Users (WIP) Screens
10 minute read.
The Credentials > Users (WIP) screen shows a table with all users created on the system. A set of widgets shows for the selected user row (the first row is selected by default).
Add opens the Add User screen.
Edit opens the Edit user screen.
Delete opens the Delete User dialog.
The Users (WIP) screen search is set to the basic, or simple search option by default. It accepts any word entered, such as a username, user type, or role.
Switch to Advanced link shows in the search field when in basic search mode.
Switch to Advanced shows advanced search options, an advanced search syntax example in the search field, and several Add Filter buttons directly below the search field for common search options. The users table shows all users in the system.
Switch to Basic option shows in the search field when in advanced search mode. Switch to Basic returns to the basic user table view.
The **Users (WIP)**screen user table shows the Username, Full Name, Type, and pre-defined administrator role assigned to the user (Access) for each user. Username, Full Name, and Type sort the list in an ascending or descending order. Each user row also shows an icon showing the level of access given to the user.
| Icon | Description |
|---|---|
 | Indicates the user has TrueNAS Access. |
 | Indicates the user has SMB access. |
| Indicates the user has an API key. |
By default, only local users show in the user table. The Filter by Type dropdown list has three options to show all users in the system:
- Built-in - Shows all built-in users.
- Local - Shows all users added by an administrator account.
- Directory Services - Shows all users added by a directory service like LDAP, FreeIPA, or Active Directory.
Filter by Type allows selecting multiple filter options.
The selected user row shows values for that user in the Details for user widgets.
The User (WIP) screen shows up to three widgets for each user based on the type of user:
- Profile - Shows for all user types (local, built-in, directory service created users).
- Password - Shows for users that require access to the UI, SSH, or communication to or with external services or users.
- Access - Shows for all user types.
Edit opens the Edit User screen.
The Profile widget shows the full name, group membership, type of user (Local, Built-in, or Directory Service), home directory path, and the user ID.
The Password widget shows for users who require credentials to access the UI, an SSH session, or have external communication capabilities (Built-in users). The widget shows the password age, which is how long that password has been in use, and the date and time it was last changed.
The Password widget for the truenas_admin and admin users not currently logged in shows the Generate One-Time Password button.
Generate One-Time Password opens the One-Time Password window showing a system-generated password.
Copy to Clipboard copies the key to the clipboard so you can paste it into a text file and save it for use later when TrueNAS prompts you to enter it.
The Access widget has three sections: last action, password status, and any roles, API keys, or access privileges granted to SSH and shell, and shows the Shell settings and access path.
Information details on the Access widget:
Last Action can be a method call for the action taken (like opening a log file), log in or log out, or none. It shows the date and time of that last action.
The password shows an active key icon when the user has a password or an inactive key icon when the user does not have a password. Users with passwords show the Password widget.
The access area shows:
- Services (such as SMB Access) and indicates whether it is active or inactive when not granted.
- Pre-defined privilege or role assigned to the user, such as Full Admin, Share Admin, Read Only Admin.
- API keys assigned or not. When a key exists, the icon changes and shows a number with the key, for example, 1key.
- SSH access is active or inactive if not granted.
- Shell access path.
- Allowed sudo commands setting
- Allowed Sudo Commands (No Password) setting
The following table legend shows the icons found on the Access widget:
| Icon | Description |
|---|---|
| Indicates user has a password. | |
| Indicates the user has TrueNAS Access. |
| Indicates the user has SMB access. |
| Indicates the user has an API key. | |
| Indicates the user has SSH access. | |
| Indicates the user has shell access. |
See Logs opens the Audit screen showing log details for activity associated with that user.
Add API Key link that opens the Add API Key screen. When the user has an API key, View API Keys shows and opens the user API Keys screen.
Lock User opens a confirmation dialog before locking the user. A locked user is prevented from logging in or using password-based services while locked. This button toggles to Unlock User, which shows a confirmation dialog before unlocking the user.
The Add User and Edit User configuration screens show the same setting options, but a few options are not editable. Built-in users (except the root user) do not show the home directory settings, but all new users created and the SMB share smbguest user do.
The Username and Allow Access settings specify the username and level of access (privileges granted) given to the user. Each access option changes the settings shown in other sections of the Add User and Edit User screens.
| Setting | Description |
|---|---|
| Username | (Required) Text entry field that accepts manual or copy/paste entry of a name for the user. A user name consists of up to 32 characters. When using NIS or other legacy software with limited user name lengths, keep names to eight characters or less for compatibility. Names should not begin with a hyphen (-), include a space, tab, or these special characters: comma (,), plus (+), ampersand (&), percent (%), carat (^), open or close parenthesis ( ), exclamation mark (!), at symbol (@), tilde (~), question mark (?), greater or less than symbols (<)(>), or equal (=). |
| Allow Access | Specifies the access granted to the user account. Each option shows different settings. Access options are: |
| Select Role | Shows after selecting TrueNAS Access. Each role adds the appropriate group to the Groups option under Additional Details. |
Authentication settings show after selecting Shell Access or SSH Access options under Allow Access. Password shows for all access options.
| Setting | Description |
|---|---|
| Password | (Required) Text entry field for the password or passphrase the user enters when logging into the UI or an SSH session. A password cannot contain a question mark (?). |
| Public SSH Key | Only shows after selecting SSH Access. Text entry field that accepts manual or copy/paste entry of the public SSH key for any key-based authentication. Do not paste the private key in this field! |
The edit icon shows a text entry or a dropdown list field. Some settings show additional settings, for example, the Group, Home Directory, and Sudo Commands all show additional setting options.
| Setting | Description |
|---|---|
| Full Name | Text entry field that accepts manual entry of the full name (first and last) for the user. |
| Enter the email address of the new user. This email address receives notifications, alerts, and messages based on configured settings. | |
| Groups | Shows the Create New Primary Group pre-selected by default, and Auxiliary Groups settings after clicking the edit icon. Create New Primary Group creates a new primary group with the same name entered in Username. Disabling Create New Primary Group shows a dropdown list with group options. Auxiliary Group shows a dropdown list after clicking in the field. This sets the membership auxiliary group. For example, to add built-in administrator or truenas_readonly_administrator group privileges. |
| UID | Shows the default Next Available. Shows a text entry field that accepts manual entry of a new number for the user ID after clicking edit. Enter a number greater than 1000 for user accounts. System accounts use an ID equal to the default port number used by the service. |
| Home Directory | Sets the home directory for the user. Shows the default New directory under /var/empty when not configured. Disabling Create Home Directory changes the mount path and browser fields to Home Directory. The mount path field allows manual entry of the path to the home directory for this user, or populates with the path selected with the file browser directly below. The file browser allows creating a new dataset after clicking on an existing dataset. If the directory exists and matches the value in Username, it is set as the home directory for the user. When the path does not end with a subdirectory matching the username, a new subdirectory is created if the Create Home Directory option is selected. Disabling Default Permissions shows the Home Directory Permissions Read/Write/Execute and User/Group/Other checkboxes to customize the home directory permissions. |
| Shell | Select the shell for local and SSH logins from the dropdown list. Options are bash dash, rbash, sh, tmux, TrueNAS CLI, TrueNAS Console, and zsh. |
| Sudo Commands | Shows options for entering sudo commands. Options are:sudo commands entered in the field. Enter allowed commands as an absolute path to the ELF (Executable and Linkable Format) executable file, for example, /usr/bin/nano. Grants limited root-like permissions for this user when using these commands, and prompts the user for their account password. sudo commands, but prompts the user to enter their password.sudo commands the user can enter without seeing a prompt to enter their password. Enter each command as an absolute path to the ELF (Executable and Linkable Format) executable file, for example, /usr/bin/nano. Exercise caution when allowing sudo commands without password prompts. We recommend limiting this privilege to trusted users and specific commands to minimize security risks.sudo commands without seeing a prompt to enter their password. This is not recommended! |