Register for the iXsystems Community to get an ad-free experience and exclusive discounts in our eBay Store.

[How-To] Giving Plugins Write Permissions to Your Data

Status
Not open for further replies.

Joshua Parker Ruehlig

FreeNAS Expert
Joined
Dec 5, 2011
Messages
5,952
In order for your plugin to be able to write to your data datasets/folders it must have..
  1. access to your data dataset/folders
  2. permissions to write to your data folders.

1) MAKING DATA ACCESSIBLE TO YOUR PLUGIN'S JAIL

  • It is preferred that your data reside on a dataset(s) outside of your jail that you regularly snapshot and backup.
  • FreeNAS plugins, by default, have no access to files residing outside of its jail.
2) PERMISSIONS
Choose one of the 4 solutions to give your plugin write permission to your data folders.

FACTS

  • Every folder/file has a UNIX permission level, UID ownership, and GID ownership, which determines which user/group members can read/write to that folder/file. Basic UNIX permissions are described in the opening part of Chapter 4, Part 4, of the FreeBSD handbook.
  • Jails and the FreeNAS host do not share user/group databases. They only associate UIDs/GIDs to users/groups if that mapping exists in it's particular user/group database.
  • Processes running inside a jail's userland (plugins) are permitted to read/write files/folders according to the jail's user/group database.
  • By default, most plugins run as a specific user, with a specific UID, and keep their configuration/databases/logs in what I will refer to as a data-directory.
    • SERVICE - USER (UID) - DATA-DIRECTORY
    • transmission - transmission (921) - /var/db/transmission
    • sabnzbd - media (816) - /var/db/sabnzbd
    • sickbeard - media (816) - /var/db/sickbeard
    • sickrage - media (816) - /var/db/sickrage
    • sonarr - media (816) - /var/db/sonarr
    • couchpotato - media (816) - /var/db/couchpotato
    • headphones - media (816) - /var/db/headphones
    • madsonic - subsonic (844) - /var/madsonic
    • mylar - media (816) - /var/db/mylar
    • xdm - media (816) - /var/db/xdm
    • maraschino - media (816) - /var/db/maraschino
    • htpc-manager - media (816) - /var/db/htpc-manager
    • plexmediaserver - plex (972) - /var/db/plexdata
    • emby-server - emby (989) - /var/db/emby-server
    • subsonic - media (816) - /var/db/subsonic
    • btsync - btsync (817) - /var/db/btsync
    • syncthing - syncthing (983) - /var/db/syncthing
NOTE
  • Never change the ownership or permission levels of Jail datasets. These contain operating system and application files that will not work properly if changed. Only ever change ownership or permission levels of datasets that contain only your data and that are mounted into your Jail(s).
SOLUTION 1 - USER WRITEABLE
  • Add a user in the FreeNAS WebUI with a matching UID as the plugin's default user.
  • Change ownership of the data dataset/folders to the newly added user.
SOLUTION 2 - USER WRITEABLE
  • In the jail, add a user with a matching UID as the owner of the data dataset/folders.
    • Code:
      pw useradd -n USER -u UID -d /nonexistent -s /usr/sbin/nologin
  • In the jail, change the user the plugin runs as, and change ownership of the data-directory.
    • Code:
      service PLUGIN onestop
      chown -R USER:GROUP /var/db/PLUGIN
      sysrc 'PLUGIN_user=USER'
      service PLUGIN start
SOLUTION 3 - GROUP WRITEABLE
  • Change permission of the data dataset/folders to allow group writing.
  • In the jail, add a group with a matching GID as the group owner of the data dataset/folders.
    • Code:
      pw groupadd -n GROUP -g GID
  • In the jail, add the user the plugin runs as to the newly added group.
    • Code:
      pw groupmod GROUP -m USER
SOLUTION 4 - OTHER WRITEABLE
  • Change permission of the data dataset/folder to allow other writing.
 
Last edited:

CyrilP

Newbie
Joined
Jan 31, 2015
Messages
14
Basically your just have to ensure that the user owning the files on your dataset has the same uid/gid that the user used in your jail to run the processes.
 

Supa

FreeNAS Experienced
Joined
Jan 10, 2014
Messages
204
So I have an issue where I have to rm -r "" any folder that gets downloaded from transmission.

Transmission downloads to /media/downloads

here are the permissions I have:



Basically i press delete through CIFS and it delete's everything but the folder.. so basically there's an empty folder there I can't delete through CIFS. I therefore use the rm - r "folder name" to get rid of it.

Any ideas? I have unmask set to "0".
 

Joshua Parker Ruehlig

FreeNAS Expert
Joined
Dec 5, 2011
Messages
5,952
So I have an issue where I have to rm -r "" any folder that gets downloaded from transmission.

Transmission downloads to /media/downloads

here are the permissions I have:



Basically i press delete through CIFS and it delete's everything but the folder.. so basically there's an empty folder there I can't delete through CIFS. I therefore use the rm - r "folder name" to get rid of it.

Any ideas? I have unmask set to "0".
This has nothing to do with the plugin having write permissions to your data dataset/folders.
Sounds like your issue has to do with CIFS. I don't use Windows/CIFS =/
 
Joined
Feb 1, 2015
Messages
7
Solution 3 worked for one of the jails, thanks! :)

Solution 2 would be better for the other, but it doesn't work since there is no /var/db/transmission. Any idea where I need to look to change the owner for Transmission?
 
Last edited:

Joshua Parker Ruehlig

FreeNAS Expert
Joined
Dec 5, 2011
Messages
5,952
Solution 3 worked for one of the jails, thanks! :)

Solution 2 would be better for the other, but it doesn't work since there is no /var/db/transmission. Any idea where I need to look to change the owner for Transmission?
if you check the first show button it show the actual location. but... specifically for transmission you don't need to change the ownership for the data-directory because it always does this when it's started.
 

Joshua Parker Ruehlig

FreeNAS Expert
Joined
Dec 5, 2011
Messages
5,952
yes, a make sure to stop the plugin before and start it after. just skip the chown step.
 
Joined
Feb 1, 2015
Messages
7
Ok, still having problems with Solution 2...

The dataset is owned by bob:bob, this user/group also exists in the jail with the same UID:GID, created per your instructions. Used sysrc 'transmission=bob' and got transmission: bob -> bob as reply on the command line. The dataset is mounted properly in the jail, I can navigate to it and see the permissions as bob:bob. But I still get permission denied errors when adding a torrent.

What else can I check?
 

Joshua Parker Ruehlig

FreeNAS Expert
Joined
Dec 5, 2011
Messages
5,952
@Bobberino
it should be transmission_user= not transmission=
 

Joshua Parker Ruehlig

FreeNAS Expert
Joined
Dec 5, 2011
Messages
5,952

Bobbyg387

Newbie
Joined
Jan 31, 2015
Messages
32
Hello Joshua, I can't believe that I am still having permission issues, but I am and I want it to go away.

Basically, I have follwed your directions, but at the advice from another user, just made one dataset named "media" that resides on my volume along with, but outside the jails. This dataset is owned by nodody (UID 65534) and nogroup (GID 65534)

Starting with the Transmission jail, when I enter the shell, I'm logged in as root. When I try to enter /media/ dataset, I get a permission denied error.

How would you recommend I proceed forward?
 

Joshua Parker Ruehlig

FreeNAS Expert
Joined
Dec 5, 2011
Messages
5,952
Hello Joshua, I can't believe that I am still having permission issues, but I am and I want it to go away.

Basically, I have follwed your directions, but at the advice from another user, just made one dataset named "media" that resides on my volume along with, but outside the jails. This dataset is owned by nodody (UID 65534) and nogroup (GID 65534)

Starting with the Transmission jail, when I enter the shell, I'm logged in as root. When I try to enter /media/ dataset, I get a permission denied error.

How would you recommend I proceed forward?
to clarify your media dataset is mounted to /media in the jail? what do you mean enter, using the 'cd' command?
 

Joshua Parker Ruehlig

FreeNAS Expert
Joined
Dec 5, 2011
Messages
5,952
Here's how it looks. I have a feeling it might not be right, but maybe you can tell me.
did you mount the media dataset into your respective jails as I explain in point #1 of the opening post?
 

Bobbyg387

Newbie
Joined
Jan 31, 2015
Messages
32
Here is how my jail storage is setup. I did mount the media dataset to each jail. I think my problem lies in the permissions. I setup each plugin to access it's respective folder, with in the dataset, but my downloads aren't processing through to the folders. I can access the main media folder and each of the folders within, through my windows gui on my network. I can add and delete those folders, but the downloads aren't showing up.
 

Attachments

Joshua Parker Ruehlig

FreeNAS Expert
Joined
Dec 5, 2011
Messages
5,952
Here is how my jail storage is setup. I did mount the media dataset to each jail. I think my problem lies in the permissions. I setup each plugin to access it's respective folder, with in the dataset, but my downloads aren't processing through to the folders. I can access the main media folder and each of the folders within, through my windows gui on my network. I can add and delete those folders, but the downloads aren't showing up.
OK it looks like you correctly made the dataset available to the jail. what exactly is your issue then? I thought you said you couldn't enter the directory from within the jail. I assume when you say you can't access a directory using root that you mean from the jail's command line you tried 'cd /media' and that didn't work?

I don't deal with windows...
 

sdgenxr

FreeNAS Experienced
Joined
Sep 4, 2014
Messages
106
Ok, another total noob to FreeNas here. I've created a user Jails that belongs to the wheel group with a UID of 1003. Ideally, I'd like to use Solution 2 so that each jail has access to write to the dataset that's mounted to each jail.

Creating the user inside the jail seemed to work without a hitch. However, when I try to complete the second step in Solution 2 is where I think I'm getting hung up. Here's what the it looks like when I submit the commands. Maybe I missed a step or something?

Code:
root@sickbeard_1:/ # service sickbeard onestop                               
Stopping sickbeard.                                                          
Waiting for PIDS: 75222.                                                     
root@sickbeard_1:/ # chown -R Jails:WHEEL /var/db/sickbeard                  
chown: WHEEL: illegal group name                                             
root@sickbeard_1:/ # chown -R Jails:wheel /var/db/sickbeard                  
root@sickbeard_1:/ # sysrc 'PLUGIN_user=Jails'                               
PLUGIN_user: Jails -> Jails                                                  
root@sickbeard_1:/ # service sickbeard start                                 
Starting sickbeard.                                                          
Data directory: /var/db/sickbeard must be writable (write permissions). Exiting.
/usr/local/etc/rc.d/sickbeard: WARNING: failed to start sickbeard 


Now I can't even get sickbeard to restart!?
 
Last edited:
Status
Not open for further replies.
Top