Get a Quote     (408) 943-4100               TrueNAS Discord      VendOp_Icon_15x15px   Commercial Support Toggle between Light and Dark mode
TrueNAS.com Software Systems Company Community Security iX Portal Download

  1. Documentation Hub
  2. /
  3. TrueNAS SCALE
  4. /
  5. SCALE Tutorials
  6. /
  7. Credentials
  8. /
  9. Managing Users
Edit this page

Managing Users

  4 minute read.

Last Modified 2022-12-09 17:43 -0500

In TrueNAS, user accounts allow flexibility for accessing shared data. Typically, administrators create users and assign them to groups. Doing so makes tuning permissions for large numbers of users more efficient.

Only the root user account can log in to the TrueNAS web interface until the root user creates an admin user with the same permissions. After loggin in as root, TrueNAS alerts you to create the local administrator account.

RootLoginAlert

As part of security hardening and to comply with Federal Information Processing standards (FIPS), iXsystems plans to completely disable root login in a future release. When this occurs, the sign-in screen prompts first-time users to create a new administration account they used in place of the root user. System administrators should create and begin using a new root-level user before this function goes away.

When the network uses a directory service, import the existing account information using the instructions in Directory Services.

Using Active Directory requires setting Windows user passwords in Windows.

To see user accounts, go to Credentials > Local Users.

LocalUsersSCALE

TrueNAS hides all built-in users (except root) by default. Click the toggle Show Built-In Users to see all built-in users.

Creating User Accounts

This short video demonstrates adding a local user.

(Video URL: https://www.truenas.com/docs/files/scaleangelfishlocalusers.mp4)

To create a new user, click Add.

TrueNAS lets users configure four different user account traits (settings).

Configuring User Identification Settings

AddUserIdentificationSettings

Enter the user full name in Full Name. TrueNAS suggests a simplified name in Username derived from the Full Name, but you can override it with your own choice.

You can also assign a user account email address in the Email field.

By default, the Disable Password toggle is not enabled. In this case, set and confirm a password.

Setting Disable Password toggle to active (blue toggle) disables several options:

  • The Password field becomes unavailable, and TrueNAS removes any existing password from the account.
  • The Lock User and Permit Sudo options disappear.
  • The account is restricted from password-based logins for services like SMB shares and SSH sessions.

Configuring User ID and Groups Settings

AddUserUserIDAndGroupsSettings

Next, you must set a user ID (UID). TrueNAS suggests a user ID starting at 1000, but you can change it if you wish. We recommend using an ID of 1000 or greater for non-built-in users. New users can be created with a UID of 0.

By default, TrueNAS creates a new primary group with the same name as the user. This happens when the Create New Primary Group toggle is enabled. To add the user to an existing primary group instead, disable the Create New Primary Group toggle and search for a group in the Primary Group field. You can add the user to more groups using the Auxiliary Groups drop-down list.

Configuring Directories and Permissions Settings

When creating a user, the home directory path is set to /nonexistent, which does not create a home directory for the user. To set a user home directory, select a path using the file browser. If the directory exists and matches the user name, TrueNAS sets it as the user home directory. When the path does not end with a sub-directory matching the user name, TrueNAS creates a new sub-directory. TrueNAS shows the path to the user home directory when editing a user.

You can set the home directory permissions directly under the file browser. You cannot change TrueNAS default user account permissions.

Configuring Authentication Settings

AddUserDirPermsAuthSettings

You can assign a public SSH key to a user for key-based authentication by entering or pasting the public key into the Authorized Keys field.

Do not paste the private key.

If you are using an SSH public key, always keep a backup of the key.

You can set a specific shell for the user from the Shell dropdown options:

Shell Description
bash Bourne Again shell for the GNU operating system.
rbash Restricted bash
dash Debian Almquist shell
sh Bourne shell
zsh Z shell
tmux terminal multiplexer
nologin Use when creating a system account or to create a user account that can authenticate with shares but that cannot log in to the TrueNAS system using ssh.

Selecting Lock User disables all password-based functionality for the account until you clear the checkbox.

Permit Sudo allows the account to act as the system administrator using the sudo command. Leave it disabled for better security.

By default, Samba Authentication is enabled. This allows using the account credentials to access data shared with SMB.

Editing User Accounts

To edit an existing user account, go to Credentials > Local Users, expand the user entry, and click Edit to open the Edit User configuration screen. See Local User Screens for details on all settings.

Related Content