Hello,
I need to set up home directories for a couple of my administrator accounts on my TrueNAS server. Mostly, I want to enable SSH public key authentication for them, and I can’t do that without a $HOME/.ssh/keys/
directory for each user on the server.
I’m having trouble finding a tutorial on how to do this, especially if I want to use a parent dataset (e.g., UserHomes
) with child datasets for each individual user. (Maybe that’s not the best way? If I’m overcomplicating this, please let me know. )
The closest I’ve found is this tutorial for SMB Home Shares, which is depreciated and not recommended for new server setups. See: Setting Up SMB Home Shares | TrueNAS Documentation Hub. They flat out tell you not to use it, but not what to do instead, which is … not awesome.
Current best practice on the TrueNAS forums seems to assume you have an Active Directory server set up to replace the old Home Shares feature. I don’t, and would rather not have to learn (1) what Active Directory is and (2) how to set it up just to have a place to put my users’ public keys.
If I do have to do that, I’d love some advice on the simplest, easiest way to learn to do it.
Some of the questions I have:
-
Which Dataset Preset (see: Datasets | TrueNAS Documentation Hub)? My big concern is that I don’t understand from reading the docs what I’m locking myself into and can’t change later if I choose a certain dataset preset, so I want to make sure I get it right the first time.
1.1. I suspectgeneric
, which should map most directly to a Linux home directory file and permissions structure, as I’m not looking to share these folders but might want to access them via SSH.
1.2. I also think that withgeneric
, I could use NFS later if I needed to?
1.3. However, I can’t rule out ever wanting to access via SMB, so maybe I should chooseMultiprotocol
? -
Who should be the owner? Which group?
2.1 My current plan is to set up a userShareAdmin
that owns and has Full Control over the dataset and all its child datasets where each individual user’s home directory lives.
2.2. I’d give each user Modify rights on their own child dataset.
2.3. Once the user has Modify rights, I think I can just go in and activate the Home directory for the user and assign the correct dataset, and be done. -
If the above approach won’t work, what is the best approach without using an Active Directory server?
If someone has a working configuration for this and would be able to share, I’d really appreciate it. Not being able to turn on SSH or have a place to put scripts to do things like automated rsync jobs has made certain things unnecessarily difficult. (I’ve already experienced the web-shell crashing out during long rsync operations, which has been … neat.)
Thanks!