Get a Quote     (408) 943-4100   TrueNAS Discord VendOp_Icon_15x15px Commercial Support
TrueNAS.com Software Systems Company Community Security iX Portal Download
TrueNAS CORE TrueNAS Enterprise TrueNAS SCALE Compare Editions TrueCommand Software Status FreeNAS
Compare Systems F-Series M-Series X-Series R-Series Mini Series
About iXsystems Our Clients Reviews Careers Awards iX Blog & News iX Website Contact Us
Community Forum Discord TrueNAS GitHub TrueNAS Merch Store
Application Analytics Backup and Archival Cloud Data Mobility File Sharing iX Storj Media Creation Video Surveillance Virtualization
Industry Automotive Education Gaming Government Healthcare MSP Manufacturing Research & AI Media & Entertainment
Download TrueNAS CORE Download TrueNAS SCALE Get TrueNAS Enterprise Compare TrueNAS Editions Where to Buy
  1. Documentation Hub
  2. /
  3. TrueNAS SCALE
  4. /
  5. CLI Reference Guide
  6. /
  7. Account
  8. /
  9. Group
Edit page

Group

  10 minute read.

Last Modified 2023-11-30 10:15 EST

The TrueNAS CLI guide for SCALE is a work in progress! New namespace and command documentation is continually added and maintained, so check back here often to see what is new!

The group namespace contains eight commands and is based on functions found in the SCALE API and web UI. It provides access to group account creation, configuration, and management functions.

Group Commands

The following group namespace commands allow you to manage group settings.

You can enter commands from the main CLI prompt or from the account namespace prompt.

Interactive Argument Editor (TUI)

Create Command

The create command creates a new group.

Using the Create Command

Description

create has seven configuration properties. They are gid, name, smb, sudo_commands, sudo_commands_nopasswd, allow_duplicate_gid, and users. The only required property is name. If a group identification number is not provided, it is automatically filled with the next one available. For more details, see Create Configuration Properties below.

Create Configuration Properties

PropertyAcceptsRequiredFunction
gidIntegerNoAssigns the group identification number. If not providing a gid during group creation, the system automatically fills with the next one available.
Ex. gid=3005
  Where 3005 is a GID number.
nameStringYesSets the group name.
Ex. name=TestGroup
  Where TestGroup is a group name.
smbBooleanNoSets whether the group maps into an NT group for Windows SMB sharing. Defaults to true.
Ex. smb=false
  Where false is a boolean value.
sudo_commandsArrayNoSets any sudo commands group members are allowed to use. Security best practice is to limit sudo permissions to administrative users.
Ex. sudo_commands="path1,path2"
  Where path1 and path2 are absolute paths to the location of executable scripts or packages.
  You can also use sudo_commands="ALL"
sudo_commands_nopasswdArrayNoSets any sudo commands group members are allowed to use without entering a password. Exercise caution when allowing sudo commands without password prompts. We recommend limiting this privilege to trusted users and specific commands to minimize security risks.
Ex. sudo_commands_nopasswd="path1,path2"
  Where path1 and path2 are absolute paths to the location of executable scripts or packages.
  You can also use sudo_commands_nopasswd="ALL", but this is not recommended.
allow_duplicate_gidBooleanNoIf set to true, allows distinct group names to share the same group identification number. Defaults to false.
Important: Use only if absolutely necessary. Duplicate GIDs can lead to unexpected behavior.
Ex. allow_duplicate_gid=true
  Where true is a boolean value.
usersArray or IntegerNoAssigns users to the group with a list of one or more user identification numbers (UIDs).
Ex. users=[3001,3002]
  Where 3001 and 3002 are UID numbers for group members.

Enter the command string with the property argument(s) using the `=’ delimiter to separate the properties and values, then press Enter. The command returns a blank line.

To confirm the group is created, use get_group_obj or go to Credentials > Local Groups in the SCALE Web UI.

Usage

From the CLI prompt, enter:

account group create name=name

Where name is the desired group name.

To create a group that also sets Samba authentication and adds group members, enter:

account group create name=TestGroup gid=3022 smb=false users=[3000,3001]

Where:

  • 3022 is the group id number.
  • TestGroup is a group name.
  • false does not set Samba authentication. Enter true to include Samba authentication.
  • 3000,3001 are user id numbers to add as group members.

Command Example 
account group create name=TestGroup

Delete Command

The delete command erases an existing group.

Using the Delete Command

Description

The delete command has one required property, id. Enter property arguments using the = delimiter to separate the property and value. Enter the command string, then press Enter. The command returns a blank line.

If using the options property with the delete_group property argument set to true, the command also deletes any user with the target as its primary group. delete_group defaults to false. Carefully consider affected users before adding this option.

To confirm the group is deleted, use get_group_obj or navigate to Credentials > Local Groups in the SCALE Web UI.

Usage

From the CLI prompt, enter:

account group delete id=3000

Where 3000 is the group identification number.

Or to enter the command using the option property and the delete_group property argument, enter:

account group delete id=3000 options={“delete_group”:true}

Where:

  • 3000 is a group ID.
  • delete_group is a property you can include in the options property array.
  • true sets the delete_group option to delete users with the specified group. If set to false the users are not deleted.

Command Example 
account group delete id=3000

Get_Group_Obj Command

The get_group_obj command returns dictionary containing information from struct grp including group name, identification number, and group members.

Using the Get_Group_Obj Command

Description

The get_group_obj command has one required property, get_group_obj that expects you to enter property arguments formatted as an array. Enter the command string, using = followed by the curly brackets that enclose the property argument. You can enter either the gid or groupname property in this command string. Enter the property enclosed in double quotes, then the : delimiter followed by the value enclosed in double quotes, with no space after the colon. PressEnter. The command returns a table for the GID that includes the gr_name, gr_gid, and gr_mem values.

Usage

From the CLI prompt, enter:

account group get_group_obj get_group_obj={“groupname”:"TestGroup"}

Where TestGroup is the name of the target group.

Or, enter the command using the group ID:

account group get_group_obj get_group_obj={“gid”:3002}

Where 3002 is the GID number for the target group.

Command Example 
account group get_group_obj get_group_obj={"groupname":"TestGroup"}
+---------+------------+
| gr_name | TestGroup  |
|  gr_gid | 3002       |
|  gr_mem | testuser   |
|         | AttTest    |
+---------+------------+

Get_Instance Command

The get_instance command retrieves information about a group.

The TrueNAS CLI guide for SCALE is a work in progress! This command has not been fully tested and validated. Full documentation is still being developed. Check back for updated information.
Using Get_Instance Command

Description

The get_instance command has one required property, id. Enter property arguments with the = delimiter separating property and value. Enter the command string, then then press Enter. The command returns a table of information about the UID entered.

Usage

From the CLI prompt, enter:

account group get_instance id=1

Where 1 is the database id for the group, in this case root.

Command Example 
account group get_instance id=1
+------------------------------------------+
|                        id | 1            |
|                       gid | 0            |
|                     group | wheel        |
|                   builtin | true         |
|             sudo_commands | <empty list> |
|  sudo_commands_nopassword | <empty list> |
|                       smb | false        |
|                      name | wheel        |
|                     users | 1            |
|                     local | true         |
|              id_type_both | false        |
|                   nt_name | <null>       |
|                       sid | <null>       |
+------------------------------------------+

Get_Next_Gid Command

The get_next_gid command displays the next available group identification (GID) number.

Using the get_next_gid Command

Description

The get_next_gid command does not require entering properties or values. Enter the command, then press Enter The command returns the next available GID in numerical order. Default behavior begins identification number for local groups at 3000.

Usage

From the CLI prompt, enter:

account group get_next_gid

Command Example 
account group get_next_gid
3000

Has_Password_Enabled_User Command

The has_password_enabled_user command checks whether at least one local user with a password enabled is a member of one or more provided groups.

Using the Has_Password_Enabled_User Command

Description

The has_password_enabled_user command has one required property, gids. The exclude_user_ids property sets specified password enabled users to ignore. Target groups are specified by group identification number (GID). Enter property arguments using the = delimiter to separate property and value. Enter the command string, then press Enter. Returns a single true if any targeted groups have at least one user with a password enabled, false if all groups have no users with passwords enabled. If more than one group is included in the query, the command does not return group specific information.

Usage

From the CLI prompt, enter:

account group has_password_enabled_user gids=3001

Where 3001 represents the GID(s) to query.

Command Examples 
account group has_password_enabled_user gids=3001
false

Or if specifying multiple gids:

account group has_password_enabled_user gids=3001,3002
true

Query Command

The query command retrieves information about a group or groups or the query-options-get_instance value specified.

The TrueNAS CLI guide for SCALE is a work in progress! This command has not been fully tested and validated. Full documentation is still being developed. Check back for updated information.
Using the Query Command

Description

The query command has no required properties or arguments, but you can use various query-filters and query-options specified in an array. Enter the command, then press Enter. Returns a table of all groups in the system.

Usage

From the CLI prompt, enter:

account group query

Command Example 
account group query
+-------+------------------------+---------+---------------+------------------------+-------+------------------+-------+--------------+---------+--------+
| gid   | name                   | builtin | sudo_commands | sudo_commands_nopasswd | smb   | users            | local | id_type_both | nt_name | sid    |
+-------+------------------------+---------+---------------+------------------------+-------+------------------+-------+--------------+---------+--------+
| 0     | wheel                  | true    | <empty list>  | <empty list>           | false | root             | true  | false        | <null>  | <null> |
| 1     | daemon                 | true    | <empty list>  | <empty list>           | false | daemon           | true  | false        | <null>  | <null> |
| 15    | kmem                   | true    | <empty list>  | <empty list>           | false | <empty list>     | true  | false        | <null>  | <null> |
| 3     | sys                    | true    | <empty list>  | <empty list>           | false | sys              | true  | false        | <null>  | <null> |
| 5     | tty                    | true    | <empty list>  | <empty list>           | false | <empty list>     | true  | false        | <null>  | <null> |
| 37    | operator               | true    | <empty list>  | <empty list>           | false | uucp             | true  | false        | <null>  | <null> |
| 8     | mail                   | true    | <empty list>  | <empty list>           | false | mail             | true  | false        | <null>  | <null> |
| 2     | bin                    | true    | <empty list>  | <empty list>           | false | bin              | true  | false        | <null>  | <null> |
| 9     | news                   | true    | <empty list>  | <empty list>           | false | news             | true  | false        | <null>  | <null> |
...

Update Command

The update command updates the attributes of an existing group.

Using the Update Command

Descripton

The update command uses the same properties as the create command.

Update Configuration Properties

PropertyAcceptsRequiredFunction
gidIntegerNoAssigns the group identification number. If not providing a gid during group creation, the system automatically fills with the next one available.
Ex. gid=3005
  Where 3005 is a GID number.
nameStringYesSets the group name.
Ex. name=TestGroup
  Where TestGroup is a group name.
smbBooleanNoSets whether the group maps into an NT group for Windows SMB sharing. Defaults to true.
Ex. smb=false
  Where false is a boolean value.
sudo_commandsArrayNoSets any sudo commands group members are allowed to use. Security best practice is to limit sudo permissions to administrative users.
Ex. sudo_commands="path1,path2"
  Where path1 and path2 are absolute paths to the location of executable scripts or packages.
  You can also use sudo_commands="ALL"
sudo_commands_nopasswdArrayNoSets any sudo commands group members are allowed to use without entering a password. Exercise caution when allowing sudo commands without password prompts. We recommend limiting this privilege to trusted users and specific commands to minimize security risks.
Ex. sudo_commands_nopasswd="path1,path2"
  Where path1 and path2 are absolute paths to the location of executable scripts or packages.
  You can also use sudo_commands_nopasswd="ALL", but this is not recommended.
allow_duplicate_gidBooleanNoIf set to true, allows distinct group names to share the same group identification number. Defaults to false.
Important: Use only if absolutely necessary. Duplicate GIDs can lead to unexpected behavior.
Ex. allow_duplicate_gid=true
  Where true is a boolean value.
usersArray or IntegerNoAssigns users to the group with a list of one or more user identification numbers (UIDs).
Ex. users=[3001,3002]
  Where 3001 and 3002 are UID numbers for group members.

The required property is uid_or_username. Enter property arguments with the = delimiter separating property and values, then press Enter. The command returns a blank line.

To confirm the group is updated, use get_group_obj or navigate to Credentials > Local Groups in the SCALE Web UI.

Usage

From the CLI prompt, enter:

account group update gid_or_name=3006 users=3001

Where:

  • 3006 is the identification number or GID for the target group.
  • *3001 represents the property to update.

The command as written adds the user with UID 3001 to the group with GID 3006.

Command Example 
account group update gid_or_name=3006 users=3001

Related Content

SCALE CLI Reference

SCALE Tutorials

SCALE UI Reference

Have more Questions?

For further discussion or assistance, see these resources:

Found content that needs an update?  You can suggest content changes directly! To request changes to this content, click the Feedback button located on the middle-right side of the page (might require disabling ad blocking plugins).