Guide to Configure a new isolated user in TrueNAS SCALE

AI GENERATED CONTENT

To configure a new isolated user with their own group, pool, dataset, share, and ensure that the configuration doesn’t interfere with the main installation or other existing configurations in TrueNAS SCALE, we can follow a similar process to TrueNAS CORE but adapted for the SCALE interface and features. TrueNAS SCALE is based on Linux (Debian), so it uses more standard Linux tools and workflows for storage, permissions, and shares.

Here is a comprehensive guide with detailed steps, including an example and a practical table for clarity.

Objective:

• Create a new user and group.
• Create a dedicated pool for the user.
• Set up a dataset for the user.
• Configure the dataset with the necessary permissions.
• Create a share (SMB or NFS) for the user to access the dataset.
• Ensure this configuration does not interfere with the main installation or other configurations.

---

Step 1: Create a New Group

1. Log in to TrueNAS SCALE Web Interface:

   • Open your browser and go to the TrueNAS SCALE web interface (e.g., http://your_truenas_scale_ip).
   • Log in using your administrator credentials.

2. Navigate to the "Accounts" Section:

   • Go to Accounts -> Groups.

3. Add a New Group:

   • Click the Add button to create a new group.
   • Group Name: user_group (e.g., john_group).
   • Group ID (GID): Leave the default GID or manually specify a unique GID if needed.
   • Save the group.

---

Step 2: Create a New User

1. Navigate to the "Accounts" Section Again:

   • Go to Accounts -> Users.

2. Add a New User:

   • Click Add to create a new user.
   • Username: user_name (e.g., john).
   • Full Name: John Doe (optional).
   • Home Directory: Leave it blank or specify /mnt/user_pool/user_name/ (for example, /mnt/john_pool/john).
   • Primary Group: Select user_group from the dropdown (the one you created earlier).
   • Password: Set a password for the user (e.g., password123).
   • Save the user.

---

Step 3: Create a New Pool for the User

1. Navigate to the "Storage" Section:

   • Go to Storage -> Pools.

2. Create a New Pool:

   • Click Add to create a new pool.
   • Pool Name: user_pool (e.g., john_pool).
   • Disks: Select the disk(s) you want to allocate for the user’s pool.
   • Redundancy: Set the redundancy level (e.g., RAID-Z1, RAID-Z2, or no redundancy depending on your setup).
   • Save the pool.

---

Step 4: Create a Dataset for the User

1. Create a New Dataset:
   • After the pool is created, click on the three dots next to the pool you just created (e.g., john_pool) and select Add Dataset.
   • Dataset Name: user_name_data (e.g., john_data).
   • Compression: Choose whether to enable compression or leave it as None.
   • Record Size: Choose an appropriate record size (e.g., 128K).
   • Access Control List (ACL) Mode: Choose Unix (for standard Linux permissions).
   • Save the dataset.

---

Step 5: Set Permissions on the Dataset

1. Set Permissions for the Dataset:
   • After the dataset is created, click the three dots next to the dataset (e.g., john_data) and select Edit Permissions.
   • User: user_name (e.g., john).
   • Group: user_group (e.g., john_group).
   • Permissions:
     • For Owner (user): Check Read, Write, Execute.
     • For Group: Check Read, Write.
     • For Others: Set No Access.
   • Apply to save the changes.

---

Step 6: Create a Network Share (SMB or NFS)

Example: SMB Share

1. Navigate to the "Sharing" Section:

   • Go to Sharing -> Windows Shares (SMB).

2. Add a New SMB Share:

   • Click Add to create a new share.
   • Path: Select the path of the dataset you created earlier (e.g., /mnt/john_pool/john_data).
   • Name: john_share (or a name of your choice).
   • Purpose: Set this as Default Share (or as appropriate).
   • Enable the SMB share.

3. Configure ACL:

   • Click Add ACL Item.
   • Set:
     • User: john
     • Permissions: Set Read/Write.
   • Save the share.

4. Enable SMB Service:

   • Go to Services -> SMB.
   • Turn SMB on if it’s not already enabled.
   • Click the Start button.

5. Verify Access:

   • From a Windows machine, map the network drive to \\truenas_scale_ip\john_share using the username john and the password you set.

Example: NFS Share

1. Navigate to the "Sharing" Section:

   • Go to Sharing -> Unix Shares (NFS).

2. Add a New NFS Share:

   • Click Add to create a new NFS share.
   • Path: Select the path of the dataset you created earlier (e.g., /mnt/john_pool/john_data).
   • Name: john_nfs_share.
   • Authorized Networks: You can leave it blank or add the network you want to grant access to.
   • Enable the NFS share.

3. Configure ACL:

   • Adjust the ACL as necessary for the NFS share, ensuring only john or the appropriate group can access it.

4. Enable NFS Service:

   • Go to Services -> NFS.
   • Turn NFS on if it’s not already enabled.
   • Click Start.

---

Step 7: Test the Configuration

1. Access the Share:
   • From the user’s machine, access the SMB or NFS share and verify that the user has full access to the share and can create files, while others do not have access.
2. Confirm Dataset Permissions:
   • Verify that the dataset has the correct ownership and permissions by checking the folder’s access rights on TrueNAS SCALE.

---

Example Table:

Step	Action	Example Configuration
Step 1: Create Group	Create a new group for the user.	Group Name: john_group
Step 2: Create User	Create a new user and assign them to the group.	Username: john, Primary Group: john_group, Password: password123
Step 3: Create Pool	Create a new pool dedicated to the user.	Pool Name: john_pool, Disk: disk1, Redundancy: RAID-Z1
Step 4: Create Dataset	Create a dataset for the user in the new pool.	Dataset Name: john_data, Compression: None, ACL Mode: Unix
Step 5: Set Permissions	Assign permissions on the dataset for the user and their group.	User: john, Group: john_group, Permissions: Read/Write for user/group
Step 6: Create Share	Create an SMB or NFS share for the dataset.	Share Name: john_share, Path: /mnt/john_pool/john_data
Step 7: Test	Access the share and verify permissions.	SMB Share: \\truenas_scale_ip\john_share (User: john, Password: password123)

---

Notes:

• Backup: Always back up important configurations and data before making significant changes.
• Isolation: Ensure that the user’s pool, group, dataset, and share settings are fully isolated from other users and groups.
• Security: Regularly audit permissions and access controls to ensure that only authorized users can access their respective shares and datasets.

By following this guide, you’ll create an isolated environment for a new user in TrueNAS SCALE, with their own pool, dataset, and share while ensuring that existing configurations remain unaffected.