Register for the iXsystems Community to get an ad-free experience and exclusive discounts in our eBay Store.

Are permissions different in iocage jail?

indivision

FreeNAS Experienced
Joined
Jan 4, 2013
Messages
315
Thanks
29
#1
I am trying to get qbittorrent to write downloaded files to a mounted share with permissions allowable for a user outside of the jail. I already have the plugin installed, mount attached, downloads working. But, the permissions are not right.

I have followed the 1, 2 and 3 options from this popular permissions tutorial: https://forums.freenas.org/index.ph...plugins-write-permissions-to-your-data.27273/

None of them worked. After all 3 of those changes, the files continue to be written to the mounted share with permissions only for the jail root.

Is there an updated permissions guide for FreeNAS 11.2 beta 3? Something that covers qbittorrent specifically?

If not, can someone please advise on how to set this up?

Thank you.
 

kdragon75

FreeNAS Expert
Joined
Aug 7, 2016
Messages
2,390
Thanks
555
#2
Users from inside the jail are mapped by the user/group ID #. So on the host if your personal account is "Jason" with an ID# of 1005, you should have a user in the jail with the ID # 1005. Thats if I remember correctly.
 

kdragon75

FreeNAS Expert
Joined
Aug 7, 2016
Messages
2,390
Thanks
555
#3
if all else fails you could run umask 111 in the download folder. By default all new files will be r/w for EVERYONE but not executable.
 

indivision

FreeNAS Experienced
Joined
Jan 4, 2013
Messages
315
Thanks
29
#4
Thank you. I have a user set up that maps out to the user with permissions I would like.

The problem is that I followed the way that guide says to apply the new user to the service and it doesn't seem to have worked. Or, if it is running the service as the right user, the files are still ending up being "owned" by the jails root user which doesn't work.

I would prefer to not use umask if possible. But, as a last resort, how can umask be applied to a folder like that?
 

garm

FreeNAS Expert
Joined
Aug 19, 2017
Messages
1,129
Thanks
302
#5
Option 3 is my preferred methods and it works like a charm in iocage. If you show us what you did we might be able to help you spot the typo or misunderstanding.
 

indivision

FreeNAS Experienced
Joined
Jan 4, 2013
Messages
315
Thanks
29
#6
Thank you garm.

This is what I did:

Code:
pw groupadd -n new_trivialis -g 1008


Code:
pw groupmod new_trivialis -m root


There is another user that has new_trivialis as an auxiliary group and access to the share. Confirmed that all permissions are working fine for that user (add, delete folders).

qbittorrent does (and has always) successfully written to the location. But, when I attempt to delete the files with the above user via a Windows connection, I get an error message saying: "You require permission from Unix User\root to make changes to this folder"
 

indivision

FreeNAS Experienced
Joined
Jan 4, 2013
Messages
315
Thanks
29
#7
I looked at the Windows security information for that folder. It does correctly show the trivialis_new group listed. However, the permissions it is granting for that group are not what they are set as in FreeNAS. They are read-only. (I do not have that mount set as read-only in the jails GUI). The permissions for that entire dataset are 774 with root as owner and trivialis_new as group.

I'm wondering now if this isn't an issue involving Windows' handling of permissions. Maybe something that changed with 11.2 beta 3?
 

garm

FreeNAS Expert
Joined
Aug 19, 2017
Messages
1,129
Thanks
302
#8
Okey, you are mixing topics wildly. If we are talking about FreeNAS/Jail permissions it has nothing to do with Windows..

Where did you run those commands? Who is member of that group and where? What user is the torrent thing using? What exactly did you change? What is the output of sysrc -a in the jail?
 

indivision

FreeNAS Experienced
Joined
Jan 4, 2013
Messages
315
Thanks
29
#9
The end goal is to be able to manipulate the files as needed from a Windows machine that accesses the share. The jail downloads them to the share. Everything is working except for the manipulate from windows part.

I ran those commands in the shell for the qbittorrent jail.

After the commands, the root user of the jail is a member of the group. Also a second user from the FreeNAS install is a member of the group. Of course, the group in the jail is using the same GID as a group in FreeNAS.

qbittorrent is a FreeNAS plugin. It looks like root is using it.

The other change I made was a setting in rc.conf to attempt to change the user of qbittorrent. (You will see this below). But, that didn't appear to work as the files still show as owned by "Unix User\root" in Windows.

Output of sysrc -a:

Code:
root@qbittorrent:~ # sysrc -a
cron_flags:  -J 15
host_hostname: qbittorrent
ifconfig_epair0b: DHCP
ipv6_activate_all_interfaces: YES
qbittorrent_user: jmil2
sendmail_enable: NONE
sendmail_msp_queue_enable: NO
sendmail_outbound_enable: NO
sendmail_submit_enable: NO
syslogd_flags: -c -ss
 

garm

FreeNAS Expert
Joined
Aug 19, 2017
Messages
1,129
Thanks
302
#10
Sins you don’t have the torrent service enabled in rc.conf I guess the plugin is built some other way. The changed user proabobly isn’t applied. I have no idea how the plugins work as I don’t use them. You need to find the rc.d script for the torrent service and change that directly maybe. But that proabobly breaks updates.
 

indivision

FreeNAS Experienced
Joined
Jan 4, 2013
Messages
315
Thanks
29
#11
Thank you for that. I've had a hunch that it was something like that. But, don't know enough about BSD to be sure. Haven't seen this kind of setup before.

Hopefully, someone is around that knows how the iocage plugins are set up?
 
Joined
Mar 7, 2013
Messages
17
Thanks
0
#12
I want to do the same thing. Has someone successfully changed the plugin so qbittorrent is able to run not as root and wheel? Or is it fine to change the uid/gid inside the jail from 0:0 to for example 91:1007 so the ids match the group and user outside the jail who should be able to own the smb share?
 
Top