Local Groups Screens
4 minute read.Last Modified 2023-11-30 10:15 EST
The Credentials > Local Groups screen displays a list of groups configured on the screen. By default, built-in groups are hidden until you make them visible.
To see built-in groups, click the Show Built-In Groups toggle. The toggle turns blue and all built-in groups display. Click the Show Built-In Groups toggle again to show only non-built-in groups on the system.
The Credentials > Local Groups screen displays the No groups screen if no groups other than built-in groups are configured on the system.
Add opens the Add Group configuration screen.
Click thearrow or anywhere on a row to expand that group and show the group management buttons.
Click Add to open the Add Group configuration screen.
|GID||Required. Enter a unique number for the group ID (GID) TrueNAS uses to identify a Unix group. Enter a number above 1000 for a group with user accounts (you cannot change the GID later). If a system service uses a group, the group ID must match the default port number for the service.|
|Name||Required. Enter a name for the group. The group name cannot begin with a hyphen (-) or contain a space, tab, or any of these characters: colon (:), plus (+), ampersand (&), hash (#), percent (%), carat (^), open or close parentheses ( ), exclamation mark (!), at symbol (@), tilde (~), asterisk (*), question mark (?) greater or less than (<) (>), equal (=). You can only use the dollar sign ($) as the last character in a user name.|
|Allowed sudo commands||Use to list specific sudo commands allowed for group members. Enter each command as an absolute path to the ELF (Executable and Linkable Format) executable file, for example /usr/bin/nano. |
Grants limited root-like permissions for group members when using these commands. Using sudo prompts the user for their account password.
|Allow all sudo commands||Select to give group members permission to use all sudo commands. Using sudo prompts the user for their account password.|
|Allowed sudo commands with no password||Use to list specific sudo commands allowed for group members with no password required. Enter each command as an absolute path to the ELF (Executable and Linkable Format) executable file, for example /usr/bin/nano. |
Grants limited root-like permissions for group members when using these commands. Exercise caution when allowing sudo commands without password prompts. It is recommended to limit this privilege to trusted users and specific commands to minimize security risks.
|Allow all sudo commands with no password||Not recommended. Select to give group members the ability to use all sudo commands with no password required.|
|Samba Authentication||Select to allow this group to authenticate to and access data shares with SMB samba shares.|
|Allow Duplicate GIDs||Not recommended. Select to allow more than one group to have the same group ID. Use only if absolutely necessary, as duplicate GIDs can lead to unexpected behavior.|
Click Edit on an expanded group in the Groups screen to open the Edit Group screen.
Edit Group has the same fields and checkboxes as Add Group, except that it does not include Allow Duplicate GIDs.
Use the Update Members screen to manage group permissions and access for large numbers of user accounts.
To add user accounts to the group, select users and then click the right arrow . To remove user accounts from the group, select users and then click the left arrow . Select multiple users by holding Ctrl while clicking each entry.