsh | Enhanced C shell that includes editing and name completion. |
bash | Bourne Again shell for the GNU operating system. |
ksh93 | Korn shell that incorporates features from both csh and sh. |
mksh | MirBSD Korn Shell |
rbash | Restricted bash |
rzsh | Restricted zsh |
scponly | scponly restricts the user’s SSH usage to only the scp and sftp commands. |
zsh | Z shell |
git-shell | restricted git shell |
nologin | Use when creating a system account or to create a user account that can authenticate with shares but that cannot log in to the TrueNAS system using ssh . |
Setting Lock User disables all password-based functionality for the account until you unset it.
Permit Sudo allows the account to act as the system administrator using the sudo
command. Leave it disabled for better security.
If the user accesses TrueNAS data using Windows 8 or newer, set Microsoft Account to enable those systems additional authentication methods.
By default, Samba Authentication is enabled. This allows using the account credentials to access data shared with SMB.
To edit an existing user account, go to Credentials > Local Users, expand the User entry, and click edit Edit: