[How-To] Giving Plugins Write Permissions to Your Data

Status
Not open for further replies.

Joshua Parker Ruehlig

Hall of Famer
Joined
Dec 5, 2011
Messages
5,949
I am trying to follow solution #3 and was able to do "pw groupadd -n GROUP -g GID" with no problem, however with "pw groupmod GROUP -m USER", I am getting an error saying " 'user' does not exist ", there's already an user created under Users on Freenas GUI which I don't understand.
the user needs to exist in the jail (see the 2nd point under 'facts').
this needs to be the user the plugin is running as.
 

Joshua Parker Ruehlig

Hall of Famer
Joined
Dec 5, 2011
Messages
5,949
SOLUTION 2 - USER WRITEABLE
  • In the jail, add a user with a matching UID as the owner of the data dataset/folders.
    • Code:
      pw useradd -n USER -u UID -d /nonexistent -s /usr/sbin/nologin
  • In the jail, change the user the plugin runs as, and change ownership of the data-directory.
    • Code:
      service PLUGIN onestop
      chown -R USER:GROUP /var/db/PLUGIN
      sysrc 'PLUGIN_user=USER'
      service PLUGIN start

Hi,

Do I need to replace the word "PLUGIN" with something?

thanks,
Ric
yes everything that is all caps should be replaced
 

Sam L.

Cadet
Joined
Mar 22, 2015
Messages
5
+1 thanks for this clear, concise, perfect explanation. I am new to FreeNAS and jails and this was awesome for turning on the light for me!
 

Joshua Parker Ruehlig

Hall of Famer
Joined
Dec 5, 2011
Messages
5,949
Hi Joshua,
the steps are valid for Freenas Corral dockers too ?
I'm not sure but I assume some things will work differently. docker images are a Linux userland in FreeNAS's implementation.
 

ajlanga

Cadet
Joined
Apr 15, 2016
Messages
5
I'm trying to run a jail with HandBrakeCLI installed. I keep getting the error below (only the very end is posted for brevity). I think it's a problem with the destination directory permissions for HandBrake. Does anyone know what the permissions for this folder should be? Currently they are set to root:wheel.

x265 [info]: Rate Control / qCompress : CRF-18.0 / 0.60
x265 [info]: tools: rd=3 psy-rd=2.00 rskip signhide tmvp strong-intra-smoothing
x265 [info]: tools: deblock sao
ERROR: avio_open2 failed, errno -21
Encoding: task 1 of 1, 0.00 %[00:14:39] work: average encoding speed for job is 0.000000 fps
[00:14:40] vfr: lost time: 0 (0 frames)
[00:14:40] vfr: gained time: 0 (0 frames) (0 not accounted for)
Encoding: task 1 of 1, 0.00 %[00:14:40] aac-decoder done: 0 frames, 0 decoder errors
[00:14:40] aac-decoder done: 0 frames, 0 decoder errors
[00:14:40] h264-decoder done: 0 frames, 0 decoder errors
[00:14:40] sync: got 0 frames, 48929 expected

encoded 0 frames
[00:14:40] mux: track 0, 0 frames, 0 bytes, 0.00 kbps, fifo 8
[00:14:40] mux: track 1, 0 frames, 0 bytes, 0.00 kbps, fifo 8
[00:14:40] mux: track 2, 0 frames, 0 bytes, 0.00 kbps, fifo 8
[00:14:40] libhb: work result = 3

Encode failed (error 3).

HandBrake has exited.
 

Joshua Parker Ruehlig

Hall of Famer
Joined
Dec 5, 2011
Messages
5,949
I'm trying to run a jail with HandBrakeCLI installed. I keep getting the error below (only the very end is posted for brevity). I think it's a problem with the destination directory permissions for HandBrake. Does anyone know what the permissions for this folder should be? Currently they are set to root:wheel.

x265 [info]: Rate Control / qCompress : CRF-18.0 / 0.60
x265 [info]: tools: rd=3 psy-rd=2.00 rskip signhide tmvp strong-intra-smoothing
x265 [info]: tools: deblock sao
ERROR: avio_open2 failed, errno -21
Encoding: task 1 of 1, 0.00 %[00:14:39] work: average encoding speed for job is 0.000000 fps
[00:14:40] vfr: lost time: 0 (0 frames)
[00:14:40] vfr: gained time: 0 (0 frames) (0 not accounted for)
Encoding: task 1 of 1, 0.00 %[00:14:40] aac-decoder done: 0 frames, 0 decoder errors
[00:14:40] aac-decoder done: 0 frames, 0 decoder errors
[00:14:40] h264-decoder done: 0 frames, 0 decoder errors
[00:14:40] sync: got 0 frames, 48929 expected

encoded 0 frames
[00:14:40] mux: track 0, 0 frames, 0 bytes, 0.00 kbps, fifo 8
[00:14:40] mux: track 1, 0 frames, 0 bytes, 0.00 kbps, fifo 8
[00:14:40] mux: track 2, 0 frames, 0 bytes, 0.00 kbps, fifo 8
[00:14:40] libhb: work result = 3

Encode failed (error 3).

HandBrake has exited.
"root:wheel" is the owner and group of the folder, but that does not tell us the permission level.
1) show the current permission level with "ls -l /path/to folder"
2) figure out/decide what user the handbrake-cli process will run as
3) pick a solution owner, group, or guest write
4) implement the chosen solution (and we can help with that)
 

EsTaF

Contributor
Joined
Sep 20, 2013
Messages
163
>>Add a user in the FreeNAS WebUI with a matching UID as the plugin's default user.
which is the group must be there?
what is shel for it?
Must I disable pass/login for it
seconsary groups etc.


>>Change ownership of the data dataset/folders to the newly added user.
There is already the owner. for samba. And for all: zfs and BSD OS can use nfsv4 acl's. Why do people never write about it? use chmod/chown, but not setfacl.

>>chown -R USER:GROUP /var/db/PLUGIN
what is the group for it there?

>>Change permission of the data dataset/folder to allow other writing.
understand nothing
 

Joshua Parker Ruehlig

Hall of Famer
Joined
Dec 5, 2011
Messages
5,949
>>Add a user in the FreeNAS WebUI with a matching UID as the plugin's default user.
which is the group must be there?
what is shel for it?
Must I disable pass/login for it
seconsary groups etc.

it doesnt need to be a specific group, 'nobody' is fine.
the shell is what command shell the user will use, i suggest 'nologin'
you dont need to, but i suggedt you do disable it

>>Change ownership of the data dataset/folders to the newly added user.
There is already the owner. for samba. And for all: zfs and BSD OS can use nfsv4 acl's. Why do people never write about it? use chmod/chown, but not setfacl.

i dont know. i dont use ACLs, i only understand UNIX permissions

>>chown -R USER:GROUP /var/db/PLUGIN
what is the group for it there?

no reason, you can remove it

>>Change permission of the data dataset/folder to allow other writing.
understand nothing

im not sure what you are asking? if you want to use this solution you can change ther permissions in the commandline or the freenas webui
 

Sunwind

Cadet
Joined
Apr 12, 2017
Messages
1
I just want to do the simplest / brute-force / insecure way of doing it, which looks like option 4?
But when I try to change dataset from windows to unix and apply other permission I get this:
DlAGAjD.png


I'm hoping to have plex/transmission/sickrage/etc all run fine together and this seems like the simplest way re; folder persmisssions, just ain't working.

thanks in advance.
 

Joshua Parker Ruehlig

Hall of Famer
Joined
Dec 5, 2011
Messages
5,949
I just want to do the simplest / brute-force / insecure way of doing it, which looks like option 4?
But when I try to change dataset from windows to unix and apply other permission I get this:
DlAGAjD.png


I'm hoping to have plex/transmission/sickrage/etc all run fine together and this seems like the simplest way re; folder persmisssions, just ain't working.

thanks in advance.
can you show the output of...
Code:
ls -l /mnt/Orbital-SSD/Transmission/Downloads
ls -l /mnt/Orbital-SSD/Transmission/Downloads/Complete


Also, doing what you show will not remove windows ACLs from existing files/folders. I think there is a command you need to run to get rid of those.
 

pintu1228

Explorer
Joined
Mar 16, 2015
Messages
61
Hi, quick question, I have setup several plugins (sonarr, nzbgrt, radarr and transmission) in 1 jail. I have installed them using via ports instead of pkg.

The issue is by following option 2 for the user permission, when I type in chmod step with the path to each of the plugins it says 'no file or directory found'

Also what is the path for nzbget and radarr, I can't seem to find them.

On a side note, I am able to get permissions working as option 4, but after my movie downloaded and plex updates the library, the movie says it's unavailable.

Any help would be great.
 

Morktral

Cadet
Joined
Sep 27, 2016
Messages
7
Hello,

just to be sure if I understood everything correctly.

In my Sonarr jail I did ls -l /media and got:

drwxrwxrwx 256 777 wheel 256 Oct 1 07:49 download

So the user of this folder is 777 and the GID is wheel right?

Then i have to do:

pw groupadd -n 777 -g wheel

and

pw groupmod 777 -m media?

Or am I totally confused?

Maybe somebody can shed a little bit of light for me?
 

Cytomax

Explorer
Joined
Nov 29, 2015
Messages
67
I'm sure someone with more experience and knowledge will chime in but your output for ls -l is a little odd
256 links with a file size of 256 is strange... also a username of 777 is wierd... usually 777 is the number people use to give full readwrite access to a file... not saying it's not possible just strange output

This may help explain the fields

http://www.thegeekstuff.com/2009/07/linux-ls-command-examples/
 

interstat

Cadet
Joined
Nov 19, 2017
Messages
4
noob here...

Got a new install up, and everything looks great, but like a lot of people, having trouble with the transmission plugin.

Ideally, I'd like to make transmission run as the "media" user, like the sabnzbd plugin, so it can share output directories. But I just can't get it to work. Has the process changed for 11.1? setting
Code:
transmission_user="media"
in the rc.conf for the transmission jail doesn't seem to do anything.

Also, I've noticed that if I mess about with the ownership of the transmission data directory, my changes all get reset during a plugin restart. Is this normal?
 

interstat

Cadet
Joined
Nov 19, 2017
Messages
4
Hello,

just to be sure if I understood everything correctly.

In my Sonarr jail I did ls -l /media and got:

drwxrwxrwx 256 777 wheel 256 Oct 1 07:49 download

So the user of this folder is 777 and the GID is wheel right?

Then i have to do:

pw groupadd -n 777 -g wheel

and

pw groupmod 777 -m media?

Or am I totally confused?

Maybe somebody can shed a little bit of light for me?

like Cytomax has said, that is weird. There is no user with id 777 in my default FreeNAS install. Are you sure you didn't type chown 777 download by accident at some point?
 

David A.

Cadet
Joined
Nov 25, 2017
Messages
1
Hi there. I am trying to setup an Emby server to access my media, but I'm having some troubles.

I am trying to implement solution 3, but since I don't know what user Emby runs by default, I used solution 2 to change the user Emby runs.

Here is what I have done that I thought would work but hasn't:

1. I have a dataset in my Freenas volume named "david" that I want Emby to access.
2. The "david" dataset's primary group is called embyServer who's Freenas GID is 1100.
3. I installed the Emby plugin.
4. I did the following in the jail running Emby:
Code:
service emby-server onestop
pw useradd -n embyServer -u 1100 -d /nonexistent -s /usr/sbin/nologin		(This also creates a group called embyServer with GID of 1100)
pw groupmod embyServer -m embyServer
chown -R embyServer:embyServer /var/db/emby-server
sysrc 'emby_server_user=embyServer'
service emby-server onestart



When I try to add the dataset "david" to Emby through the web portal, I get the error "Emby Server requires write access to this folder. Please ensure write access and try again."

Any ideas?

Thank you!
 

LIGISTX

Guru
Joined
Apr 12, 2015
Messages
525
I know what I am trying to do is pretty easy, but for some reason I can't seem to set it up correctly.

I am setting up Syncthing, I used the plugin tool to auto create the jail ect. and mounted my desired dataset to the jail's /mnt dir.

I created a new user in freenas named syncthing with UID 983 and added that user to the group that has write access to my /Data dataset (which the mounted dataset lives in, I have set up my SMB user accounts this way, seem to work fine..., o yea, good time to say I am a bit of a noob?)

When I go to create a folder to sync, I get:

Code:
2017-12-11 19:48:45: Creating directory for "test" (qtxgd-kj5nn): mkdir /mnt/RAID_Z2_9x4TB: permission denied

2017-12-11 19:48:45: Creating folder marker: folder path missing

2017-12-11 19:48:45: Error on folder "test" (qtxgd-kj5nn): folder path missing


I am not sure why, and I have tried creating a folder at many directories. That particular one is in the dataset, although I have tried to create a share folder within the jail's /mnt directory as well with the same issues.

I was originally able to get it working, but I did it "the wrong way" from what I gather. I set the entire jails permissions to read/write/execute to all in the webUI, but after reading this how-to that appears to be incorrect (and possibly less secure as well..? I very highly value security, but since I am a noob, I am not always 100% sure what actually dictates and compromises it.) so I went the path of creating a syncthing user.

Any advice?
 
Joined
Apr 9, 2015
Messages
1,258
Did you add the 983 UID to the same group as your samba owner in FreeNAS. Also probably will need to add a group inside of the plugin jail that corresponds with the GID and add the syncthing user to it in the jail as well.

My guess is you let FreeNAS just create a new group for syncthing user you created. Also will need to make the folder group writeable so that syncthing can write to it so I think the folder should be 77X (the X being what the world can do, so 0 if nothing 4 if read only 6 if read and write and 7 if anything and everything.)
 
Status
Not open for further replies.
Top