Help understanding file system permissions within Jails?

W

wardrop

Cadet
Joined
Sep 27, 2012
Messages
3
Hi all,

I'm trying to get Emby to work on FreeNAS. It's in it's own Jail, however it doesn't have access to the mount point I've created. Emby runs as the user "emby" within the jail, but the files within the mount point are set to "rwxrwx---", with "root" as owner, and "wheel" as group. Typically I'd just add "emby" to the wheel group, but that doesn't seem to work. I believe it's because the permissions are being enforced by the target of the mount point (within FreeNAS as opposed to the Jail), and the "emby" user doesn't seem to exist on the FreeNAS system, only witihn the jail, so I can't add "emby" to the "wheel" group on FreeNAS.

Further complicationg the issue is that I'm using Windows ACL's within the mount point target, so I can't just chmod/chown. I'm not entirely sure how to grant the "emby" user within the jail access to files within the mount point. Can someone point me in the right direction?

Thanks
 
artlessknave

artlessknave

Wizard
Joined
Oct 29, 2016
Messages
1,506
short version: get the emby user accounts UID within the jail, add emby to freenas with the jails UID#, give freenas emby user permissions to access the mount point files.

there has to be a user/UID match between the jail and the host for anything other than "other" permissions to apply. if you set the permissions in the mount point to chmod 777, it should work, but if you want anything more complex than that you need matching UIDs afaik.

long version: google. I remember there being a good write up on how to do so, but I can't find it. might be in the links in my signature.
i've done it before, however, i use all UNIX permissions, so I'm not sure how windows acl's affects it.
note that generally you dont want to give emby, or any service, direct root permissions of any kind, because if the service gets compromised, your system (or jail here) does as well
 
artlessknave

artlessknave

Wizard
Joined
Oct 29, 2016
Messages
1,506
ah, here it is, in the howto guides section.

[How-To] Giving Plugins Write Permissions to Your Data

In order for your plugin to be able to write to your data datasets/folders it must have.. access to your data dataset/folders permissions to write to your data folders. 1) MAKING DATA ACCESSIBLE TO YOUR PLUGIN'S JAIL It is preferred that your data reside on a dataset(s) outside of your jail...
www.ixsystems.com www.ixsystems.com
 
W

wardrop

Cadet
Joined
Sep 27, 2012
Messages
3
Thanks mate, much appreciated. I worked out after reading your replies and the thread you linked to that the ACL's shown with "getfacls" and set with "setfacls" reflect what's shown in the 'Security' tab when browsing the Samba share within Windows. I just gave "Everyone" read access to the two media folders I wanted Emby to have access to, and that did the trick.
 
You must log in or register to reply here.

Important Announcement for the TrueNAS Community.

The TrueNAS Community has now been moved. This forum will now become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums.

Related topics on forums.truenas.com for thread: "Help understanding file system permissions within Jails?"

Similar threads

oOMrYairOo
FreeNas 11.2 U6 and Emby Jail Plugin
Replies
2
Views
2K
oOMrYairOo
oOMrYairOo
L
  • Locked
File permissions in attached storage across jails
Replies
1
Views
1K
Joshua Parker Ruehlig
Joshua Parker Ruehlig
RalfR
  • Locked
Permissions and users in Jails
Replies
1
Views
3K
Joshua Parker Ruehlig
Joshua Parker Ruehlig
A
  • Locked
Trying to Lock Down Permissions on multi-user system
Replies
1
Views
714
Joshua Parker Ruehlig
Joshua Parker Ruehlig
avpullano
  • Locked
Why does my mount point recognize files in directories but not datasets? [SOLVED]
Replies
4
Views
6K
avpullano
avpullano
Top