In Scale and Core before, it was possible using the shell and using → usermod. That’s why certain users are member of certain groups right now.

But today this feature has gone.

root@truenas[/home/admin]# usermod -aG group user
[sss_cache] [confdb_init] (0x0010): Unable to open config database [/var/run/sssd-cache/db/config.ldb]
Could not open available domains
[sss_cache] [confdb_init] (0x0010): Unable to open config database [/var/run/sssd-cache/db/config.ldb]
Could not open available domains
root@truenas[/home/admin]#

Unfortunately it doesn’t work over the GUI. So, when you go to

• Credentials
• Groups
• Update Members
  e.g.
  Manage members of docker group

you get

Validation Error

[EINVAL] group_update.users: Group membership for this builtin group may not be changed.

and with → more Info

Error: Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/middlewared/api/base/server/ws_handler/rpc.py”, line 323, in process_method_call
result = await method.call(app, params)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/middlewared/api/base/server/method.py”, line 40, in call
result = await self.middleware.call_with_audit(self.name, self.serviceobj, methodobj, params, app)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/middlewared/main.py”, line 883, in call_with_audit
result = await self._call(method, serviceobj, methodobj, params, app=app,
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/middlewared/main.py”, line 692, in _call
return await methodobj(*prepared_call.args)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/middlewared/service/crud_service.py”, line 266, in update
return await self.middleware._call(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/middlewared/main.py”, line 692, in _call
return await methodobj(*prepared_call.args)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/middlewared/service/crud_service.py”, line 287, in nf
rv = await func(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/middlewared/api/base/decorator.py”, line 88, in wrapped
result = await func(*args)
^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/middlewared/plugins/account.py”, line 1869, in do_update
verrors.check()
File “/usr/lib/python3/dist-packages/middlewared/service_exception.py”, line 72, in check
raise self
middlewared.service_exception.ValidationErrors: [EINVAL] group_update.users: Group membership for this builtin group may not be changed.

So there is no way to add a user to a builtin group anymore, isn’t it?

Example:
for ampache and the docker container volumes the (main) user must be a member of www-data.

At the moment I can’t add any users to the group ‘www-data’ anymore, just because www-data is a builtin group!!??!!??!!

To be clear. Now it is not possible, to reasign any users to any builtin groups.

Is it a feature, or is it a bug?

With a couple of exceptions builtin group memberships cannot be changed. This was an intentional design decision.

With a couple of exceptions builtin group memberships cannot be changed. This was an intentional design decision.

Ugggh… this is unfortunate. I can no longer add users to my “backup” group. Will need to re-do permissions. What a pain.

Yes… I’m “using it wrong”.