Creating a NEW ISOLATED USER in TrueNAS Core ( More Comprehensive Guide)

AI GENERATED CONTENT

Setting up an isolated user with their own group, dataset, and share in TrueNAS Core without affecting the main installation involves creating a new user, group, and dataset, as well as configuring access controls and network shares. Below is a step-by-step guide to doing this, including a practical example, and a table format for clarity.

Objective:

  • Create a new user with its own group.
  • Create a dataset specifically for that user.
  • Configure the dataset with appropriate permissions.
  • Create a network share (SMB/NFS) accessible only to that user.
  • Ensure that these configurations don’t interfere with the main system setup.

Step 1: Create a New Group

  1. Log in to TrueNAS Web Interface:

    • Open your browser and go to the TrueNAS Core web interface (e.g., http://your_truenas_ip).
    • Log in with your administrator credentials.

  2. Navigate to the "Accounts" Section:

    • Go to Accounts -> Groups.

  3. Add a New Group:

    • Click Add to create a new group.
    • Group Name: user_group (or whatever you choose, e.g., john_group).
    • Group ID (GID): Leave this as default or manually specify a unique GID.
    • Save the group.

Step 2: Create a New User

  1. Navigate to the "Accounts" Section Again:

    • Go to Accounts -> Users.

  2. Add a New User:

    • Click Add to create a new user.
    • Username: user_name (e.g., john).
    • Full Name: John Doe (optional).
    • Home Directory: Leave it blank or specify /mnt/your_pool/user_name/.
    • Primary Group: Select user_group from the dropdown (the one you created earlier).
    • Create User Home Directory: Select Yes if you want to create a home directory, or leave it blank.
    • Password: Set a password for the user (e.g., password123).
    • Save the user.

Step 3: Create a Dataset for the User

  1. Navigate to the "Storage" Section:

    • Go to Storage -> Pools.

  2. Create a New Dataset:

    • Select the pool where you want to create the dataset (e.g., tank).
    • Click on the three dots menu next to your pool and choose Add Dataset.
    • Dataset Name: user_name (e.g., john_data).
    • Compression: Choose whether to enable compression or leave it as None.
    • Record Size: Choose an appropriate record size (e.g., 128K).
    • ACL Mode: Set to Restricted for more granular control, or Unix.
    • Save the dataset.

Step 4: Set Permissions on the Dataset

  1. Set Permissions for the Dataset:
    • Go to the three dots next to the dataset you just created and click Edit Permissions.
    • User: Select user_name (e.g., john).
    • Group: Select user_group (e.g., john_group).
    • Permissions:
      • For Owner (user): Check Read, Write, Execute.
      • For Group: Check Read, Write.
      • For Others: Check No Access.
    • Apply to save the changes.

Step 5: Create a Network Share (SMB or NFS)

Example: SMB Share

  1. Navigate to "Sharing" Section:

    • Go to Sharing -> Windows Shares (SMB).

  2. Add a New SMB Share:

    • Click Add to create a new share.
    • Path: Select the path of the dataset you created earlier (e.g., /mnt/tank/john_data).
    • Name: john_share (or a name of your choice).
    • Purpose: Set this as Default Share (or as appropriate).
    • Enable: Turn on SMB for this share.

  3. Configure ACL:

    • Click Add ACL Item.
    • Set:
      • User: john
      • Permissions: Set Read/Write.
    • Save the share.

  4. Enable SMB Service:

    • Go to Services -> SMB.
    • Turn SMB on if it’s not already enabled.
    • Click the Start button.

  5. Verify Access:

    • From a Windows machine, map the network drive to \\truenas_ip\john_share using the username john and the password you set.

Step 6: Test the Configuration

  1. Access the Share:

    • From the user’s machine, access the SMB share using the mapped network drive or UNC path.
    • Verify that the user has full access to the share and can create files, while others do not have access.

  2. Confirm Dataset Permissions:

    • Verify that the dataset has the correct ownership and permissions by checking the folder’s access rights on TrueNAS.

Example Table:

StepActionExample Configuration
Step 1: Create GroupCreate a new group for the user.Group Name: john_group
Step 2: Create UserCreate a new user and assign them to the group.Username: john, Primary Group: john_group, Password: password123
Step 3: Create DatasetCreate a dataset for the user.Dataset Name: john_data (Located in Pool: tank)
Step 4: Set PermissionsAssign permissions on the dataset.User: john, Group: john_group, Permissions: Read/Write for user/group
Step 5: Create ShareCreate an SMB share for the dataset.Share Name: john_share, Path: /mnt/tank/john_data
Step 6: TestAccess the share and verify permissions.SMB Share: \\truenas_ip\john_share (User: john, Password: password123)

Notes:

  • Backup: Always back up important configurations and data before making significant changes.
  • Isolation: Ensure the user’s dataset, group, and share settings are fully isolated from other users and groups.
  • Security: Regularly audit permissions and access controls to prevent unauthorized access.

By following this guide, you’ll be able to configure an isolated user in TrueNAS Core, with their own group, dataset, and network share, all while maintaining the integrity of the main installation and other configurations.

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)