Hey there,
I want to create another admin-account for security reasons.
Manual: Managing Users | TrueNAS Documentation Hub
So this should be the right way?
Credentials Local Users Add Full Name, Username,
pw and pw confirm
a. „Create new primary group“ uncheck
b. Ausxilliary Group: built-in-administrator
c. primary group: admin
d. Home Directory in /mnt/nameBootPool/
e. „Create Home Directory“ check
f. Shell → zsh
g. „Allow all sudo commands“ check
h. Save
- Does it seem to be right?
- when everything is fine, i can deactivate pw from “admin”, or?
- Why am I not able to create a home-dir of the new user in “/home/username”? I can only do it in /mnt/nameBootPool and var/empty and other directories.
- Is /mnt/nameBootPool/username recommended for home directory?
Thanks for information
The important step is the group permissions Local Admin User
There is no real right way…
A better question is what are you trying to accomplish?
if you just dont want to login as root then just
- Make a Group
- Assign Group Local Admin
- Create User
- Add user to group
- create home directory for shell environment as needed
- set shell type as needed
- generally dont allow sudo without the password
1 Like
Did you get this working?
I’m not sure if you can store the home directories on the boot pool.
I set up a UserHomes generic dataset, with root as the user/group, and any other dataset settings you want to customize (e.g., recordsize=1M in my case).
Don’t create any sub-datasets: when you use the dataset to store home directories, they’re stored in the top level of the UserHomes dataset, with the correct user and group associated with the admin user who owns them.
@Tyler_Shield described the same process I’ve used with good results.
- For me, I first created the group johntdavis with Full Admin privileges, and reloaded the interface until that actually showed up correctly as “Full Admin” in the group description.
- Then I created the user johntdavis, and instead of creating a new primary group, used the primary group I’d just created. Per the TrueNAS docs, I also added builtin_admins as a secondary group to the user. (Full Control has to do with the web GUI; builtin_admins by default contains root and admin, and is a good way to corral all the users with actual superuser privileges on the system, especially when you want to assign that whole group to a dataset ACL.
- Once I was sure everything was working (web login and web shell), I added the public key via the User editor, so I could do key-based SSH authentication.
1 Like
Thank you for your advices.
I want to add an admin with the same permissions, as “admin” but with another name to improve security.
@SinisterPisces
I tried your method:
Group:
And for the User = Benutzer (german)
“Allow all sudo commands” is checked
But it did not work, when I go to System Settings → Shell I get
Do I have to configure the shell ZSH?
But on the Truenas itself, when I press 4 for changing admin-pw i can choose between admin and thomasadmin
OK, i created a file like under number 0 in the picture above and now it starts like in the following picture
