user.update¶
Update attributes of an existing user.
No Additional Items
Tuple Validation
Parameter 1: id
id
Type: integerParameter 2: user_update
user_update
Type: objectNo Additional Properties
Username
Type: stringString used to uniquely identify the user on the server. In order to be portable across systems, local user names must be composed of characters from the POSIX portable filename character set (IEEE Std 1003.1-2024 section 3.265). This means alphanumeric characters, hyphens, underscores, and periods. Usernames also may not begin with a hyphen or a period.
Home
Type: stringThe local file system path for the user account's home directory.
Typically, this is required only if the account has shell access (local or SSH) to TrueNAS.
This is not required for accounts used only for SMB share access.
Must be at least 1 characters long
Shell
Type: stringAvailable choices can be retrieved with user.shell_choices.
Must be at least 1 characters long
Full Name
Type: stringComment field to provide additional information about the user account. Typically, this is the full name of the user or a short description of a service account. There are no character set restrictions for this field. This field is for information only.
Must be at least 1 characters long
Smb
Type: booleanThe user account may be used to access SMB shares. If set to true then TrueNAS stores an NT hash of the user account's password for local accounts. This feature is unavailable for local accounts when General Purpose OS STIG compatibility mode is enabled. If set to true the user is automatically added to the builtin_users group.
Userns Idmap
Specifies the subuid mapping for this user. If DIRECT then the UID will be directly mapped to all containers. Alternatively, the target UID may be explicitly specified. If null, then the UID will not be mapped.
NOTE: This field will be ignored for users that have been assigned TrueNAS roles.
Must be one of:
- "DIRECT"
- null
Value must be greater or equal to 1 and lesser or equal to 4294967294
Group
The group entry id for the user's primary group. This is not the same as the Unix group gid value. This is required if group_create is false.
Groups
Type: array of integerList of additional groups to which the user belongs. NOTE: Groups are identified by their group entry id, not their Unix group ID (gid).
Each item of this array must be:
Password Disabled
Type: booleanIf set to true password authentication for the user account is disabled.
NOTE: Users with password authentication disabled may still authenticate to the TrueNAS server by other methods, such as SSH key-based authentication.
NOTE: Password authentication is required for smb users.
Ssh Password Enabled
Type: booleanAllow the user to authenticate to the TrueNAS SSH server using a password.
WARNING: The established best practice is to use only key-based authentication for SSH servers.
Sshpubkey
SSH public keys corresponding to private keys that authenticate this user to the TrueNAS SSH server.
Locked
Type: booleanIf set to true the account is locked. The account cannot be used to authenticate to the TrueNAS server.
Sudo Commands
Type: array of stringA list of commands the user may execute with elevated privileges. User is prompted for password when executing any command from the list.
No Additional ItemsEach item of this array must be:
Must be at least 1 characters long
Sudo Commands Nopasswd
Type: array of stringA list of commands the user may execute with elevated privileges. User is not prompted for password when executing any command from the list.
No Additional ItemsEach item of this array must be:
Must be at least 1 characters long
Email address of the user. If the user has the FULL_ADMIN role, they will receive email alerts and notifications.
Home Create
Type: booleanCreate a new home directory for the user in the specified home path.
Home Mode
Type: stringFilesystem permission to set on the user's home directory.
Password
The password for the user account. This is required if random_password is not set.
Must be at least 1 characters long
Random Password
Type: booleanGenerate a random 20 character password for the user.
UserCreateUpdateResult
Type: objectNo Additional Properties
Id
Type: integerThis is the API identifier for the user. Use this ID for user.update and user.delete API calls. This ID also appears in the users array for each group entry in group.query results.
NOTE: For users from a directory service, the id is calculated by adding 100000000 to the uid. This ensures consistent API results. You cannot change directory service accounts through TrueNAS.
Uid
Type: integerA non-negative integer used to identify a system user. TrueNAS uses this value for permission checks and many other system purposes.
Username
A string used to identify a user. Local accounts must use characters from the POSIX portable filename character set.
Must be at least 1 characters long
Unixhash
Hashed password for local accounts. This value is null for accounts provided by directory services.
Smbhash
NT hash of the local account password for smb users. This value is null for accounts provided by directory services or non-SMB accounts.
Home
Type: string Default: "/var/empty"The local file system path for the user account's home directory.
Typically, this is required only if the account has shell access (local or SSH) to TrueNAS.
This is not required for accounts used only for SMB share access.
Must be at least 1 characters long
Shell
Type: string Default: "/usr/bin/zsh"Available choices can be retrieved with user.shell_choices.
Must be at least 1 characters long
Full Name
Type: stringComment field to provide additional information about the user account. Typically, this is the full name of the user or a short description of a service account. There are no character set restrictions for this field. This field is for information only.
Builtin
Type: booleanIf true, the user account is an internal system account for the TrueNAS server. Typically, one should create dedicated user accounts for access to the TrueNAS server webui and shares.
Smb
Type: boolean Default: trueThe user account may be used to access SMB shares. If set to true then TrueNAS stores an NT hash of the user account's password for local accounts. This feature is unavailable for local accounts when General Purpose OS STIG compatibility mode is enabled. If set to true the user is automatically added to the builtin_users group.
Userns Idmap
Default: nullSpecifies the subuid mapping for this user. If DIRECT then the UID will be directly mapped to all containers. Alternatively, the target UID may be explicitly specified. If null, then the UID will not be mapped.
NOTE: This field will be ignored for users that have been assigned TrueNAS roles.
Must be one of:
- "DIRECT"
- null
Value must be greater or equal to 1 and lesser or equal to 4294967294
Group
Type: objectThe primary group of the user account.
Groups
Type: array of integerList of additional groups to which the user belongs. NOTE: Groups are identified by their group entry id, not their Unix group ID (gid).
Each item of this array must be:
Password Disabled
Type: boolean Default: falseIf set to true password authentication for the user account is disabled.
NOTE: Users with password authentication disabled may still authenticate to the TrueNAS server by other methods, such as SSH key-based authentication.
NOTE: Password authentication is required for smb users.
Ssh Password Enabled
Type: boolean Default: falseAllow the user to authenticate to the TrueNAS SSH server using a password.
WARNING: The established best practice is to use only key-based authentication for SSH servers.
Sshpubkey
Default: nullSSH public keys corresponding to private keys that authenticate this user to the TrueNAS SSH server.
Locked
Type: boolean Default: falseIf set to true the account is locked. The account cannot be used to authenticate to the TrueNAS server.
Sudo Commands
Type: array of stringA list of commands the user may execute with elevated privileges. User is prompted for password when executing any command from the list.
No Additional ItemsEach item of this array must be:
Must be at least 1 characters long
Sudo Commands Nopasswd
Type: array of stringA list of commands the user may execute with elevated privileges. User is not prompted for password when executing any command from the list.
No Additional ItemsEach item of this array must be:
Must be at least 1 characters long
Email address of the user. If the user has the FULL_ADMIN role, they will receive email alerts and notifications.
Local
Type: booleanIf true, the account is local to the TrueNAS server. If false, the account is provided by a directory service.
Immutable
Type: booleanIf true, the account is system-provided and most fields related to it may not be changed.
Twofactor Auth Configured
Type: booleanIf true, the account has been configured for two-factor authentication. Users are prompted for a second factor when authenticating to the TrueNAS web UI and API. They may also be prompted when signing in to the TrueNAS SSH server using a password (depending on global two-factor authentication settings).
Sid
The Security Identifier (SID) of the user if the account an smb account. The SMB server uses this value to check share access and for other purposes.
Last Password Change
The date of the last password change for local user accounts.
Password Age
The age in days of the password for local user accounts.
Password History
This contains hashes of the ten most recent passwords used by local user accounts, and is for enforcing password history requirements as defined in system.security.
No Additional Items
Each item of this array must be:
Password Change Required
Type: booleanPassword change for local user account is required on next login.
Roles
Type: array of stringList of roles assigned to this user's groups. Roles control administrative access to TrueNAS through the web UI and API.
No Additional ItemsEach item of this array must be:
Api Keys
Type: array of integerNo Additional Items
Each item of this array must be:
Password
Password if it was specified in create or update payload. If random_password was specified then this will be a 20 character random string.
Must be at least 1 characters long
Required roles: ACCOUNT_WRITE